The CyberWire Daily Briefing 12.04.14
news from the SINET Showcase 2014
Yesterday's sessions covered much interesting ground. We'll summarize two of the longer presentations here: Martin Brown's advice for security startups, and Stuart McClure's presentation on Operation Cleaver.
Martin Brown, Chief Security Architect, BT Security Enterprise, advised startups on how to approach large enterprise customers. His title ("But, my security product is AWESOME! Why don't you want it!?") suggests the challenges involved in breaking into the managed security service provider market. Brown's role at BT requires him to scout emerging opportunities and technologies, and he offered his insider's perspective on what a large company looks for in innovative security products.
Entrepreneurs should understand that they're effectively selling into a company's ecosystem. Consider a company like BT. It's in one hundred seventy countries, operates a significant number of SOCs, has some thirty thousand devices, etc. Security touches every aspect of BT's organization, and it has to work — it must be reliable. Brown suggested that security may usefully be thought of as having three aspects: 1) core, transactional security products, 2) proactive security, and 3) people and processes. A large but finite amount of data comes from core and proactivce security technology. Those data must be looked at for content, context, and costs.
Selling to a large enterprise involves understanding this context (and, he noted, when you develop a product, develop it with the assumption that it will find its way into the managed service market). Pose, and answer, well-formed questions framed in context. Don't just tell the customer that something on the network's bad. Tell them why it's bad, and where it's bad.
Context is essential not only to developing a product, but to deploying it. Managing a large enterprise can be very difficult. Make your system easy to manage within the customer's ecosystem. And be sure to explain the value of your product clearly. The customer can take you for granted if you don't show them your metrics of success, and do so in financial terms.
Brown observed that many companies fear losing their IP. He recommended that, on the contrary, the best use of your IP involves giving customers some insight into how you reach your decisions, and how your technology works. Without such information, the customer will be very nervous about automating their use of your product, and rest assured, automation is inevitable, because the proactive layer of security, unlike the transactional layer, makes decisions.
He concluded with a number of pieces of specific advice. Multi-tenancy is essential. Clients like BT need data separation and access control. You can't expect a customer to run a dedicated UI or server for each of their customers. Let your customers run scripts. Don't force them to install easily exploitable software: they don't want exploitable products in SOCs — no Flash, no Java, etc. Use easily authenticated RESTful APIs. Your big customers will love RESTful APIs. Make your application easy to deploy. Try not to put it onto an appliance. You need secure upload for updating — no CDs, please, for updates. Your customers test products before they buy them, so be prepared to submit your product for testing.
Brown concluded by emphasizing, again, that however innovative your technology is, it must fit the customer's ecosystem.
Stuart McClure, CEO of Cylance, presented his company's discovery of an extensive Iranian cyber campaign, "Operation Cleaver."
Cylance named the campaign because of the frequent use of the word "Cleaver" in the attackers' custom-built tools. Cylance noticed that similar — in some cases, identical — techniques and tools were appearing in disparate attacks targeting critical infrastructure globally. The list of victims reads like a list of the world's important infrastructure. The attackers were achieving shocking levels of access, and their intrusions were serious, even potentially lethal. In many cases they'd achieved complete access to their targets' networks, and to many ancillary accounts (like PayPal and GoDaddy).
Cleaver began in 2012. It appears that after Stuxnet, Duqu, and Flame, Iran realized its cyber operations needed to go beyond counting coup for the sake of the national ego — website defacements and the like, designed to show the world that the Islamic Republic was there, and capable — and move on to a genuine offensive capability. Shamoon was an early exercise of that capability; Cleaver is far more advanced. It revealed its Iranian origins through its involvement with particular subnets, in particular source and target pairs, and the extensive use of Farsi in its coding. Attribution rarely comes with a smoking gun, but Cylance is morally certain that the circumstantial evidence is compelling.
The Iranians don't attempt anything particularly exotic, but they're clever, capable, and have advanced a great deal. They use SQL injection, anonymous FTP for exfiltration (among other techniques), and some well-conceived spearphishing tactics. A big tranche of the data Cylance investigated came from airports and airlines in at least two different countries, and those data showed not only considerable information sharing among attack teams, but a disturbing interest in the physical environment surrounding air travel as well as reconnaissance of particular individuals. (One target compromised, for example, was an airport security badging system.)
Cleaver, McClure concluded, is an active, and actively tasked effort. It involves three-to-four teams with common direction, all sharing the information they develop.
FUD raineth on the just and the unjust, as evidence of ISIS's tweeted morbid suspicions that it's been infiltrated by "crusaders" attests.
The Sony hack remains an object of intense interest. The loss and damage are considerable and still being assessed: some 40 gigabytes of sensitive information, Wired reports, has leaked to the Internet. Ars Technica publishes a brief overview of the attack's destructive "wiper" functionality. Attribution has, as is usual in such cases, moved into a slightly controversial phase. Sony denies re/code's report that the company was about to "officially" blame North Korea for the attack: Sony insists the incident remains under investigation. Other security experts cast doubt on the North Korean attribution, but consensus opinion still looks at Pyongyang.
The high-profile attack on Sony has also stoked investor interest in cyber security firms.
Asprox's criminal masters are aggressively recruiting machines into their botnet. They're using phishing emails asking the recipient to "confirm their order;" such appeals are particularly effective during holiday gift-giving.
Concerns about Android vulnerabilities resurface. Some of them involving pre-installed malware revive concerns about Chinese threats to the global IT supply chain.
Wired interviews "Darkside," billed as the world's biggest surviving online drug lord.
The US Department of Homeland Security expands cyber security student internship opportunities.
Foreign policy mavens assess China's cyber policy, and see preservation of the Communist Party as its principal objective.
The prospective US Defense Secretary, Ashton Carter, is expected to devote close attention to cyber security. He'll get help from Senator McCain.
Today's issue includes events affecting Australia, China, European Union, India, Iran, New Zealand, Russia, United Kingdom, and United States.
Washington, DC: the latest from the SINET Showcase
SINET Showcase and Workshops 2014 (SINET) Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems. SINET Workshops deliver critical knowledge, targeted perspective and opportunities for direct information sharing between entrepreneurs and security experts. Held in conjunction with IT Security Entrepreneurs Forum and Showcase, each workshop offers expert insight from industry and government officials, venture capitalists, leading researchers and successful entrepreneurs who share thought leadership, experience and "know how." There is no comparable opportunity to learn how to navigate the Federal Government sector, and to obtain the necessary financing, professional services and guidance needed to win
Security Innovation Network (SINET) Announces Its 2014 Top 16 Emerging Cybersecurity Companies (Yahoo! Finance) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition. The companies, which were selected from a pool of 180 applicants from around the world, represent a range of Cybersecurity solution providers who are identifying cutting-edge technologies to address Cybersecurity threats and vulnerabilities. The selected companies will share their work with buyers, builders, investors and researchers during the SINET Showcase on Dec. 3 — 4, 2014 at the National Press Club in Washington, DC
Iranian CLEAVER hacks through airport security, Cisco boxen (Register) Plausibly-deniable Iranians suspected of Stuxnet reprisal attacks
Iran attacking critical infrastructures-Cylance report (Control) December 2nd, the Cylance report on OpCleaver was made public. The report provides details about Iran's program to attack critical infrastructures. I have been concerned about Iran's capabilities and intents for several years and have blogged about it in the past. These include articles I have reviewed by an "Iranian engineer" on Stuxnet and Siemens safety systems, articles by Iranian professors on ICS cyber security methodology, and Iran translating Project Shine into Farsi
PFP Cybersecurity Selected as a 2014 SINET 16 Innovator (Sys-Con Media) Security startup recognized for its innovative solutions to address critical infrastructure and supply chain threats
ZeroFOX Announces Integration with OpenDNS (ZeroFOX) ZeroFOX is proud to announce its partnership with OpenDNS, integrating social media attack intelligence with OpenDNS's web filters. The integration allows mutual customers to leverage proactive threat intelligence with real-time enforcement. Together, OpenDNS and ZeroFOX give security teams the power to block social malware and phishing everywhere your employees work
OpenDNS reinforces cloud security with ties to Check Point, ZeroFOX, others (Network World) A new API opens the way for a dozen more partners over the next few months
Cyber Attacks, Threats, and Vulnerabilities
Paranoia could be the best weapon against the Islamic State (Washington Post) The worm of paranoia begins to eat into even the hardest adversary. An example is a Twitter post last week displaying an Islamic State leaflet offering a $5,000 reward for information about "crusaders' agents" in the ranks
Sony's IT blueprints leaked by hackers (CSO) More data hits the public internet, this time it's passwords and network details
Inside the "wiper" malware that brought Sony Pictures to its knees (Ars Technica) FBI memo and other analysis provide details of how the malware worked
Sony hacked: Cyber attack affected Microsoft systems only (Indian Express) Eight days after a massive cyber attack on Sony Pictures Entertainment, the Hollywood studio was still struggling to restore some systems on Tuesday evening as investigators combed for evidence to identify the culprit
Sony Pictures debunks Re/code's article stating North Korea was behind cyber-attack (New York Daily News) Sony Pictures told the Associated Press that Re/code's article on North Korea being the culprit of hacking Sony was inaccurate
Security experts doubt North Korea hacked into Sony (KLTV 7) Some cybersecurity experts say it is unlikely North Korea was behind the cyberattack that crippled Sony Pictures' computers and possibly leaked unreleased movies online
Sony Got Hacked Hard: What We Know and Don't Know So Far (Wired) Who knew that Sony's top brass, a line-up of mostly white male executives, earn $1 million and more a year? Or that the company spent half a million this year in severance costs to terminate employees? Now we all do, since about 40 gigabytes of sensitive company data from computers belonging to Sony Pictures Entertainment were stolen and posted online
Asprox Operators Have Started Recruiting for a Larger Botnet (Softpedia) Emails popping up in inboxes this time of the year and asking for confirmation of an order are far from raising suspicions, and this is exactly what the operators of the Asprox botnet count on in order to extend their network
Android 'DeathRing' malware being pre-loaded on cheap smartphones (TechWorld) For the second time in a year, Chinese-made Android smartphones have been discovered pre-flashed with malware, this time a Trojan security firm Lookout Mobile has ominously dubbed 'DeathRing'
Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques (Infosec Institute) In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on a non rooted device using data backup techniques. This shows the significant risk associated with apps that are not so concerned about security
Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 (TrendLabs Security Intelligence Blog) Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes
Warning over fake Bitcoin Foundation sites scamming cryptocurrency users (ZDNet) Fraudsters are targeting Bitcoin users with phoney The Bitcoin Foundation websites and sending potential victims to a fake Bitcoin wallet designed to phish their credentials
Over 700 UK medical record security breaches reported in under a year (FierceContentManagement) One-fifth involved paper documents, files
An Interview With Darkside, Russia's Favorite Dark Web Drug Lord (Wired) Among the handful of black markets that have survived law enforcement's recent crackdown on the Dark Web, the drug selling site RAMP is different
After School Is The Latest Anonymous App Resulting In Student Cyberbullying And School Threats (TechCrunch) Meet After School, an anonymous Whisper-like app that hit the App Store in October 2014. And of course it's causing issues in countless schools like Yik Yak and Ask.fm did before it
Planes, Trains & Automobiles — Are You Safe From PoS Malware Anywhere? (TrendLabs Security Intelligence Blog) The celebration of Thanksgiving and Black Friday last week marks the start of the holiday shopping season for majority of the world. For most, this means vacations, family, friends, traveling, and of course, shopping. This is also the time for watching feel-good holiday movie reruns on television
Security Patches, Mitigations, and Software Updates
Twitter rolls out new anti-trolling tools, promises quicker abuse investigation (Naked Security) Twitter is making changes which should make it easier and quicker for users to report abuse or flag inappropriate content
New TLS/SSL Version Ready In 2015 (Dark Reading) One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications
The Real Cost of Cyber Incidents, According To Insurers (Dark Reading) Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report
New Research Shows Most Vulnerabilities Exploited in About a Week (Recorded Future) Recorded Future research published in "Week to Weak: The Weaponization of Cyber Vulnerabilities" identified the short window of time system administrators have before announced software vulnerabilities become a real threat to their operations. As noted in this research, it takes a little more than a week for an exploit leveraging a new CVE to be detected on the open web
Coffee Talk with Krebs: Nine Questions for Brian Krebs (Cyveillance Blog) Cyveillance Chief Scientist Caleb Queern recently spoke with Krebs about illegal online pharmacies, open source intelligence, the future of cybercrime, and more
Addressing Corporate Espionage in the 21st Century (Security Magazine) The 21st Century is often referred to as the information age; the developing global marketplace has contributed to the entrance of new cultures and economies into the competitive global economy. Due to globally available infrastructure and the development of global telecommunication/computing capabilities, it has enabled individuals, companies and countries to compete globally on a level playing field with traditional Western powers even from some of the most remote parts of the world. Unfortunately this has also created conditions in which the threat of corporate espionage has been rapidly proliferating due to the ease threat actors can ply their trade both through physical and virtual actions against U.S. corporations
Cyber Security's Big Data Problem (eSecurity Planet) Big Data has rendered older security models largely obsolete. The all-in-one product approach that once served the industry well is now inadequate
10 cyberthreats to watch in 2015 (Banking Exchange) Don't fight the last war. Booz Allen says third-party, wireless, alternative payments risks all to expand
Cyber Threats to Increase in Scope and Complexity in the New Year as Black Hat Hackers Become More Sophisticated, According to Fortinet 2015 Threat Predictions (Broadway World) As the 2015 New Year looms, Fortinet® (NASDAQ: FTNT), a global leader in high-performance network security, and its threat research division FortiGuard Labs, have taken a look ahead to determine the most significant cyber security threats of the upcoming New Year both from the perspective of a Black Hat hacker, as well as a Threat Intelligence solutions vendor. As the number of devices connected to the network increases, cyber criminals will continue to hone their prowess when it comes to IoT attacks and advanced evasion techniques, while also continuing to exploit large-scale server side vulnerabilities for financial gains and other nefarious purposes. Businesses and government organizations globally are at risk, as are consumers' important personal information
KnowBe4 Issues Alert: Social Engineering Threats Soaring (Virtual Strategy Magazine) KnowBe4 says "watch out" for cybercriminals looking to make some extra cash during scam season — it's a social engineering bonanza with threats on multiple fronts
U.S. Leads Way in PoS Malware Infections in Q3: Trend Micro (SecurityWeek) The United States is at the top of the list of countries with the most infections of point-of-sale (PoS) malware during the third quarter of the year, according to research from Trend Micro
Australians visiting more malicious sites: Trend Micro (ZDNet) Trend Micro's third-quarter security report for 2014 has found that Australia now ranks fifth in the world for countries with the highest number of visits to malicious sites
Trend Micro: Malware on the rise across NZ (Computerworld) Our findings confirm that we are battling rapidly moving cyber-criminals and evolving vulnerabilities simultaneously"
Making the business case for cybersecurity (Federal Times) Cybersecurity has been one of the fastest growing sectors in the federal government over recent years. It's a 24/7/365 job as threats are constant in an online world. In fact, the Government Accountability Office reported in June that "the number of cyber incidents reported by federal agencies increased in fiscal year 2013 significantly over the prior three years"
Hacked Sony Movies Highlight Opportunities for Buyers of Cyber Security Firms (Mergers & Acquisitions) Cyber security companies are becoming increasingly attractive to buyers in the wake of the attack on Sony, which has Internet users downloading millions of pirated copies of "Fury" and "Annie"
Seeking safe bets in cyber-security startups (The Age) The hackers appear to be winning. Each month, it seems, another company's records get compromised and another shadowy group amasses millions of private documents
CIT and MACH37™ Cyber Accelerator Hold 3rd Demo Day for Cyber Startups (Virtual Strategy Magazine) Twelve entrepreneurs of cybersecurity startups presented to investors, industry leaders
ThreatStream Grabs $22M To Help Fight Cybersecurity Threats (TechCrunch) ThreatStream, a cybersecurity firm based in Redwood City, CA, announced $22M in Series B funding today to continue their efforts to help organizations fight cybersecurity threats. Today's funding brings the company's total raised to-date to $26.3M
Trainee cyber-criminals wanted to help solve skills shortage (Phys.org) The world is already short of computer security experts, but by 2017 that shortfall is going to have reached about two million. Criminal hackers cause damage running to billions of pounds every year — just look at the attack on Sony Pictures, leaking unreleased films onto the web and threatening the company's entire system. If we don't do something about this skills gap soon, the costs we bear are going to keep spiralling upwards and we will be increasingly vulnerable to cyber attacks
Nuix Receives Sizable Order to Support Federal Law Enforcement (BusinessWire) Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has signed an agreement to supply one of its federal law enforcement agency customers with Nuix Investigator Lab software. This premier digital forensic investigation and analytics technology will support law enforcement offices around the country
Products, Services, and Solutions
Facebook forges partnership with IT security vendor ESET (ZDNet) The goal of the alliance is to prevent malicious links from populating Facebook user News Feeds and Message
Elastica Unveils Security and Compliance Solution for Dropbox (MarketWired) Securlet™ Provides Comprehensive Visibility, Compliance, Data Governance, and Threat Protection for Dropbox for Business Accounts
Gemalto teams up with Chunghwa Telecom for its commercial launch of NFC services in Taiwan (Nasdaq) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has teamed up with Chunghwa Telecom, the largest operator in Taiwan with 10 million subscribers, to secure their mobile NFC services
South River Technologies Adds Enterprise File Sharing and Sync (EFSS) Capabilities to Cornerstone MFT (MarketWired) New EFSS capabilities added to leading managed file transfer platform
WidePoint Arm Approved to Issue DoD ID Verification Credentials (ExecutiveBiz) A WidePoint Corp. subsidiary has become the first vendor to receive an approval from the Defense Department to issue personal identity verification credentials for more than 40 million users with access to the agency's information systems
SentinelOne Broadens Endpoint Security Capabilities to Provide Continuous Cycle of Protection against Advanced Malware (BusinessWire) SentinelOne, the company that's redefining endpoint security, today announced the latest release of SentinelOne EDR (Endpoint Detection and Response), which expands its core execution inspection technology with cloud intelligence, application whitelisting, and real-time forensics. This broader security coverage enables SentinelOne EDR to provide a continuous cycle of protection against both known and zero-day attacks on Windows, Mac, and Android computing devices, including servers and embedded systems. These new capabilities build upon SentinelOne's existing predictive execution inspection engine which dynamically tracks each newly-created process on a machine to block malware, exploits, and zero-day attacks
IONU Security Delivers the Next Generation of Transparent Security™ and Integrated Multi-Vendor, Secure Cloud File Sharing Capabilities (Sys-Con Media) IONU Security Inc., the worldwide leader in Transparent Security™, today unveiled the next generation of its Transparent Security technology and the IONU Pro app, which adds secure and integrated, multi-vendor cloud file storage and sharing capabilities to IONU's industry-leading security applications
NCR Corp. (NYSE:NCR) Has Begun Offering TrustPipe For Business And Nektar Therapeutics (NASDAQ:NKTR) Submits A Biologics License Application (EMarkets Daily) NCR Corp. (NYSE:NCR) [Trend Analysis] released that its Telecom and Technology group has begun offering TrustPipe for Business, an innovative new security solution to help telecom clients and their SMB and enterprise customers protect critical desktop assets
BalaBit Adds New Security and Support Capabilities to Its Industry-Leading Log Management Tool syslog-ng Premium Edition (MarketWired) Latest syslog-ng Premium Edition addresses data privacy concerns, enhances interoperability, and extends server platform support
New software detects personal identifiers in email (Air Force Times) An updated software tool coming Friday will warn you if you include personally identifiable information in your Microsoft Outlook emails
Technologies, Techniques, and Standards
Stopping Zero-Day Attacks with Secure Configuration Management (TripWire: the State of Security) Zero-day (0day) vulnerabilities are one of the most serious cyber security threats confronting enterprises today
Fear of Mobile Device Evidence Collection? (Officer) In agencies that have shifted some digital evidence collection responsibilities from lab-based personnel to those in the field — investigators, patrol officers, or crime scene techs — the response has been mixed
Automating Incident data collection with Python (Internet Storm Center) One of my favorite Python modules is Impacket by the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to all the machines in your environment to list or kill processes is very useful. Python and Impacket make this very easy. Check it out
Improving your readiness for OCR audits (Help Net Security) In the wake of healthcare data breaches, OCR audits for HIPAA compliance have become more common — and the consequences have been more highly publicized. But many healthcare providers still don't know how to prepare effectively for an audit
Best practices in knowledge-based authentication (Help Net Security) Knowledge-based authentication (KBA) is a methodology gaining increasing recognition for providing the identity proofing part of user authentication
Design and Innovation
This Guy's Hacked Hearing Aids Let Him Listen to Wi-Fi Networks (Wired) Earlier this year, after a decade of slowly losing his hearing, Frank Swain found himself donning a pair of Starkey Halo hearing aids. The bluetooth-connected buds, which wirelessly stream audio from an iPhone, are some of the most technologically advanced on the market. It got Swain, a writer for New Scientist, thinking: Hearing aids have always been considered a band-aid to hearing loss, but what if they could be used for more than just bolstering the performance of failing ears? What if he could use them to hear things other humans were totally deaf to?
New Google API simplifies the reCAPTCHA experience (Security Affairs) Google has simplified the authentication process by introducing an updated CAPTCHA that simply asks users whether they are a bot
Research and Development
GCHQ boffins quantum-busted its OWN crypto primitive (Register) 'Soliloquy' only ever talked to itself
Homeland Security to Expand Student Volunteer Cybersecurity Initiative (FedTech) A growing need for U.S.-based cybersecurity experts has spurred federal agencies to bolster internship programs
Legislation, Policy, and Regulation
EU Security Strategy to focus on emerging threats (SC Magazine) The new EU Internal Security Strategy for 2015-2019 should be "easily adaptable to evolving situations" by focusing not only on existing but also on emerging security threats, says a resolution approved by the EU Civil Liberties Committee on Wednesday. Cyber-security is listed as one of the key concerns, along with interlinked topics including organised crime, money laundering, trafficking in human beings, foreign fighters, and corruption
China: A cyberwarring state (Washington Times) China's strategy of large-scale cyberattacks is motivated mainly by the goal of keeping the Chinese Communist Party (CCP) in power, in addition to gaining economic secrets and planning cyberattacks in a conflict, according to a new report by the Center for a New American Security
For China, Cybersecurity Is Part of Strategy for Protecting the Communist Party (New York Times) For nearly two years, cyberespionage has been a tense focal point of relations between the United States and China. On Wednesday, the Center for a New American Security, a research group in Washington, released a paper written with the aim of understanding the motivations behind China's cybersecurity strategy. Its conclusion: that the strategy, like China's foreign policy, is driven mainly by the domestic political imperative of needing to "protect the longevity of the Chinese Communist Party"
Experts call for all-inclusive security policy (Tribune) The imperative to address multi-dimensional security challenges India faces in the wake of ever-altering landscape and the need to evolve a national policy to meet the emerging threats was today underlined by eminent speakers at the first Roundtable organised by the Tribune National Security Forum in association with the Indian Council of World Affairs
Obama's pick to lead the Pentagon is big on cybersecurity (Washington Post) President Obama's pick to lead the Pentagon, former deputy secretary of defense Ashton "Ash" Carter, has been a big supporter of increasing the country's cybersecurity capabilities. His nomination signals that the administration is likely to continue to aggressively build out its ability to fight adversaries in the digital world
McCain Ready To Tackle Cyber Threats, Cost-Plus Contracts as SASC Chairman (DefenseNews) Sen. John McCain is 78 years old. But that doesn't mean cyberspace escapes him
Here's Why Cybersecurity Remains a Challenge for the Justice Department (Nextgov) The Justice Department's handling of cybersecurity remains one of its biggest management challenges, according to a recent memo to Attorney General Eric Holder from the agency's top watchdog
Banking Committee to examine financial cybersecurity (The Hill) The Senate Banking Committee next Wednesday will hold a hearing on cybersecurity in the financial sector
Push for Formation of a Combined NY and NJ Cyber Protection Team (Hudson Valley Press) U.S. Senators Kirsten Gillibrand (D-NY), Charles Schumer (D-NY), Robert Menendez (D-NJ), and Cory Booker (D-NJ) announced their support for the New York and New Jersey Army National Guards' formation of a combined Cyber Protection Team
Litigation, Investigation, and Law Enforcement
Dozens of Chinese Held in Kenya 'Cyber Bust' (SecurityWeek) Police in Kenya are holding 77 Chinese nationals accused of running a cyber crime network and mysterious ""command center" from upmarket houses in Nairobi, officials and reports said Thursday
How the world's powers are preparing to defend themselves against cybercrime (Telegraph) Learning how to counter the growing effectiveness of cyber warriors has become a pressing priority for the West — and they're seeking soldiers from Silicon Valley
IG: DOD has dropped the ball on IPv6 transition (Defense Systems) The Defense Department has fallen behind in its adoption of IPv6 and needs to make it a priority for reasons of cybersecurity and for supporting its plans for future operations, according to a report from the DOD Inspector General
Man jailed after posting ex's topless photos to her employer's Facebook page (Naked Security) A US man from Los Angeles who hid behind a pseudonym to post topless photos of his ex to her employer's Facebook page has been found guilty and jailed
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
B-Sides Vancouver (Vaqncouver, British Columbia, Canada, Mar 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, Dec 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16 (Washington, DC, USA, Dec 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent builders, buyers, investors and researchers. Our goal is to provide entrepreneurs from around the world an opportunity to increase awareness of their Cybersecurity products and solutions to US Federal Governmental agencies and commercial enterprises, key investors and venture capitalists. Applications close August 29, 2014
SINET Showcase (, Jan 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase's objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation's critical infrastructure and command-and-control systems.
Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Dec 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars
International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, Dec 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution
(ISC)² Security Congress EMEA (London, England, UK, Dec 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East and Africa region to participate in a comprehensive education program — over five focused tracks — and to connect with fellow colleagues in their international professional community. The themes are: Governance, Risk & Compliance; Mobile Security; Human Factor; Architecture; Data Security
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, Dec 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for government affairs, security experts, academia and policy makers in 2015? Bloomberg Government is bringing the nation's top decision-makers together for the year's definitive conversation on Washington cybersecurity policy. Join Bloomberg Government and leading cyber policy experts to go beyond the breach and look ahead to 2015. Note that this event is complimentary: admission is free, based on the space available
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware