The CyberWire Daily Briefing for 2.6.2014
Officials and researchers continue to warn those attending the Sochi Olympics (or even watching from home) of the games' attendant cyber risks.
The Syrian Electronic Army made an attempt on Facebook's domain, but two-factor authentication and registry lock apparently kept the would-be DNS hijackers out.
This week's hasty Adobe Flash patch addressed a vulnerability currently being exploited in the wild. Kaspersky offers technical details—Flash users should patch.
For some weeks now the Target hackers were said to have compromised point-of-sale systems via stolen vendor credentials. Krebs reports the vendor's been identified: an HVAC and refrigeration subcontractor. Target (which says only 25 cash registers were infected, but that was enough) is accelerating its plans to adopt chip-and-pin pay card technology. The US Secret Service tells Congress the Target hackers were "highly technical and sophisticated" and probably located outside the United States. The malware used was crafted for Target, and different from that deployed against Neiman Marcus.
The creepy cyber vandals of NullCrew boast that they were the ones behind the recent Bell Canada hack. They also claim blame for an attack on Comcast servers.
Some of the luster temporarily glittering about Huawei for its new UK security center is tarnished by developments elsewhere in the Commonwealth: Indian authorities are investigating the Chinese company for allegedly hacking telco Bharat Sanchar Nigam (BSNL).
"Waking Shark II," the financial cyber exercise led by the Bank of England, has reported. It finds poor technical information sharing mechanisms the biggest obstacle to common cyber defense.
Notes.
Today's issue includes events affecting Canada, China, India, Israel, New Zealand, Russia, South Africa, Switzerland, Syria, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Security Tip — Sochi 2014 Olympic Games (US-CERT) Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to take advantage of the large audience to spread their own message. Additionally, cyber criminals may use the games as a lure in spam, phishing or drive-by-download campaigns to gain personally identifiable information or harvest credentials for financial gain. Lastly, those physically attending the games should be cognizant that their communications will likely be monitored
Sochi Winter Olympics' Other Security Threat: How To Avoid Cyber-Related Attacks (International Business Times) While the world is fixated on a possible terrorist attack at the XXII Olympic Winter Games in Sochi, Russia, there is another major threat linked to the games: cyber-related attacks
Experiment Shows Russia is Still a Hotbed of Nefarious Digital Activity: Part 1 (Trend Micro Simply Security) Recently, NBC News invited me to take part in an experiment that took place in Russia with NBC's Chief Foreign Correspondent, Richard Engel. For this experiment a honeypot environment was created emulating a user in Russia performing basic tasks; such as browsing the Internet, checking email, and instant messaging. The primary purpose of this experiment was to gauge how quickly a compromise would occur on given devices, should the user perform normal activity while in Russia for the Sochi Olympics. In this post I outline the experiment and how I set it up. In my next post I'll talk about the actual experiment and what I learned
Syrian Electronic Army hackers meddle (briefly) with Facebook's domain (Graham Cluley) The Syrian Electronic Army's hack of MarkMonitor put them within a hair's breadth of hijacking Facebook's domain. Things could have been much worse
When Syrian hackers attacked, Facebook's bacon was saved by security measures (Graham Cluley) The hackers attempt to hijack Facebook's domain failed because the social network had enabled a registry lock and two-factor authentication. Enabling extra security measures can reduce the chance of your own company's website being messed around with by DNS hijackers. Learn the lesson now
Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day (SecurityWeek) On Tuesday afternoon, Adobe released an out-of-band security update to address a critical zero-day security vulnerability in Adobe Flash Player. The remotely exploitable vulnerability is being used in attacks in the wild and allows an attacker to take control of an affected system
Adobe Flash flaw exploited in the wild, update now (Help Net Security) Adobe has released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux and OS X, the exploitation of which can result in an attacker gaining remote control of the
Target Hackers Broke in Via HVAC Company (Krebs on Security) Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers
Target accelerating $100 million chip and PIN adoption, finds just 25 registers at fault in breach (FierceRetailIT) Target (NYSE: TGT) will adopt chip and PIN technology six months ahead of Visa and MasterCard's October 2015 deadline as executives push for wider adoption of the more secure technology
Secret Service says Target hackers were sophisticated (Minneapolis Star Tribune via TMC ) The hackers who stole data from Target Corp. were "highly technical and sophisticated" and likely were located outside the United States, a Secret Service official told a House subcommittee looking into one of the biggest thefts of computerized information in the country's history
Demystifying Point of Sale Malware and Attacks (Symantec) Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers' Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data. Symantec has therefore published an Attacks on Point of Sales Systems whitepaper with details on how POS attacks are carried out, and how to protect against them
Apple, Amazon, Walmart among retail's winners and losers in data security (FierceRetailIT) Recent security breaches lead the news and consumers are increasingly suspicious of possible credit card fraud. When it comes to data security, retailers run the gamut from perfect to poor
Comcast servers compromised by same attackers as Bell Canada (Naked Security) After exposing usernames and passwords from Bell Canada, hacking group NullCrew claims to have compromised email servers at ISP Comcast
Comcast customer surprised to learn new router is also public hotspot (Ars Technica) Routers broadcast public Wi-Fi signals, unless you ask Comcast to turn it off. Comcast customer Ronaldo Boschulte didn't know exactly what he was getting when the company swapped his malfunctioning modem for a new one. The cable modem doubles as a Wi-Fi router—that much he was expecting. But he didn't realize the router would, by default, broadcast a public Wi-Fi network that anyone with a Comcast account could connect to
China's Huawei accused of hacks on India's state telecoms company BSNL (IT Pro Portal) India has launched an investigation after a media report alleged that Chinese telecoms company Huawei hacked into the state-run telecoms carrier Bharat Sanchar Nigam (BSNL), according to a senior government official
White Lodging Lists Specific Hotels Affected by Recent Data Breach (eSecurity Planet) The affected locations include Marriott, Holiday Inn, Sheraton, Westin, Renaissance and Radisson hotels.
Winnebago County Health Department thwarts cyber attack (Rock River Times) County health department IT officials thwarted a computer exploitation of one of its Internet facing servers, Winnebago County Board Chairman Scott Christiansen (R) said Wednesday, Feb. 5
405,000 People Affected by St. Joseph Health System Data Breach (eSecurity Planet) Patients' and employees' personal, medical and/or bank information may have been accessed by hackers
Crooks target SA Windows users (News 24) Microsoft has warned that scammers are targeting people using Windows in order to steal personal information as well as cash
Drive-by Download Attacks: Examining the Web Server Platforms Attackers Use Most Often (Microsoft Security Blog) We have included data on drive-by download attacks in numerous past volumes of the Microsoft Security Intelligence Report. But in the latest volume of the report, volume 15, we published some new data that we haven't included in the report before — the relative prevalence of drive-by download sites hosted on different web server platforms
123-reg hack knocks out 120 UK domains (PCPro) Hosting provider 123-reg has been accused of a lapse in security after one customer found his account hacked - and the domains he had registered redirecting to a ransomware site
Unsophisticated scam shows the high level of commoditization of today's cybercrime. (Virus Bulletin) Browser-based ransomware uses scare tactics to extort money. A case of browser-based ransomware, that is currently using social engineering tactics in an attempt to extort money from its victims, shows how even the least sophisticated cases of cybercrime make use of services available on the black market
Europol Publishes Report on Police Ransomware (Softpedia) Europol's European Cybercrime Center (EC3) has published a report on police ransomware and its impact on cyberspace
3 startling malware developments (IT Manager Daily) Heads up: Three insidious malware programs could wreak havoc on your systems if you or your users aren't ready for them. Some are remakes of old strains. Others are new and ready to make a big impression
Malware Uses ZWS Compression for Evasion Tactic (TrendLabs Security Intelligence Blog) Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions
Report: Some enterprises sticking with XP despite warnings (TechTarget Security Digest) More than a third of enterprises using Windows XP have no plans to migrate, according to a new report, regardless of the growing XP security risks
Windows XP: If You Cannot Patch, Catch (FireEye Blog) More than 12 years after its initial launch and five years after its most recent major update (Service Pack 3), Microsoft is finally ending support for Windows XP. The upshot: Microsoft will release no additional updates for the antiquated OS. No more updates means no more security patches or bug fixes, leaving systems still running XP more vulnerable to viruses and cyber attacks
Arbor report cites rise in application-layer DDoS attacks (TechTarget Security Digest) Data from Arbor Networks shows an increase in DNS amplification attacks and application-layer DDoS attacks
Data available online leaves UK infrastructure vulnerable to cyber attacks — IET (Computing) Information freely available on the web could be leaving the UK's critical national infrastructure vulnerable to cyber attacks by hackers, a new report has claimed
The Obamacare Security Nightmare: It Gets Worse (Yahoo! News) Fraudsters on the inside, hackers on the outside. Here we are, stuck in the middle with the security nightmare called Obamacare. Can it get any worse? Yes, it can
Insight: Brazil spies on protesters, hoping to protect World Cup (Reuters) Brazilian security forces are using undercover agents, intercepting e-mails, and rigorously monitoring social media to try to ensure that violent anti-government protesters do not ruin soccer's World Cup this year, officials told Reuters
The New Snowden Revelation Is Dangerous for Anonymous — And for All of Us (Wired) The latest Snowden-related revelation is that Britain's Government Communications Headquarters (GCHQ) proactively targeted the communications infrastructure used by the online activist collective known as Anonymous
Cyber Trends
Retailers call for collaboration to combat cyberattacks (FierceRetailIT) In a statement submitted today to the U.S. Senate Committee on Banking, Housing & Urban Affairs Subcommittee on National Security and International Trade and Finance, the Retail Industry Leaders Association (RILA) highlighted the importance of collaboration among retailers, banks and card networks to advance payments security to prevent future cyberattacks. The letter was submitted for the record ahead of the Subcommittee hearing, "Safeguarding Consumers' Financial Data."
Going There: The Year Ahead in Cyber Security (re/code) Last year, we saw some of the most significant events in the history of cyber attacks, including the largest DDoS attack on record, the Edward Snowden NSA revelations and evidence of nation-state cyber warfare against not only governments but also civilian organizations. What became clear in 2013 is that cyber threats are coming from complex operations funded by nation-states and private enterprises moving so quickly that they have outpaced many of the systems designed to stop them
PHI breaches up 138% in 2013 (FierceHealthIT) More than 7 million patient records were breached last year, an increase of 138 percent from 2012, according to a report from IT security audit firm Redspin
Javelin Study: A New Identity Fraud Victim Every Two Seconds (Dark Reading) Javelin report says identity fraud increased to 13.1 million victims in 2013
Marketplace
U.S. retailers face pressure to raise cybersecurity spending (Reuters via the Baltimore Sun) Target Corp's decision to speed up a $100 million program to adopt the use of chip-enabled smart cards is just a drop in the bucket when it comes to what retailers need to do to defend themselves against future cyber attacks, according to security experts and IT service providers
After Bleeding-Edge Cyber Conference, IBM and Cisco Announce Major Investments In Israeli Cyber-Security Hub ( TheTower) Analysts charting out 2014 had already predicted last November that the coming year will be a breakout one for Israeli IPO's. The country has long benefited from an upward innovation spiral, where human capital attracts the attention of major corporations and those corporations provide the infrastructure for Israeli workers to innovate
Lack of skills hindering appsec programs (Help Net Security) An ongoing shortage of skills in application security is severely hampering the implementation of effective Appsec programs, according to SANS
Tom Arseneault Promoted to BAE US COO; Dave Herr to Retire (Executive Mosaic) Tom Arseneault, formerly executive vice president of the product sectors at BAE Systems Inc. — the British contractor's U.S. subsidiary — has been promoted to chief operating officer
Roger Mason Returns to Noblis as SVP of National Security, Intelligence; Amr ElSawy Comments (Executive Mosaic) Roger Mason, a former national security and intelligence vice president at Noblis before moving to the Office of the Director of National Intelligence, has returned to Noblis as senior vice president of the NSI unit
Richard Weaver Appointed Johns Hopkins APL Chief Security Officer; Ralph Semmel Comments (Executive Mosaic) Richard Weaver, a more than 10-year veteran of the National Security Agency, has been appointed chief security officer at The Johns Hopkins University Applied Physics Laboratory, The government intelligence veteran joined APL in March 2013 as a special adviser and will be responsible for overseeing the nonprofit research lab's security functions in his new role, APL said Tuesday
Julie Bowen Named MITRE VP, General Counsel; Alfred Grasso Comments (Executive Mosaic) Julie Bowen has been appointed to the vice president, general counsel and corporate secretary roles at MITRE Corp. The cybersecurity and intellectual property law veteran joined MITRE in 2006 as associate general counsel, with responsibility in the organization's technology transfer office, MITRE said Tuesday
Mary Beth Gustafsson Named ITT Corp. General Counsel; Denise Ramos Comments (Executive Mosaic) Mary Beth Gustafsson, formerly a general counsel, secretary and chief compliance officer at First Solar, has joined ITT Corp. (NYSE: ITT) as general counsel reporting directly to CEO Denise Ramos, ITT said Tuesday
Products, Services, and Solutions
OpenDNS and FireEye Partner to Amplify Protection Against Advanced Cyber Attacks (BWW) OpenDNS, the world's leading provider of cloud security services, today announced the integration of its Umbrella security service with the FireEye Web Malware Protection System (MPS). The combination of OpenDNS predictive threat detection and enforcement with FireEye behavioral analysis provides real-time protection against custom malware, zero-day exploits and advanced persistent threats (APT). Using OpenDNS and FireEye together, customers can extend security policies to the cloud and transparently protect any user and any device, both on and off the network
Amazon wants to be your POS, don't let them (FierceRetailIT) Amazon.com (NASDAQ: AMZN) plans to introduce an in-store POS system using Kindle tablets. It's a genius move for the online retailer, but a terrible one for brick and mortar folks
Nominet offers free cyber security help to small firms (ComputerWorld) Pilot will involve 1,000 businesses across all sectors
CSG Introduces Groundbreaking Enterprise Security Business (Wall Street Journal) CSG International, Inc. (NASDAQ: CSGS), a global provider of interactive transaction-driven solutions and services, today announced the worldwide launch of CSG Invotas, a new software and services business focused on enterprise security solutions designed to help clients combat the increasing frequency, sophistication, and unpredictability of cyber attacks
Technologies, Techniques, and Standards
Cyber attack test highlights need for better communication among banks (ComputerWorld) Bank of England releases 'Waking Shark II' report
Banks warned cyber attacks still a big threat (City A.M.) Banks need to better co-ordinate their response to any future cyber attack if they are to resist the assault and keep key systems functioning, a test of the industry's capabilities has revealed
Sochi Olympics 2014: 10 Technologies In Spotlight (InformationWeek) From innovations for athletes to unprecedented surveillance tools for authorities, look at the technologies that will shape the Sochi Olympics
Security School: Keeping Web malware out of the enterprise (TechTarget Security Digest) The Web is the No. 1 way malware spreads. Security expert Pete Lindstrom outlines the best mix of proven and emerging tactics to reduce the risk posed by Web malware
Sinking Safe Harbor? What's next for data privacy compliance? (TechTarget Security Digest) An attorney says the rumored suspension of Safe Harbor is unlikely, but either way, data privacy compliance will get harder for U.S. companies
Now is the time for information governance, AHIMA CEO says (FierceHealthIT) From financial to clinical information, data indisputably is everywhere—and now is the time for information governance for the healthcare industry, Lynne Thomas Gordon (pictured), CEO of the American Health Information Management Association, writes
7 Ways to Reclaim Your Digital Privacy (Popular Mechanics) The digital spies are watching you—marketers, the NSA, identity thieves, and all kinds of snoops. But the battle's not over. These are the seven best ways to fight back
NAC Comes Back (Dark Reading) BYOD and advanced malware help resuscitate network access control
NIST makes a hash of SHA-1 ban (ZDNet) The National Institute of Standards and Technology has declared that "SHA-1 shall not be used for digital signature generation after December 31, 2013." So why are they still using it
Can threat modeling keep security a step ahead of the risks? (CSO Salted Hash) CSOs need to more precisely understand the actual threats facing their organization. The fix? Threat modeling
PCI Council says government should stay out of payment card standards (CSO Salted Hash) Standards body says government should continue to let private sector dictate rules for protecting card data
Design and Innovation
Apple Dives Deeper Into Improved Device Display Research With Quantum Dot-Enhanced Tech (TechCrunch) Apple has filed for three new patents, according to applications published by the USPTO (via AppleInsider) today. The applications all relate to the use of quantum dot-enhanced displays, which provide a number of advantages to electronic device screens, including richer and more vibrant colors, better viewing angles and an overall better experience vs. standard LCD gadget screens
Accelerators In India's Nascent Startup Ecosystem Face A Reality Check (TechCrunch) Is the startup accelerator bubble ready to burst in India? That's the question several VCs, entrepreneurs and early to late stage investors have started asking in the country's fledgling startup ecosystem. Their concerns don't look unfounded, especially after India's oldest startup accelerator, The Morpheus, said it's planning to move away from the existing model
Research and Development
Damballa Granted Third New Patent For Detecting Advanced Threats (Dark Reading) Patent describes a method and system for detecting a malicious domain name
Academia
India's MIT costs less than $6,000 a year—and look where it got Satya Nadella (Quartz) Few institutions could be as pleased with Microsoft's recent appointment of new CEO Satya Nadella as the Manipal Institute of Technology
Legislation, Policy, and Regulation
Swiss govt tightens tech security over NSA spying (AP via the Washington Post) The Swiss government has ordered tighter security for its own computer and telephone systems that could block foreign companies from key technology and communications contracts
Coburn: Government should get its own cyberhouse in order (Federal Times) The government can't help the private sector if it can't first protect itself, senator argues
Feds' Shift to Mobile Creates Security Cracks (E-Commerce Times ) "While it is the agency's responsibility to provide mobile device management and training, it is the responsibility of the end-user to follow these policies. Simple steps such as creating a complex password — and changing it often — or using a secure wireless connection are effective techniques for end-users to begin practicing," said Cindy Auten, general manager of the Mobile Work Exchange
FTC official: Agency needs more tools against private sector data breaches (FierceGovIT) The Federal Trade Commission needs "more tools" to deter private sector consumer data breaches, said Jessica Rich, director of the agency's bureau of consumer protection, during a Feb. 3 Senate hearing
'Clock ticking' on telephony metadata reform, says Sensenbrenner (FierceGovIT) A June 2015 expiration of the Patriot Act section the intelligence community says authorizes the bulk storage of telephony metadata means the Obama administration should act now to propose legislative changes, said Rep. Jim Sensenbrenner (R-Wisc.)
Feds: NSA 'Probably' Spies on Members of Congress (Nextgov) The National Security Agency "probably" collects phone records of members of Congress and their staffs, a senior Justice Department official conceded Tuesday
Secure the Future of the Internet (Brookings) In 2014, President Obama should pursue policies guaranteeing an open, free-market Internet, write Peter W. Singer and Ian Wallace. Instead of waiting out the international blowback from Edward Snowden's NSA revelations, the president needs to lead a new strategy against those governments who want to regulate the way the global Internet is run
National Guard Fights For Cyber Role In 2015 Budget (Breaking Defense) Chinese and Russian hackers have everybody running scared. So whatever else happens with the president's budget request for fiscal year 2015, we know it will include more money for things cyber, from purely defensive network security to black-budget "offensive cyber weapons" such as the Stuxnet worm. But one big thing remains in doubt: the role of the National Guard
Litigation, Investigation, and Law Enforcement
New Zealand Spy Agency Deleted Evidence About Its Illegal Spying On Kim Dotcom (TechDirt) I have to admit that I'm consistently amazed at just how badly law enforcement in both the US and New Zealand appeared to screw up the raid and the case against Kim Dotcom. I've said it a few times before, but it really feels like authorities in both places actually believed the bogus Hollywood hype being spread by the MPAA about how Dotcom was really a James Bondian-villain, and acted accordingly, while ignoring any evidence to the contrary
Is Snowden-related reporting equal to 'fencing stolen material'? (Santa Fe New Mexican) It's against the law to steal classified government material. But is it also a crime for a journalist to sell a story to a newspaper or website based on that material
Internet Giants Disclose FISA Surveillance Requests For Customer Data (IEEE Spectrum) Technology giants such as Google, Microsoft and Yahoo have started disclosing U.S. government requests for customer information under a new agreement reached last month. But the first such reports on the controversial Foreign Intelligence Surveillance Act (FISA) orders remain limited in how much detail they reveal about the surveillance activities of the U.S. National Security Agency
Man must pay $111,000 for cyber-attack on Koch subsidiary in Green Bay (Green Bay Press Gazette) A member of the hackers' group "Anonymous" man must repay almost $111,000 for a cyber-attack on Green Bay computer servers operated by a Koch Industries Inc. subsidiary
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
The Insider Threat: Protecting Data and Managing Risk (Online, Feb 11, 2014) As recent events have demonstrated, the threats from inside government have the potential to be more harmful than the hacking activities of our enemies. Protecting sensitive government information from unauthorized disclosures by insiders, whether intentional or due to negligence, is becoming a huge priority across the board. No matter how sophisticated your training program is, some employees will intentionally or unintentionally commit the negligent discharge of classified information.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.
Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, Nov 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.
U.S. Department of Commerce Technology Expo (, Jan 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact your FBC representative to submit an abstract today.
Cyber Security 2014 (, Jan 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security supply chain, from Prime Contractors, through tier 1 and tier 2 suppliers, SMEs and those at the front of R&D and the development of new and innovative products and services. The event will provide a unique opportunity for those within the whole supply chain to understand both the current and future threat of Cyber Security on the supply chain and what action will need to be taken to mitigate these and ensure we are fit to compete in the future — both as businesses and as a country. Organisations who have confirmed their attendance include: RBS, Finmeccanica Selex, Thales, MOD, Scottish Government, Lockheed Martin UK, BAE Systems and others.
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
NovaSEC! Pre-RSA Rally (, Jan 1, 1970) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated community that demonstrates the Northern Virginia region's size, scope and impact on the Country's cyber landscape. This particular event will take place one week before the annual RSA Conference in San Francisco. We view this as an opportunity for security professionals to network and discuss current security topics that will be highlighted at the RSA Conference. Plenty to talk about in 2014 for sure! So whether you are going to RSA or not this is the place to connect socially with your peers.
FBI HQ Cloud Computing Vendor Day (, Jan 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer.
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, Jan 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals.
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.