
The CyberWire Daily Briefing for 2.21.2014
news from RSA 2014
Special coverage of RSA Conference 2014 begins today and continues through February 28th.
The conference's announced theme is "Share. Learn. Secure." Expect to see extensive discussions of identity management, threat information sharing and other defensive intelligence techniques, privacy and anonymity, automated defenses and other approaches to driving down labor costs, and economic implications of cyber security, particularly with respect to liability and the direct effects of cyber crime.
Various keynotes and other presentations have been announced. US FBI Director Comey will be prominently featured.
Other meetings will be held in San Francisco next week within a stone's throw (figuratively speaking) of RSA. Consider looking into OWASP's security meet-up and boot camp, the Suits and Spooks Townhall, and TrustyCon.
If you're attending RSA, be sure to stop by CyberPoint's booth (#1037 in the South Expo hall) and say hello to the CyberWire's publisher and some of our stringers.
Kaspersky makes more research into Careto ("the Mask") available.
Rapid7 warns that Android's OS remains susceptible to an old remote code execution vulnerability—it had been thought successfully patched, but now apparently less successfully than hoped. Kaspersky's list of malicious Android apps tops 10,000,000.
An Adobe Flash zero day has been found infecting the websites of prominent foreign policy study centers. This suggests a watering-hole campaign in progress. Adobe has issued a quick patch.
Tripwire reports twenty of Amazon's top twenty-five bestselling SOHO routers have security vulnerabilities: exploits for many are publicly available.
The University of Maryland discloses it was hacked, with some 300,000 records compromised. Universities are attractive targets for cyber criminals: they hold large databases of personal information, they generate and retain considerable intellectual property, and their large number of young, inexperienced users afford a complex and difficult to control attack surface.
Forbes publishes an interesting timeline of the Syrian Electronic Army attack it sustained. The SEA's social engineering was particularly effective.
Hacktivism continues to rise, and market research firm Ovum tells banks they should brace for a heavy wave of DDoS attacks this year. Cyber criminals are also exacting a heavy toll on the financial sector: the cost of cleaning up an episode is particularly daunting, as we're seeing with the ripples from the Target breach.
Banks increasingly turn to more sophisticated identity management and authentication solutions. Increasing migration to cloud services and more widespread BYOD in enterprises are fueling the market for such solutions more generally.
Notes.
Today's issue includes events affecting Austria, Canada, China, Colombia, Israel, Nigeria, Romania, Russia, Syria, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Yara signatures for Careto, the Masked APT (Help Net Security) Last week, Kaspersky Lab released their research (Unveiling Careto - The Masked APT) on a fresh APT campaign, which is supposed to had been running for several years
More than two-thirds of Androids susceptible to exploit that can give attacker control of device (FierceITSecurity) As Android devices make their way into the enterprise through BYOD, vulnerabilities in the operating system become more of an IT security threat
List of malicious Android apps hits 10 million (Times of India) By late January 2014, Kaspersky Lab had accumulated about 200,000 unique samples of mobile malware, up 34% from November 2013 — two months earlier over 148,000 samples had been recorded. Cyber-scammers are continuing to focus their attention on Android mobiles: Kaspersky Lab's report found that in January the number of malicious Android apps out there topped the 10 million mark
Adobe Flash zero day exploit patched, after foreign policy websites compromised (Graham Cluley) Adobe Flash users are once again being told they need to update their software, after a new zero-day exploit was discovered
Security vulnerabilities found in 80% of best-selling SOHO wireless routers (Help Net Security) Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazon's top 25 best-selling SOHO wireless router models have security vulnerabilities
Database attack exposes personal data at University of Maryland (ComputerWorld) The data included names, Social Security numbers, birth dates and university ID numbers
Why the University of Maryland was ripe for a cyber attack (Baltimore Business Journal) Cyber security experts say large universities are prime targets for cyber hackers because students tend to be more naive when it comes to monitoring their personal data
How The Syrian Electronic Army Hacked Us: A Detailed Timeline (Forbes) Early Thursday morning, a Forbes senior executive was woken up by a call from her assistant, saying that she'd be working from home due to a forecast predicting the snowiest day of the year. When she ended the call, the executive saw on her Blackberry that she had just received a bluntly worded email that seemed to have been sent by a reporter at Vice Media, asking her to comment on a Reuters story linked in the message
Austrian Energy Company Hacked (eSecurity Planet) Energie Steiermark hasn't yet determined what data was exposed by the breach
Security Patches, Mitigations, and Software Updates
Adobe pushes out critical Flash update — the second zero-day hole of the month (Naked Security) Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild
Google Fixes 28 Security Flaws in Chrome 33 (Threatpost) Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release
Tinder Patches Vulnerability That Exposed User Locations (Threatpost) Developers with popular dating application Tinder have fixed a vulnerability that up until last year could have allowed users to track other users
Cyber Trends
Banks should brace for massive DDoS attacks this year, warns Ovum (FierceITSecurity) Banks will face increasing massive-scale DDoS attacks from hacktivists this year, in addition to the smaller scale DDoS attacks used by cybercriminals to distract IT teams from detecting theft, predicts market research firm Ovum
Financial sector hit hard by data breach cleanup costs (Naked Security) Cybercrime is all about the money. And, in the end, that money leads back to the financial sector. Banks, credit unions, insurers and everyone charged with looking after our money and covering us when something bad happens are starting to feel the pinch from the steady growth in cybercriminality
60% of enterprises relying on sysadmins to self-police SSH keys (Help Net Security) Enterprises tolerate security vulnerabilities by allowing open door, root-level access, according to a new Ponemon Institute report. 46% of the 1,854 respondents reported their servers and networks are left open and can be owned forever by attackers because they fail to rotate SSH keys. Not surprisingly, 51% of organizations reported already being breached by an attack using SSH
Holistic Cyber Risk Management Program Must "Predict and Prevent" in Today's Complex Threat Environment (MarketWatch) In today's world of dynamic and complex cyber threats, Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) from commercial and government enterprises are evaluating how to move from a react and defend stance to a holistic cyber risk management program that is focused on the ability to predict and prevent
Russia and China: The Most Dangerous Countries for Smartphone Attacks (Bloomberg) In news accounts of the cyber-attacks plaguing computer networks in the U.S., the bad actors are almost always the same - faceless adversaries hailing from shadowy regions of Asia and Eastern Europe
Mobile threats around the world (Help Net Security) 2013 was a year of change in the world of mobile threats. Campaigns became increasingly targeted as criminals adapted their practices to maximize profit and operate under the radar. In places where regulation is tough, criminals dropped more traditional monetization strategies like premium rate SMS fraud and leveraged "grey area" tactics that are actually legal.
Mobile Malware's big birthday (Trend Micro: Simply Security) This year marks another one of those anniversaries that we would rather not be celebrating; mobile malware is ten years old
Despite costs, organizations overlook new threats (Help Net Security) A new generation of unknown security threats stemming from megatrends and technologies like BYOD, mobility, cloud computing, and Internet usage, as well as internal actions both accidental and malicious, introduce organizations to a multitude of new risks
Report: Cyberthreat Detection Lacking (GovInfoSecurity) Many security incidents that affect components of the nation's critical infrastructure go unnoticed due to a lack of sufficient detection or logging capabilities, according to a new report from the Industrial Control Systems Cyber Emergency Response Team
IT Pros Okay With Government's Role In Cybersecurity (Dark Reading) So much for the Snowden effect: nearly 80 percent of U.S. IT leaders say the federal government plays a key and positive role in protecting enterprises from internal and external cyberthreats, a new survey commissioned by Dell Software found
Think a cyber breach won't happen to you? Think again (FCW) Cybersecurity awareness is on the rise and organizations increasingly are looking to the government for help, but too many still don't think an IT security breach will happen to them, according to a new survey
Marketplace
Providers ramp up spending for data security (FierceHealthIT) Healthcare organizations continue to increase spending to secure electronic patient data, with physician practices boosting their efforts, according to a new HIMSS security survey
HSBC Requires Dual Authentication (BankInfoSecurity) In a groundbreaking effort to boost security, HSBC Bank USA is now requiring its retail banking customers to use dual-factor authentication for certain sensitive online banking transactions, says LuAnne Kingston, senior vice president
Millions of Nigerian identities to be logged for bank biometric project (FierceFinanceIT) The Central Bank of Nigeria has initiated a major biometrics project that will involve registering details like the fingerprints and facial features of millions of Nigerians in the next few months. The bank plans to use the data to identify people at ATMs and point-of-sale
Cloud, BYOD to boost demand for strong authentication products (FierceITSecurity) Cloud and BYOD are fueling demand for strong authentication and one-time password, or OTP, products. This demand is expected to boost the market for these products by nearly seven percent per year to $2.2 billion in 2018, according to market research firm Frost & Sullivan
Tangible Security acquires A&N Associates (UPI) Cyber-solutions company Tangible Security has acquired A&N Associates Inc., boosting its portfolio of information assurance products and management services
Cylance Gets $20M For Security Tools (socaltech) Irvine-based cybersecurity software developer Cylance announced today that it has raised $20M in a Series B funding, which came from Blackstone, Khosla Ventures, Fairhaven Capital and un-named private investors
Bitdefender tops security awards, may enter wearable tech market (TechRadar) Antivirus software company Bitdefender has been awarded the Best Protection Award 2013 and Best Performance Award 2013 by AV-TEST, the independent antivirus testing organisation
Kontron Capitalizes on Security Jitters (Light Reading) Is it true that telecom equipment companies are basing their purchasing decisions on where the design and development of components and modules takes place? According to embedded computing platform developer Kontron AG , which undertakes its design and R&D processes in Montreal, Canada, it's already happening
Facebook fleeced — er, lured by WhatsApp's promise of fresh data (InfoWorld) Facebook is hoping there's gold in them thar data mines as it hands over $19 billion to the messaging startup
Mikulski: Maryland needs to be a breeding ground for cyber innovation (Baltimore Business Journal) U.S. Sen. Barbara Mikulski says she wants Maryland's cyber security sector to be as vibrant as the state's biotech industry and it all starts with the innovation coming from local startups
Dublin to overtake London as Europe's technology hub (The Independent) Dublin is set to overtake London as Europe's information technology real estate capital, according to international property agents
The Twelve Most Powerful Security Companies (CSO) It's not just revenues and size; influence counts, such as when a company makes widely-used software that gives them control over the security architecture of vendors and users; and certainly, excellence matters—some security vendors just keep getting high marks from independent test organizations and analysts year and year.
Products, Services, and Solutions
Proofpoint Adds Next-Generation Predictive Defense™ to Targeted Attack Protection Solution (Yahoo Finance) Proofpoint, Inc., (NASDAQ: PFPT), a leading security-as-a-service provider, today announced general availability of the Proofpoint Targeted Attack Protection Winter 2014 release. This next-generation solution includes new predictive defense capabilities, as well as the new Attachment Defense module and updated real-time threat dashboard
Cyvera Launches New TRAPS XP Agent to Protect Microsoft Windows XP Users (Digital Journal) Cyvera Ltd, the developer of innovative cyber defense solutions to stop Zero-Day attacks, has released TRAPS XP, a software agent designed to prevent cyber-attacks on endpoints running the Legacy Microsoft Windows XP and embedded XP operating systems. The new TRAPS XP is part of Cyvera's proven TRAPS (Targeted Remote Attack Prevention System) product-line, which prevents both known and unknown (Zero-Day) cyber threats
Technologies, Techniques, and Standards
Gallagher: NIST framework could improve federal agency cybersecurity programs (FierceGovIT) The cybersecurity framework released earlier this month by the National Institute of Standards and Technology has the potential to change federal agencies' approach to cybersecurity as well as that of the original intended audience of private sector critical infrastructure companies, said a NIST official
NIST proposes encryption standard development process internal guidance (FierceGovIT) Making good on a November promise to review its cryptographic standards development process and subject it to public comment, the National Institute of Standards and Technology released Wednesday proposed internal guidance that would bind it to being transparent, open and impartial
Israel Electric Opens Cyber-War Room to Defend Against Power-Grid Hacks (Bloomberg) Israel's main power company opened a cyber "war room" this week to defend its systems around the clock from hackers. Technicians at Israel Electric will monitor as many as 400 million cyber-attacks and hacking attempts a day
Detecting APTs: Elementary, my dear Watson (FierceITSecurity) The Windows error reporting tool, known as Dr. Watson, can be used to detect advanced persistent threat attacks, according to research conducted by security firm Websense
Incident response lessons from Facebook's red team exercises (TechTarget) Expert Nick Lewis provides advice for enterprises looking to take inspiration for an incident response plan from Facebook's red team exercises
Pulling the reins on data breach costs (CSO) The costs of data breaches remains stubbornly high, but there are steps organizations can take to keep costs down
XP End of Life: Good Advice for Mitigating Risk with VDI (DABCC) The UK government's National Technical Authority for Information Assurance recently published short-term guidance for organizations that are unable to fully migrate off Windows XP prior to its end of support in April 2014, "Windows XP End of Support: Reducing Risk During Migration". The advice is meant for public sector organizations, but is applicable to many private companies that will still have XP systems running after the cut off this spring. One suggestion that was particularly interesting was the idea of using Virtual Desktop Infrastructure to isolate the XP operating system and limit it's access to the internet
Nasdaq aims for kill switch to go live in weeks (FierceFinanceIT) Nasdaq is planning a "kill switch" to cut off trades when they exceed established position limits. The exchange has already filed a proposal for the switch with the Securities and Exchange Commission and is hoping to launch by March 1
Whatever happened to the IPv4 address crisis? (IT World) The day of reckoning has been pushed out as the major Internet players have developed ingenious ways to stretch those available numbers. But these conservation efforts can only work for so long
Flattening Bitcoin: What is Transaction Malleability? (TrendLabs Security Intelligence Blog) The past few weeks have not been good for Bitcoin. Mt. Gox shut down withdrawals due to concerns over transaction malleability. The same flaw was reportedly used to loot more than 4,000 BTC (worth more than 2.7 million US dollars) from Silk Road 2.0 Deep Web marketplace. These stories, together with others that have shaken the confidence of the Bitcoin community, have pushed the value of Bitcoin to just slightly over 600 US dollars, a significant plunge from its peak values of more than $1200
3 Tips To Create The Perfect Password (Information Security Buzz) Passwords, passwords, passwords! There's no escape! You need them to bank online. You need them to log in to the many social networks you use. You need them to pay bills. You need them to shop online. Have you noticed that you can seldom just shop in an online store? You nearly always have to create an account first — and this means yet another password for the virtual key-ring
Academia
NSA, universities push to establish cybersecurity as a science (GCN) The National Security Agency wants to raise cybersecurity into a more scientific endeavor from its current role as an art form of hits, misses and post-attack patches. To support those aims, the agency is now accepting nominations for the best scientific cybersecurity paper published between Oct. 1 and Dec. 31, 2013
Digital Forensics Lab Comes to Middle Georgia State College (Center for Digital Education) Last year, Middle Georgia State College digital forensics students toured the GBI forensics laboratory in Atlanta. And now the college has opened a state-of-the-art laboratory of its own
Legislation, Policy, and Regulation
It's time to break up the NSA (CNN) The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission — protecting the security of U.S. communications and eavesdropping on the communications of our enemies — has become unbalanced in the post-Cold War, all-terrorism-all-the-time era
Mikulski Denounces Bill That Would Deny NSA 'Material Support' in Maryland (gnomes) Sen. Barbara Mikulski, D-Md., isn't pleased with a bill pending in her state's legislature that would prohibit state and local support for the National Security Agency
FCC: We're Not Done With Net Neutrality (InformationWeek) Federal Communications Commission chairman Tom Wheeler challenges last month's court ruling, moves forward with plans to create a new version of rules promoting an open Internet
How DHS is helping implement the cyber framework (FCW) The Department of Homeland Security is expanding its role in helping the private sector protect networks and infrastructure from cyber attack. Under the program, DHS will provide assistance in implementing the Cybersecurity Framework, released on Feb. 12 by the National Institute of Standards and Technology
Litigation, Investigation, and Law Enforcement
How the Canadian Anti-Spam Act will affect American Businesses (Cyveillance) American companies with Canadian consumers should pay close attention to the new Canadian Anti-Spam Law (CASL) that takes effect July 1, 2013. The law will be rolled out in stages. It is much like the American CAN-SPAM Act, which regulates many routine business activities, such as sending marketing emails, text messages, or other social media messages. However, this law takes the opposite approach of its American counterpart. CASL converts electronic marketing in Canada from an "opt-out" to an "out-in" standard. The important thing to note is that this law will apply to businesses located in the U.S. if the recipient of the message or download is located in Canada
Soghoian: Technology has minimized the procedural costs of surveillance (FierceHomelandSecurity) Technology has allowed law enforcement and intelligence agencies to expand surveillance, not just because it has lowered costs, but because they encounter less resistance from judges and companies, said Christopher Soghoian of the American Civil Liberties Union
Judicial Rules May Force Feds to Save Old NSA Phone Records (NewsMax) The government is considering hording old phone records that have been amassed as part of the National Security Agency's controversial data dragnet, the Wall Street Journal reported on its website Wednesday night
Why AT&T's Surveillance Report Omits 80 Million NSA Targets (Wired) AT&T this week released for the first time in the phone company's 140-year history a rough accounting of how often the U.S. government secretly demands records on telephone customers. But to those who've been following the National Security Agency leaks, Ma Bell's numbers come up short by more than 80 million spied-upon Americans
Insurance Company Fined $6.8 Million for Data Breach (eSecurity Planet) TSS mistakenly exposed 13,336 beneficiaries' Medicare Health Insurance Claim Numbers
Man Sues Wells Fargo over Kafkaesque Identity Theft Nightmare (eSecurity Planet) Carlos Gomez spent two weeks in jail and seven months under house arrest after a bank employee stole his identity and used it to launder stolen money
Two Romanians Sentenced to 57 Months in Prison for Role in ATM Skimming Scheme (Softpedia) Two Romanian nationals living in Queens, New York, have each been sentenced to 57 months in prison for their roles in an ATM skimming scheme
Colombia — Spying on journalists compromises coverage of peace talks (Thompson Reuters Foundation) Reporters Without Borders calls for full respect for the work of journalists by President Juan Manuel Santos' government and members of the armed forces, both acting and retired, following the latest allegations of Colombia government spying on the media
Black Hat Asia (Singapore, March 25 - 28 2014) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
Interop Conference (Las Vegas, Nevada, USA, March 31 - April 4 2014) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments
RSA Conference USA (San Francisco, California, USA, February 24 - 28 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else
Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities
Nellis AFB Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members
Cloud Expo Europe (London, England, UK, February 26 - 27 2014) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms
Suits and Spooks Security Town Hall (San Francisco, California, USA, February 27, 2014) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights
Trustworthy Technology Conference (San Francisco, California, USA, February 27, 2014) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology
Creech AFB Technology & Cyber Security Expo (Indian Springs, Nevada, USA, February 27, 2014) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more
Nuclear Regulatory Commission ISSO Security Workshop (Rockville, Maryland, USA, March 17, 2014) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates
ICS Summit 2014 (Lake Buena Vista, Florida, USA, March 17 - 18 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (Gaithersburg, Maryland, USA, March 19, 2014) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
Suits and Spooks Singapore (Singapore, March 20 - 21 2014) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process
Cyber Security for Energy & Utilities (Abu Dhabi, UAE, March 23 - 26 2014) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE
Veritas 2014 (London, England, UK, March 25 - 27 2014) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy
Cyber Security Management for Oil and Gas (Houston, Texas, USA, March 26 - 27 2014) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management
SyScan 2014 (Singapore, March 31 - April 4 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.