The CyberWire Daily Briefing 12.10.14
Sony continues to bleed sensitive information, and Hollywood is spooked by the apparent cost of the cyber attack — its exact price tag remains unknown but is surely very large. The FBI has thrown cold water on early reports of attribution of the hack to North Korea (we await the G-men's, and Norse's, conclusions with interest). Several industry sources sniff disdainfully at what they perceive as an attempt to inoculate Sony from security lapses by calling the attack "unprecedented": precedents (Shamoon, Dark Seoul, etc.) abound.
Patch Tuesday saw more than the usual array of Microsoft updates. Adobe, IBM, VMWare, and Yik Yak all address vulnerabilities, several of which are under active exploitation in the wild.
The season for retrospective and predictive trend studies has arrived. Noteworthy claims include Coalfire's forecast that cyber and risk management costs will double in 2015.
In industry news, Yahoo announces it will henceforth disclose within ninety days all vulnerabilities its researchers find. The Willis Wire thinks crypto-currencies may well prove uninsurable.
A decryption utility for OG3 crypto-malware is released. NIST delays release of its crypto standards report.
CSO believes catchy vulnerability nicknames have actually conduced to faster patching.
The US Congress increases cyber appropriations.
Also in the US, the Senate Select Committee on Intelligence releases a declassified version of its report on CIA interrogation techniques — there are references to cyber intelligence therein.
ISIS recruits using "slick" social media campaigns. Sabu talks of his arrest (for you Russian readers, Sabu would be the Father Gapon of Lulzsec).
Today's issue includes events affecting Australia, Canada, European Union, Germany, Iraq, Democratic Peoples Republic of Korea, Malaysia, Oman, Qatar, Russia, Sweden, Syria, Tunisia, Turkey, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Sony tormentors leak celebrities' phone numbers, aliases (Naked Security) Contact details for Hollywood stars, plus the aliases they use when they travel incognito, are among the files leaked in the latest set of documents to come out in the Sony Pictures breach
Sony hackers leak details of firm's deal with Netflix and info on celebrities (V3) Hackers have leaked documents alleging to be the terms of Sony's licensing agreement with Netflix. The hackers sent the information to V3 using various compromised email addresses as a part of a wider data dump
FBI Says 'No Attribution to North Korea' in Sony Cyber-Attack Probe (Reuters via NDTV) A senior FBI official said on Tuesday that the agency has not confirmed widely held suspicions that North Korea is behind the unprecedented cyber-attack on Sony's Hollywood studio
Timeline: how Sony's two weeks of hacker hell unfolded (Boston Herald) Though Sony Pictures had known for months that North Korea was not pleased with the subject of its upcoming film "The Interview," it wasn't until late November that mayhem broke out, as executives received an ominous threat asking for money three days before employees' computers went down. It was just the beginning of an attack unprecedented in corporate history
"Unprecedented" cyberattack no excuse for Sony breach, pros say (Ars Technica) If the security industry can't save you, it will apologize for you
Cyber attack could cost Sony studio as much as $100 million (Fortune) Breach of sensitive documents could be costly for the film studio
Sony Under Siege: Cyber Crisis Leaves Hollywood Reeling (Variety) Hollywood is reeling from the entertainment industry equivalent of WikiLeaks — leaving the entire town on high alert
Victims of Sony Breach Left Fuming (Wall Street Journal) As alleged hackers release more data, some ex-employees say studio hasn't done enough
Can You Guess Who Benefits The Most From Sony's Data Breach? (Forbes) The recent data breach scandal affecting Sony was not just an event where credit card data was stolen. It was something worse. It was the theft of confidential information from a company followed by the online disclosure of this information to the public. Seth Rogen and James Franco aside, the company's customers, partners and (most importantly) employees were seriously hurt by this
Insider Threats 101: The Threat Within (TrendLabs Security Intelligence Blog) Recent events — both in the United States and in Japan — have forced IT administrators everywhere to reevaluate the possibility of insider threats. Because of their very nature, it can be difficult to handle these problems, particularly because the mindset needed to handle them can vary
Destover variant signed with stolen Sony certificate was part of a joke (CSO) The signing was part of a joke; no one suspected it would get any attention
Dangerous XSS Vulnerabilities Found On Trip Advisor Website (TechWeek Europe) XSS attacks are being used in combination with spear phishing, social engineering and drive-by attacks
Hacked payment card service transmitted some data in plaintext (Ars Technica) Attackers may have accessed credit card data for five years
'Inception' malware, dropped clues have hacker experts stymied (Stars and Stripes) It's a hacker whodunit
File Inclusion Attacks (Infosec Institute) A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the 'include' functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user's input is passed to the file include commands without proper validation. The impact of this vulnerability can lead to malicious code execution on the server or reveal data present in sensitive files, etc
Infographic: Heartbleed, Shellshock and POODLE top the list of major web vulnerabilities (FierceITSecurity) The top three major web vulnerabilities uncovered this year were Heartbleed, Shellshock and POODLE , judges Web security firm Incapsula
From Russia with love: phishing, hacking and intelligence (The Cyber Security Expert) I'm going to deviate from the usual 'ask the expert' today and talk instead about something I very much enjoy, which is digging around in data, and at the same time highlight the threat from what are apparently Russian state backed hackers. Sounds very Cold War right? Shake that martini and lets go!
Crimeware Marketplaces and Their Facilitating Technologies (Technology Innovation Management Review) The cybercrime community has evolved from one in which criminals develop their own tools into one in which crimeware — tools and services to carry out or facilitate illegal online activity — can be readily bought, sold, traded, hired, or licensed in online marketplaces
How hackers encrypt files for a ransom (Futuregov) Millions of dollars lost in ransomware payments, study shows
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Summary for December 2014 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for December 2014
Microsoft released seven advisories, three are critical (Help Net Security) December's Patch Tuesday brings us seven advisories, three of which are listed as Critical. Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the VBScript CVE in MS14-084
It's nearly 2015 — and your Windows PC can still be owned by a Visual Basic script (Register) Plus patch for Adobe Flash bug exploited by hackers
Adobe patches Flash zero day under attack (CSO) Adobe has released fixes for six security vulnerabilities in Flash, which includes one that is reportedly under attack, as well as fixes for 20 flaws in Reader and Acrobat
IBM Issues More POODLE Patches, Warns Not to Use SSLv3 (IT Jungle) IBM i shops that continue to use SSLv3 to encrypt their communications are susceptible to the POODLE security vulnerability and could have their data compromised, IBM warned today in a security bulletin. IBM also issued new security patches that disable SSLv3 in IBM i's Java runtime. While IBM recommends moving to the newer TLS protocol, many IBM i applications still require SSLv3 and will likely break when it's disabled, IBM warns
VMware Security Advisories: VMSA-2014-0013 (VMWare) VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
Yik Yak Patches Privacy Vulnerability in iOS App (Threatpost) Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone's account
Good-bye msfpayload and msfencode (Rapid7 Security Street) On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will retire from the Metasploit repository, and replaced by their successor msfvenom. The tool msfvenom is the combination of msfpayload and msfencode, and has been in testing for more than 3.5 years
Business security leaders fear loss of cyber war: IBM (ZDNet) According to IBM's latest CISO study, 60 percent of security leaders feel as though their organizations are outgunned in the supposed cyber war
Browser vulnerabilities to become biggest endpoint challenge (Help Net Security) A growing number of flaws in web browsers is viewed as the biggest endpoint security headache by today's IT decision-makers, according to Malwarebytes
McAfee warns of increasing cloud, mobile and web threats (MicroScope) Cyber criminals are going to start using the techniques deployed by nation states as they look to launch attacks that go undetected for longer and gain access to sensitive data
Cost of cybersecurity and risk management to double (Help Net Security) "As 2014 ends, it's clear this was the year everything changed in the world of information security," said Rick Dakin, Coalfire's CEO and chief security strategist. "As high-profile data breaches were announced one after another, consumers stopped believing companies took protecting their information seriously
Cyber attacks now longer than ever (Help Net Security) Cyber attacks have reached a tipping point in terms of quantity, length, complexity and targets. As cyber threats are growing and expanding to new targets, 52% of respondents to a report by Radware, reveal they can effectively fight an around-the-clock campaign for only a day or less
Cyber-attacks could have domino effect on channel, Radware warns (MicroScope) ISP and hosting providers were the two most targeted industries when it came to cyber-crime in 2014, according to a report published today
Healthcare Security In 2015: 9 Hotspots (InformationWeek) With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015
Chinese responsible for 85 per cent of website scams (Register) And Apple is their number one target
Corporate data: Protected asset or a ticking time bomb? (Help Net Security) Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent
Inside the minds of senior security leaders (Help Net Security) More than 80 percent of security leaders believe the challenge posed by external threats is on the rise, while 60 percent also agree their organizations are outgunned in the cyber war, according to IBM. Technology is seen as a critical component in addressing these security issues and threats, with big data, cloud and mobile named as the most significant areas of prioritization
Security predictions for 2015 (IT-Online) 2014 has been particularly busy for IT security professionals. Many of the threats that we predicted at the start of the year duly emerged, while other significant issues caught the entire sector by surprise
IoT and the enterprise: Managing risks and avoiding mistakes (FierceITSecurity) Greg Shannon argues that responsibility for the security of IoT is spread widely among disparate parties
United States Ranked Most Committed to Cybersecurity Followed by Canada, Australia, Malaysia, and Oman In Global Cybersecurity (Herald Online) The final results of the Global Cybersecurity Index (GCI) have been officially announced at the ITU Telecom World 2014 taking place in Doha, Qatar. The GCI ranks the United States as the country with the highest national cybersecurity commitment, followed by Canada in second place. Jointly in third position are Australia, Malaysia, and Oman. The GCI is a joint project between private sector firm ABI Research and the UN specialized agency, the International Telecommunication Union (ITU). The aim of the project is to drive the issue of cybersecurity to the forefront of national agendas. The GCI provides insight into the cybersecurity engagement of sovereign nation states
Legal Minutia Is Killing My Productivity (InformationWeek) I understand that legal matters are part of the CIO territory, but they're starting to overtake my day-to-day work
Yahoo Plans to Disclose All New Bugs It Finds Within 90 Days (Threatpost) Yahoo officials say that the company will disclose any new vulnerabilities that the company's security team finds within 90 days of discovery
Bitcoin: Impossible to Insure? (Willis Wire) Virtual currency may be an inevitable part of our increasingly virtual world, but that doesn't mean insurance companies have to like it — or insure it
Threat Stack Raises $5M For Its Cloud Security Service (TechCrunch) Last month, at Amazon's re:Invent conference, Threat Stack launched its cloud security solution out of beta during Amazon CTO Werner Vogel's startup launch keynote. The service helps companies that want to use Amazon's cloud computing service to monitor their infrastructure and applications for potential threats. As more businesses start adopting public clouds, the need for services like this is also increasing, something the venture capital community has also realized and Threat Stack today announced that it has raised a $5 million Series A1 round of additional funding
Area 1 Security Announces $8 Million Funding Round Led by Kleiner Perkins Caufield & Byers (MarketWired) Series A round enables company to deliver on mission to eliminate social engineering attacks
With $16M In Funding, Helium Wants To Provide The Connective Tissue For The Internet Of Things (TechCrunch) Over the next few years, we'll see a torrent of new devices emerge that are connected to the Internet and each other through a wide range of different wireless networking protocols. As a result, there's a race on, not just to get those devices connected, but also to provide the network infrastructure necessary to managing all of them at scale
Air Force selects ISSE Services to provide cybersecurity for critical infrastructure (GSN) As part of a $40M sustainment program, the U.S. Air Force has selected ISSE Services, LLC to provide comprehensive cybersecurity information assurance, engineering and logistics support for the Remote Visual Assessment (RVA) video surveillance system
Tenable Network Security Recognized as a 'Top Workplace' by The Baltimore Sun (MarketWatch) Fast-growing cybersecurity company named a 2014 Top Workplace, CEO wins Top Leadership award
Top Places to Work: IntelliGenesis (Baltimore Sun) IntelliGenesis LLC is a woman and veteran-owned Defense Technology company headquartered in Columbia, MD. Since establishment in 2007, IntelliGenesis has been the premiere provider of Intelligence Analysis, Aritificial Intelligence, Computer Network Operations, and Cyber related Internal Research and Development services
Top Places to Work: KEYW Corporation (Baltimore Sun) KEYW is a total solutions company that focuses on solving the toughest challenges in Cyberspace, Geospace and Counterterrorism. We help our Government and Enterprise customers prevent cyber threats, transform geospatial imaging into intelligence, and combat global terrorism
Incapsula Named an Information Security Magazine and SearchSecurity.com 2014 Readers' Choice Award Winner (MarketWatch) DDoS protection service receives highest honors in the "Denial of Service Protection" category
Andrew van der Stock of Threat Intelligence is elected as OWASP International Board Director (CSO) OWASP facilitates application security tools, documents, forums and chapters that are free and open for industry players interested in improving application security
Products, Services, and Solutions
Deutsche Telekom and FireEye create cyber security service (Financial Times) Deutsche Telekom has formed a joint cyber security venture with FireEye, the Silicon Valley cyber security group, focused on offering security services to European companies
.Bank hires Symantec to check credentials (Register) Soon you might be able to trust that financial email
Following Numerous Data Breaches, Dashlane And LastPass Apps Can Now Reset Passwords For You (TechCrunch) Data breaches like the ones at Target, Neiman Marcus, Staples, Home Depot, and most recently Bebe, are now exceedingly common. Combined with large-scale security incidents like Heartbleed, web users are often asked to quickly change their account passwords to protect themselves against further attacks. Unfortunately, doing so is easier said than done — users tend to re-use their passwords across websites, making it difficult to fully batten down the hatches when one password makes it out into the wild
Lastline Adds OS X Support and Unlimited 10 Gbps Sensors in 6.0 Release of Its Breach Detection Platform (Herald Online) Lastline, a global breach detection provider, today announced the 6.0 release of its software-based security platform. Major updates include the addition of OS X support and a 10 gigabits-per-second (Gbps) sensor interface on standard servers. Lastline offers its security service as an annual subscription, so all new features in 6.0 are included in the existing price per user, making scaling breach detection both flexible and predictable for enterprise customers
Tripwire Announces Integration With Lastline for Advanced Threat Protection (DarkReading) Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions today announced a partnership and technology integration with Lastline, Inc. that provides mutual customers with the ability to detect and defend against breaches caused by advanced and evasive threats. The collaboration is part of Tripwire's Technology Alliance Program (TAP), designed to allow a wide variety of vendors to team with Tripwire to deliver innovative security solutions
New GravityZone from Bitdefender Open for Public Testing (Softpedia) GravityZone, Bitdefender's enterprise security solution, has reached a development stage deemed ready by the company to invite users to take it for a spin
DHS S&T App Technology Transitions to Commercial Market (Newswise) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced on Dec. 5, that a mobile app funded by the directorate, has transitioned to the commercial market. Developed by S&T's Visual Analytics for Command, Control, and Interoperability Environments (VACCINE) Center of Excellence, the first mobile security application archiving technology successfully transitioned over through the small business, KryptoWire
Rook Security Certified As PCI Security Standards Council Qualified Security Assessor (BusinessWire) Rook Security, a provider of global IT security solutions protecting sensitive data against dynamic, emerging threats, has successfully completed the PCI Security Standards Council Qualified Security Assessor (QSA) Company testing process and is validated to perform Payment Card Industry Data Security Standard (PCI DSS) assessments
Making Online Privacy Easier for Everyone (Voice of America) When it comes to the many tools that help people guard their privacy online, there have largely been two basic choices
ForeScout and OPSWAT Collaborate to Provide Advanced Endpoint Compliance Enforcement (Nasdaq) OPSWAT joins ForeScout ControlFabric Partner Ecosystem
BalaBit's Shell Control Box is Verified as Citrix Ready with Citrix XenApp and XenDesktop 7 (BDaily) Shell Control Box becomes a Citrix Ready verified PIM tool for Citrix 7.6 platforms
Technologies, Techniques, and Standards
Decryption Tool Available for Crypto-Malware Operation Global III (Softpedia) A patching utility against crypto-malware Operation Global III (OG3) has been created, to prevent users from paying the ransom and free their files in a simple and efficient manner
Can we expect a future free from passwords and PINs? (Naked Security) Global authentication working group the FIDO Alliance has released the final draft of version 1.0 of its authentication specifications, which it hopes will reduce or even end our reliance on passwords for online authentication
NIST Tardy on Cryptography Standards Report (GovInfoSecurity) Review of expert advice on new process cited for the delay
Moving Mountains In Cyber War: Automated Virtual 'Maneuver' (Breaking Defense) In real-world warfare, troops and tanks maneuver to take advantage of the terrain. In the looking-glass world of cyberspace, however, "maneuver" may mean changing the terrain itself. If the enemy's invading your country, you can dig a trench or blow a bridge, but otherwise you go to war with the landscape you have
Dealing with a Data Breach: Tips from the Trenches (eSecurity Planet) Thorough documentation and clear communication can make dealing with a data breach a little less painful
Security Armchair Quarterbacks: Go Away (InformationWeek) Cyber criminals will never go away. Instead of looking for a silver bullet, be proactive, interactive, and focus on reducing risk
Encrypt and password protect existing Mac OS X folders (Julian Evans) One security and privacy feature of Mac OS X (includes Yosemite) that you might not know about is how to encrypt and password protect existing folders. The Disk Utility app allows you to create an encrypted disk image (and when mounted is called a "volume") from an existing folder, thereby hiding the folder from prying eyes
8 Facebook Privacy Settings To Check (InformationWeek) Facebook's renewed focus on privacy brought new settings and apps to the social network in 2014. Check out the settings you should review
Design and Innovation
Catchy nicknames prompt more patching of vulnerabilities (CSO) Vulnerabilities with catchy nicknames get more attention from media, customers, and vendors and so get patched more thoroughly than similar vulnerabilities without clever names
Legislation, Policy, and Regulation
Funding bill boosts cybersecurity spending (The Hill) Cybersecurity spending would mostly increase under the nearly $1.1 trillion spending package lawmakers agreed to on Tuesday night
Defining cyber roles at DOD (FCW) A recent Defense Department directive is an important clarification of the different roles played by the Pentagon's CIO, principal cyber advisor and other officials in setting the department's cybersecurity policy, acting DOD CIO Terry Halvorsen told reporters on Dec. 5
NAVSEA Chief Talks Risk, Cyber and A New Era of Naval Shipbuilding (USNI) The head of the U.S. Navy's shipbuilding and maintenance arm spends a lot of time thinking about risk
Litigation, Investigation, and Law Enforcement
Committee Study of the Central Intelligence Agency's Detention and Interrogation Program (US Senate Select Committee on Intelligence) On April 3, 2014, the Senate Select Committee on Intelligence voted to send the Findings and Conclusions and the Executive Summary of its final Study on the CIA's Detention and Interrogation Program to the President for declassification and subsequent public release
Statement by President Obama — Report of the Senate Select Committee on Intelligence (IC on the Record) Throughout our history, the United States of America has done more than any other nation to stand up for freedom, democracy, and the inherent dignity and human rights of people around the world. As Americans, we owe a profound debt of gratitude to our fellow citizens who serve to keep us safe, among them the dedicated men and women of our intelligence community, including the Central Intelligence Agency
DNI Message to the Intelligence Community Workforce on the Release of the SSCI Report (IC on the Record) Today, the Senate Select Committee on Intelligence released its report on the detention and interrogation program. In all of my experience in intelligence, I am hard-pressed to recall another report — and the issues surrounding it — as fraught with controversy and passion as this one
Release of Senate Select Committee on Intelligence Report (IC on the Record) Release of this report affirms again that one of America's strengths is our democratic system's ability to recognize and wrestle with our own history, acknowledge mistakes, and correct course. This marks a coda to a chapter in our history. President Obama turned the page on these policies when he took office and during week one banned the use of torture and closed the detention and interrogation program. It was right to end these practices for a simple but powerful reason: they were at odds with our values. They are not who we are, and they're not who or what we had to become, because the most powerful country on earth doesn't have to choose between protecting our security and promoting our values
Statement from Director Brennan on the SSCI Study on the Former Detention and Interrogation Program (IC on the Record) Over the past several decades, and especially since the terrible tragedy of 9/11, the CIA has been at the forefront of our Nation's campaign against al-Qa'ida and other terrorist organizations worldwide. The women and men of the CIA have operated around the globe, 24-hours-a-day, working with their U.S. colleagues as well as with foreign partners to prevent terrorist attacks. As a result of these efforts, including the many sacrifices made by CIA officers and their families, countless lives have been saved and our Homeland is more secure
Three American teens, recruited online, are caught trying to join the Islamic State (Washington Post) Mohammed Hamzah Khan, 19, rose before dawn on Oct. 4 to pray with his father and 16-year-old brother at their neighborhood mosque in a Chicago suburb
Quebec police arrest man on outstanding terror-related charges (CTV News) Police arrested a 36-year-old man Sunday on terrorism-related charges, after he flew from Tunisia to Montréal's Trudeau airport
DOJ: Companies need to trust gov't on cybersecurity (CSO) The U.S. fight against cybercrime would be more effective if companies put more trust in the country's law enforcement agencies, a top U.S. Department of Justice official said
LulzSec Leader Sabu Talks About Arrest in First TV Interview (Softpedia) Known in his online crusades as Sabu, former leader of the LulzSec hacker group Hector Xavier Monsegur talks in his first TV interview about his arrest by the FBI in mid-2011
Pirate Bay Has Been Raided and Taken Down: Here's What We Know (Wired) The popular file-sharing service Pirate Bay was taken down today following a raid in Sweden by police who seized servers and computers
Counterfeit sites seized (Professional Security Magazine) Some 292 domain names illegally selling counterfeit merchandise online to consumers have been seized in an operation by Euro-police body Europol and US Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI), with 25 law enforcement agencies from 19 countries. The 292 names seized are part of project 'In Our Sites (IOS) Transatlantic V'
Cybersecurity's not done until the paperwork is finished (GCN) The Veterans Affairs Department has been dinged once again by the Government Accountability Office for lack of follow-through in its cybersecurity operations. In a recent report, VA Needs to Address Identified Vulnerabilities, the GAO warned that unless VA's security weaknesses are fully addressed, "its information is at heightened risk of unauthorized access, modification and disclosure, and its systems at risk of disruption"
Police need more money to fight cyber-crime, finds report (SC Magazine) Money is urgently needed from the Government's £860 million National Cyber Security Programme to plug big holes in the police's ability to combat cyber-crime, which is now reaching crisis levels
Microsoft sues AT&T customer for activating pirated copies of Windows 7 & Office 2010 (Network World) Microsoft is gunning for an AT&T customer who activated too many pirated copies of Windows 7 and Office 2010. The Redmond giant has the IP and wants the person(s) unmasked and to pay up
Teen arrested, identified as Polk "swatting" suspect (WTSP) On Sunday, December 7, the Royal Canadian Mounted Police arrested a 17-year-old male suspect in Coquitlam, British Columbia, Canada, after a Polk County Sheriff Office investigation into three incidents of "Swatting" that occurred in Polk County positively identified the young man
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Threats Masterclass (Turin, Italy, Apr 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts
Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, Dec 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, Dec 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution
(ISC)² Security Congress EMEA (London, England, UK, Dec 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East and Africa region to participate in a comprehensive education program — over five focused tracks — and to connect with fellow colleagues in their international professional community. The themes are: Governance, Risk & Compliance; Mobile Security; Human Factor; Architecture; Data Security
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware