Cyber Attacks, Threats, and Vulnerabilities
National Portal of India Hacked by Z Company Hacking Crew in Support of Kashmir (HackRead) The online hacktivists from Z Company Hacking Crew (ZHC) have hacked two official domains of National portal of India and left messages against Indian occupation over Kashmir. One of the hacked domain is designated for mobile users, while other domain belongs to the site's content. Though the sites were partially hacked and no deface page
Syrian hackers hijack FC Barcelona's Twitter account (Graham Cluley) Talk about putting the boot in… The notorious Syrian Electronic Army (SEA) claimed another scalp overnight, hijacking the Twitter account of the world-famous Barcelona football club
Forbes: The Syrian Electronic Army Asked for "Fees" to Stop the Attack (Softpedia) Forbes has published an article on the recent hack attack carried out by the Syrian Electronic Army. Not many technical details have been revealed, but there are some worth mentioning
Possible state-sponsored cyber attack deemed elite, unusual (FierceGovIT) An advanced persistent threat called Careto, aka the Mask, may be state sponsored, says Kaspersky Lab, the security company that discovered the malware
Researcher claims two hacker gangs exploiting unpatched IE bug (ComputerWorld) Plant different malware on hijacked Windows PCs, but use the same exploit code, says Seculert's CTO, Aviv Raff
Zeus banking malware hides a crucial file in a photo (ComputerWorld) Security software is less likely to flag a '.jpg' file as a malicious
Error reports uncover hacks at govt agency, telco (IT News) New RAM-scraping Zeus version targeting payment terminals. Microsoft's Windows error reporting system Doctor Watson will reveal failed zero-day attack campaigns, security software company Websense has discovered
E-Z-2-Use attack code exploits critical bug in majority of Android phones (Ars Technica) Just-released code creates drive-by attack that exploits 14-month old bug
IOActive: Belkin's WeMo Home Automation Devices Open Doors for Attackers (SecurityWeek) Security firm IOActive warned on Tuesday that it has uncovered multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over 500,000 users
Asus router users still vulnerable to remote hacking (Security Affairs) Asus routers are still vulnerable to remote hacking after months of the disclosure of the flaw that allows hackers to access to the device-connected drive
More Details About "TheMoon" Linksys Worm (Internet Storm Center) Using a vulnerable Linksys E1200 router in a lab, I was finally able to capture the complete (?) sequence of exploits used by the Linksys Worm "TheMoon".
Spamvertised 'Image has been sent' Evernote themed campaign serves client-side exploits (Webroot Threat Blog) Cybercriminals continue to populate their botnets, with new infected hosts, through the persistent and systematic spamvertising of tens of thousands of fake emails which impersonate popular and well known brands — all in an attempt to socially engineer prospective victims into interacting with the scam. We've recently intercepted a currently circulating malicious spam campaign, impersonating Evernote, serving client-side exploits to prospective victims who click on the links found in the fake emails
Attackers scanning for Symantec Endpoint Protection Manager flaw (ZDNet) Someone is scanning the Internet for systems vulnerable to a recently-disclosed flaw in Symantec Endpoint Protection Manager
Olmsted Medical Center Acknowledges Data Breach (eSecurity Planet) Over 500 employees' personal information may have been exposed, according to the medical center
Nursing home data exposed on file-sharing site (Naked Security) Researchers have found a trove of information on a file-sharing site that could allow attackers to breach electronic medical records and payment information from healthcare providers such as nursing homes, doctors' offices and hospitals
Hackers prove massive data theft from US casino operator (Help Net Security) Last week's hack and defacement of the official website of the US-based Las Vegas Sands Corp. and that of the popular casinos it operates apparently didn't affect customers and the corporation's gambling systems
Wurm MMORPG offers 10,000 Euros reward after DDoS attack (Graham Cluley) Wurm, the 3D massively multiplayer online role-playing game (MMORPG), has offered a reward totalling 10,000 Euros for information which might lead to the conviction of hackers who launched a distributed denial-of-service (DDoS) attack against the site
Gabe Newell responds to Valve history-scan claims (Playerattack) Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitised press release or a refusal to comment on "rumours and innuendo", Valve CEO and gaming hero Gabe Newell has personally responded
Analysis of The Recent Zero-Day Vulnerability in IE9/IE10 (TrendLabs Security Intelligence Blog) Any vulnerability in Internet Explorer is a large issue, but last week's zero-day vulnerability (designated as CVE-2014-0322) is particularly interesting. It used what we call a "hybrid exploit", where the malicious exploit code is split across multiple components that use differing technology: in this case, the exploit code was split between JavaScript and Adobe Flash. The use of "hybrid exploits" provides attackers with a way to evade existing mitigation technology like ASLR and DE
Profiling hacking for hire services offered in the underground (Security Affairs) In the past we have already analyzed the diffusion in the underground of hacking for hire services, a term coined to define the sale of hacking services made by cyber criminals for a limited period of time. Surfing in various cyber criminal forums or visiting some hidden services in the DeepWeb it is quite easy to discover forum dedicated to facilitating the matching of supply and demand
Risky behaviors abound in mobile apps (ZDNet) A study of the top 200 Android apps and the top 200 iOS apps shows that free apps are very risky, but even paid apps will sell you out
Flappy Bird and Third-Party App Stores (TrendLabs Security Intelligence Blog) Earlier we talked about some Flappy Bird-related threats. In the course of uncovering their background, we found several third-party app stores that distributed or created similarly dangerous mobile apps
Defense Companies Facing Array of New Cyberthreats (UPDATED) (National Defense) Waterholes, crypto-lockers and Shodan. These three terms are just a few of the new pitfalls out there for defense companies large and small that face a dizzying array of threats against their networks
US Navy Needed Four Months And $10 Million To Clear Iranian Hackers From Marine Corps Network (International Business Times) A new report claimed that a cyberattack on the U.S. Navy's largest unclassified computer network by Iranian hackers lasted much longer and was much more damaging than previously thought
The Target Data Hack Cost Banks More Than $200 Million (National Journal) New estimates pin the cost of last year's robbery higher than previously thought
Target breach: A timeline (FierceITSecurity) The Target breach, which compromised over 40 million credit and debit card accounts, touches many aspects of IT security—payment card security, point-of-sale system vulnerability, international malware development, third-party contractor risk, access controls, and the list goes on
Target breach timeline: Learning from history (FierceITSecurity) As we get further away from the massive Target data breach that compromised 40 million payment card accounts and exposed personal data on another 70 million customers, the news begins to fade from memory. Yet the details of the breach provide a blueprint of how not to handle IT security
Security Patches, Mitigations, and Software Updates
Linksys announces firmware fix to neutralize "The Moon" worm (Help Net Security) As Linksys (i.e. parent company Belkin) announced they were aware of "TheMoon" malware targeting its older routers and that they are working on a firmware fix, more details about the worm in question have been shared by researchers
Belkin: Security Fixes Were Already Issued for Recent WeMo Vulnerabilities (SecurityWeek) Early Tuesday, Security firm IOActive issued a warning about multiple vulnerabilities in Belkin WeMo Home Automation devices that could give attackers the ability to remotely control WeMo Home Automation attached devices over the Internet, perform malicious firmware updates, and in some cases, remotely monitor the devices
Cyber Trends
Why retailers aren't protecting you from hackers (CNN Money) Big American retail stores have become a top target of cybercriminals, but the retail industry has very little incentive to beef up its security
3 Reasons Card Data Breaches Are Here to Stay (Credit Union Times) The Target breach is just the beginning, experts told Credit Union Times. Thieves will continue to find ways to access valuable financial and personal data
The Target PoS Attack: Gleaning Information Security Principles (SecurityWeek) While there are always new and interesting things unfolding in the information security world, there are a handful of developments each year that are like something out of an edge-of-your seat Hollywood blockbuster, or a gripping novel that ratchets up the suspense level with each page. Over the last few months, it is hard to argue that any event has been as captivating — or triggered more passionate discussion within and beyond the information security community — than the high profile Point-of-Sale (PoS) malware attack at retail giant Target
Why security pros should care about Bitcoin's troubles (CSO) Recent struggles for the "cryptocurrency" signal maturing process for payment system that CSOs may need to secure one day
2013 an epic year for data breaches with over 800 million records lost (Naked Security) If it felt like the last year saw more and bigger data breaches than usual, well, that's because it did
Is Threat of Surveillance New Reality For Law Firms? (American Lawyer) For many lawyers who represent foreign governments, the recent revelation that the U.S. National Security Agency's Australian ally has been privy to communications between an American law firm and its international client comes as no surprise
Power Companies Struggle to Maintain Defenses Against Cyber-Attacks (National Defense) When experts rank U.S. industries' abilities to ward off potentially damaging cyber-attacks, the electric utilities are normally near the bottom
How the Bitcoin Experience Affects U.S. Energy Companies (Daily Finance) Bitcoin, the Internet's premier cryptocurrency, has fallen a lot lately
Epidemic of cyber attacks compromising healthcare organizations (Help Net Security) The networks and Internet-connected devices of organizations in virtually every healthcare category — from hospitals to insurance carriers to pharmaceutical companies — have been and continue to be compromised by successful attacks
Whether You're in Sochi or Your Local Coffee Shop, You Need to Take Mobile Security Seriously (CollaboristaBlog) As the world's media congregated in Sochi for the Winter Olympics, there were plenty of warnings about the security risks for those bringing laptops and smartphones with them
Internal security breaches a serious issue in UK industry (ProSecurityZone) Report details extent of the insider threat to UK businesses with only a quarter of IT professionals considering it to be a security priority
Why we need to rethink how we view security (Naked Security) Looking back at the major security stories of the last few months, there's something of a pattern emerging
Marketplace
Ignacio Balderas: Triple Canopy Seeks Talent Base Growth Through Employee Ownership (GovConWire) Triple Canopy has established an employee-owned company through a new employee benefit structure
Microelectronics Technology Corporation Enters Into Negotiations for the acquisition of a Cyber Currency Digital Mining Company (MarketWatch) Microelectronics Technology Corporation MELY -14.29% (otcqb:MELY) is pleased to announce the Company has entered into negotiations for the acquisition of an established digital mining company and its digital mining assets
CSC Plans Bossier City, Louisiana, Technology Center At National Cyber Research Park (Area Development Online) CSC selected National Cyber Research Park in Bossier City, Louisiana, to establish its 116,000-square-foot, next-generation technology center, creating 800 jobs during the next four years. The firm will become an anchor tenant at the 3,000-acre research park being developed by the Cyber Innovation Center, a not-for-profit research corporation
Camber Corporation Acquires Avaya Government Solutions IT Consulting Services (Sacramento Bee) Camber Corporation today announced that it has reached a definitive agreement to acquire the IT consulting services business of Avaya Government Solutions, a subsidiary of Avaya Inc. Avaya Government Solutions has been providing high-end, full life-cycle information technology consulting to government customers for over 20 years
Bug Bounty Program Launched by Secret (Softpedia) Secret, Inc., the company that's behind Secret, the iOS application that allows users to anonymously share their thoughts, has launched a bug bounty program
Products, Services, and Solutions
IBM Launches Private Infrastructure Cyber Service; Kris Lovejoy Comments (GovConWire) IBM (NYSE: IBM) has introduced a service offering to help private infrastructure companies adopt cybersecurity guidelines released by the White House last week
CSG Invotas Unveils Orchestration Solution Suite (Wall Street Journal) CSG Invotas, the new enterprise security business from CSG International, Inc. (NASDAQ: CSGS), today announced its unique cyber-threat-response solution suite that gives security executives the ability to coordinate and manipulate devices across the enterprise to combat intrusions at machine speed
Cylance Unveils CylancePROTECT, Applying Math to Prevent Advanced Cyber Threats on Company Endpoints (Broadway World) Cylance, Inc., the first math-based threat detection and prevention company, today announced the release of CylancePROTECT. The product takes a unique mathematical and machine learning approach to stop the advanced threats on endpoint computers. Without the traditional use of signatures, rules, behavior, heuristics, whitelists or sandboxing, CylancePROTECT identifies and renders new malware, viruses, bots, zero-days and unknown future attacks useless
Lunarline's School of Cyber Security Unveils New Curriculum for Advanced Cyber Operators (Sacramento Bee) Responding to overwhelming demand for advanced cyber security training, Lunarline today unveiled a new curriculum designed to meet the demands of even the most technical cyber security professionals
Panda releases Panda Cloud Antivirus Beta 2.9 (PC and Tech Authority) Panda Security has released Panda Cloud Antivirus Beta 2.9, a major revision of its popular cloud-based antivirus tool for Windows PCs
Lastline Enterprise v4.7 Delivers Increased Security With Support for VMware ESX (SYS-CON Media) Lastline, Inc., a provider of active malware defense technology for enterprise networks, today announced the availability of Lastline Enterprise v4.7, which adds new capabilities to address the threat of advanced malware, advanced persistent threats (APTs), active backdoors, and targeted attacks within highly distributed environments
SafeLogic Congratulates API Technologies on FIPS 140-2 Validation (PRWeb) SafeLogic, the new industry leader in validated cryptography, applauds the completed validation of API Technologies' Common Cryptographic Module to the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2
Elastica Emerges From Stealth, Lays a Safety Net Around Cloud Applications and Services (Broadway World) Elastica today emerged from stealth mode and released its CloudSOC™ solution for making cloud applications and services secure for use by companies and their employees. CloudSOC™ empowers enterprise IT to enable employees to take full advantage of the cloud era, while staying safe, secure and compliant
The Complicated and Expensive World of Aviation Safety Meets International Scale as SkyLink Launches Compliance and Auditing Business (ExecutiveBiz) As an aviation services provider that rapidly deploys to austere and remote locations and operates under tight deadlines and great duress, SkyLink Aviation needs to stay at the forefront of aviation safety
KPN strikes deal with Silent Circle to offer encrypted phone calls (PCWorld) Dutch telecom operator KPN has struck a deal with encrypted communications provider Silent Circle to start offering its Dutch, German and Belgian customers encrypted phone calls and text messages
Technologies, Techniques, and Standards
How the NIST cyber security framework can help secure the enterprise (InfoWorld) The NIST cyber security framework can set expectations for the appropriate level of security
On Zombies and Cyber Attacks (Huffington Post) During the winter of 2013-14, amidst the school delays and extreme weather conditions in much of the United States, the federal Emergency Alert System issued a warning, but perhaps not the one people expected: "Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living
Cyber-Security Takes Centerstage: Risks, Guidance, and Regulator Wrath (Compliance Week) Several weeks ago I wrote about how boards and audit committees struggle to handle IT risks, and how compliance executives can help them understand such problems. The good news: compliance professionals themselves now have fresh guidance to understand cyber-security risks
Will 'SAFETY' Act keep your company safe from cyber liability? (Baltimore Business Journal) Companies must manage cyber security liability as threats mount, says Venable Partner Dismas Locaria. Cyber liability management seems to be on everyone's mind lately
NIST to mine special publications for additional cybersecurity framework guidance (FierceGovIT) Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document
FIDO Alliance Releases Authentication Standards, Unveils Products (InformationWeek) Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked
Why FIDO Alliance Standards Will Kill Passwords (InformationWeek) Phil Dunkenbulerger of Nok Nok Labs tells why the time is finally ripe for a password-free computing experience
WEDI guide outlines need for breach notification assessment (FierceHealthIT) A recently released breach notification guide from the Workgroup for Electronic Data Interchange aims to help healthcare organizations assess whether notification is required under the updated HIPAA Omnibus Rule
Removing admin rights mitigates 92% of critical Microsoft vulnerabilities (Help Net Security) Avecto analyzed data from security bulletins issued by Microsoft throughout 2013 and concluded that 92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights
Operation clean sweep: How to disinfect a compromised network (InfoWorld) You can't remove every bad scrap, but due diligence can go a long way toward yielding a clean, reliable network
More Tracking User Activity via the Registry (Windows Incident Response) I have previously posted on the topic of determining a user's access to files, and thanks to Jason Hale's recent post on a similar topic
Erasing SSDs: Security is an issue (TechRepublic) Security issues are a problem with Solid State Drives (SSDs) because hard-drive data removal techniques might not work. Find out if there are solutions
Hacking is Just Cracking One Puzzle at a Time (PC Mag) Get a bunch of hackers and other security-minded folks in the same place and a little bit of good-natured competition and hacking is inevitable
Five Tactics To Help Triage Your Patching (Dark Reading) Companies should refine their risk measurements to better prioritize the patching of vulnerabilities, including using improved risk values and data on whether a vulnerability is being exploited
The effect of web intelligence on the physical security industry (ProSecurityZone) NICE Systems' Jamie Wilson provides his view on the rise of Open Source Intelligence as a forecasting tool in predicting security incidents
How Tor Works (MIT Technology Review) A video demonstrating how Tor uses a series of relays to protect anonymity online
How to Fight Malvertising Threat (eSecurity Planet) Even security-conscious enterprises like Yahoo can be compromised by attacks in which ad servers are used to deliver malware. How can you fight this 'malvertising' threat? Yahoo continues trying to reinvent its business model and value to users, a little more than a month after it made headlines when its advertising servers were compromised to deliver malware to Yahoo site visitors. As reported by Fox IT, the security firm that initially discovered the incident, last month some 300,000 users were exposed to infected ads with some 9 percent estimated to have been affected
Design and Innovation
Designing the details: Why empty states matter (TNW) One of my favourite things to do with new apps is to check out and screenshot the first-run experience. After navigating any initial welcome screens, I go in search of empty states; views within the app typically devoid of content or data
Research and Development
New detection system spots zero-day malware (Help Net Security) A group of researchers has created a new infection detection system that can help Internet service providers and large enterprises — or anyone running large-scale networks — spot malware attacks that antivirus and blacklisting solutions can't
This Man Says He Can Speed Cell Data 1,000-Fold. Will Carriers Listen? (Wired) Steve Perlman is ready to give you a personal cell phone signal that follows you from place to place, a signal that's about 1,000 times faster than what you have today because you needn't share it with anyone else
DARPA seeks revolutionary search engine technology (FierceGovIT) Today's Internet search technology is a "one-size-fits-all" approach lacking in some key desired features, says the Defense Advanced Research Projects Agency
National Cybersecurity Center of Excellence set to expand in Rockville (Baltimore Business Journal) Federal and Maryland officials signed an agreement on Tuesday with the National Institute of Standards and Technology in Gaithersburg to develop new cyber security technology and provide opportunities for students in the state
Legislation, Policy, and Regulation
Commander: Iranian Armed Forces Ready for Cyber War (Fars News Agency) The Iranian Armed Forces are equipped with the state-of-the-art technologies and are prepared to defend the country against any possible cyber attack, a senior commander said on Tuesday
Forget China: Iran's Hackers Are America's Newest Cyber Threat (Foreign Policy) In March 2012, Ayatollah Ali Khameini, the Supreme Leader of Iran, publicly announced the creation a new Supreme Council of Cyberspace to oversee the defense of the Islamic republic's computer networks and develop news ways of infiltrating or attacking the computer networks of its enemies. Less than two years later, security experts and U.S. intelligence officials are alarmed by how quickly Iran has managed to develop its cyber warfare capabilities — and by how much it's willing to use them
S. Korea pushes to develop offensive cyberwarfare tools (Yonhap via Global Post) South Korea will push to develop sophisticated cyberwarfare tools that could wreak havoc on North Korea's nuclear facilities as part of its plans to beef up offensive capabilities, the defense ministry said Wednesday
Merkel phone tapping fair game under international law, says ex-MI6 deputy (The Guardian) Nigel Inkster says interception of German chancellor's calls by NSA might be judged 'politically unwise'
European backlash against NSA surveillance grows (FierceGovIT) Backlash in Europe against revelations of bulk surveillance by U.S. intelligence agencies intensified this month, with German Chancellor Angela Merkel endorsing the idea of a communications network that would keep Europeans' data from passing through the United States
Meet Jonathan Mayer, The Stanford Ph.D. Student Who's Reverse-Engineering The NSA (Huffington Post) The National Security Agency is not, as a matter of policy, very forthcoming. Even eight months after Edward Snowden's revelations began tumbling out, the agency projects a purposeful murkiness
New NSA choice reflects desire to get past criticism (Navy Times) President Obama's recent nominee to head the NSA will confront a host of problems if confirmed in his new job, including a demoralized workforce, frayed relations with Capitol Hill and angry foreign intelligence partners
Senate bill targets data brokers (FierceGovIT) Consumers would have access to the private information that data brokers collect about them under a bill that Sen. Jay Rockefeller (D-W.V.) introduced Feb. 12
Johnson: DHS Must Build Trust With Private Sector to Counter Cyber-Attacks (National Defense) As cyber-attacks increase, the Department of Homeland Security must begin building trust with the private sector if it hopes to quell more widespread and sophisticated intrusions, said the department's new secretary
States defend turf from feds on data breach rules (Politico) With no federal law on data breaches, most states created their own rules to ensure companies alert residents when hackers seize their personal information. But as massive breaches at Target and Neiman Marcus revive congressional interest in a national notification standard, states are warning Washington: Don't trample on our turf
Litigation, Investigation, and Law Enforcement
Pete King Calls for 'All-Out Political and Legislative War' Against Snowden Clemency (Politiker) Long Island Congressman Pete King, not known for being bashful on national security issues, is calling for "all-out" political warfare to prevent NSA leaker Edward Snowden from being granted clemency
Minister to launch new Telkomsel, Indosat investigation (The Jakarta Post) In response to the latest allegations concerning spying by the US National Security Agency (NSA), the Communications and Information Ministry warned domestic operators that they would risk a shutdown if implicated
Tony Blair advised Rebekah Brooks on phone-hacking scandal, court hears (The Guardian) Former prime minister suggested setting up 'Hutton style' inquiry, according to email from former News International chief
US Man Sues Ethiopia for Cyber Snooping (SecurityWeek) A lawsuit filed on Tuesday accuses Ethiopia of infecting a US man's computer with spyware as part of a campaign to gather intelligence about those critical of the government
In win for U.S., New Zealand court upholds search warrants on Megaupload founder Dotcom (ComputerWorld) The appeal court, however, ruled that the sending of copies of data seized to the U.S. was unauthorized
FBI, International Law Enforcement Officials Share Insights On Fighting Cybercrime (Dark Reading) Officials from the FBI, Netherlands, Interpol, and other agencies on the fight to track and catch cybercriminals around the globe
Cyber Security for Energy & Utilities (Abu Dhabi, UAE,
March 23 - 26 2014) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE
NovaSEC! Pre-RSA Rally (McLean, Virginia, USA,
February 19, 2014) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated community that demonstrates the Northern Virginia region's size, scope and impact on the Country's cyber landscape. This particular event will take place one week before the annual RSA Conference in San Francisco. We view this as an opportunity for security professionals to network and discuss current security topics that will be highlighted at the RSA Conference. Plenty to talk about in 2014 for sure! So whether you are going to RSA or not this is the place to connect socially with your peers
FBI HQ Cloud Computing Vendor Day (Washington, DC, USA,
February 19, 2014) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing four 'Vendor Days' a year focusing on technology that can enhance current IT capabilities. These market research events will enhance exposure for all Department of Justice (DOJ)/Federal Bureau of Investigation (FBI) employees to new products and services and to have an opportunity to interact directly with the industry. Vendor days are for demo purposes only and are designed to facilitate FBI market research efforts. Attending vendors shall make all inquiries concerning pending or future FBI requirements to the cognizant FBI contracting officer
New FFIEC Guidelines on Social Media: 3 Things You Need to Know (Webinar,
February 19, 2014) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll break down nearly 20 pages of dense government material, distilling the key topics for legal, compliance, risk and finance professionals
CyberSecurity Innovation Forum (Fairfax, Virginia, USA,
February 20, 2014) Join us for a series of short case study presentations by cybersecurity experts and technology innovators from throughout the region. Presentations will be followed by a panel discussion with plenty of opportunity for discussion and discovery. The focus of the evening will be on cybersecurity innovations that address current and evolving challenges and have had a real, measurable impact
Free OWASP Training and Meet Up (San Francisco, California, USA,
February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities
RSA Conference USA (San Francisco, California, USA,
February 24 - 28 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else
Nellis AFB Technology & Cyber Security Expo (Las Vegas, Nevada, USA,
February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members
Cloud Expo Europe (London, England, UK,
February 26 - 27 2014) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms
Suits and Spooks Security Town Hall (San Francisco, California, USA,
February 27, 2014) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights
Trustworthy Technology Conference (San Francisco, California, USA,
February 27, 2014) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology
Creech AFB Technology & Cyber Security Expo (Indian Springs, Nevada, USA,
February 27, 2014) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more
Nuclear Regulatory Commission ISSO Security Workshop (Rockville, Maryland, USA,
March 17, 2014) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates
ICS Summit 2014 (Lake Buena Vista, Florida, USA,
March 17 - 18 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (Gaithersburg, Maryland, USA,
March 19, 2014) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
Suits and Spooks Singapore (Singapore,
March 20 - 21 2014) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK,
March 20 - 21 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process
Veritas 2014 (London, England, UK,
March 25 - 27 2014) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy
Cyber Security Management for Oil and Gas (Houston, Texas, USA,
March 26 - 27 2014) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management
SyScan 2014 (Singapore,
March 31 - April 4 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia