The CyberWire Daily Briefing for 2.24.2014
news from RSA
RSA opens today. The conference is just getting underway as we publish today's issue, but some themes worth your attention are already emerging, and several of them are linked. Expect to hear much discussion of advanced malware detection and defense. Expect also to hear about the challenges of security labor force development. Mobile and cloud security will continue to engage conference participants, as will threat analytics and next-generation network defenses.
Amid a general sense that the advantage has shifted from defense to offense (bad actors—being unconstrained by little beyond the black market's rough and uncertain frontier justice—seem able to stay a step ahead of defensive measures) we expect to hear much about how enterprises can keep pace with or even anticipate advanced threats. Current security practices depend heavily on what Dark Reading calls "super-techies": scarce and consequently high-priced engineering talent. We also expect to hear about ways of ensuring an adequate pipeline of security talent.
Automated tools, particularly those well adapted to performing complex malware reverse engineering, will be of considerable interest. Such tools in principle could address both the rapid evolution of threats and the relative scarcity of high-end security talent.
Many conference attendees will offer their take on threat analysis, with a number of solutions already queued up for public launch this week. Look for ways of addressing anonymized threat information sharing, arguably the long pole in this particular tent.
Special coverage of RSA Conference 2014 continues through February 28th. If you're attending RSA, be sure to stop by CyberPoint's booth (#1037 in the South Expo hall) and say hello to the CyberWire's publisher and some of our stringers.
FireEye (in a coyly indirect and slantindicular fashion, leaving its audience to connect the dots) attributes exploitation of the recently reported Adobe zero day to Chinese espionage organizations. They're calling the campaign "Operation GreedyWonk," and its targets have so far been foreign policy institutes and think tanks. The New York Post grumps that this is all Edward Snowden's fault: he's sapped "the political will" necessary to effective cyber defense. This surely goes too far: aren't Western intelligence services made of sterner stuff?
Facebook's acquisition of WhatsApp last week for a reported $19B ("jaw-dropping," as headline writers call the price tag) brings with it some security scrutiny: apparently the highly valued platform contains some serious SSL weaknesses. A German privacy commissioner has gone so far as to advise users to avoid WhatsApp entirely.
Leaked source code for the Android iBanking bot has appeared on the black market. RSA researchers warn publication foreshadows more attacks using the mobile malware.
Late last week domain registrar and web-hosting service Namecheap sustained a distributed denial-of-service attack. Namecheap says it was able to mitigate the effects in about three hours, but they also say the DDoS attack was of a "new type"—what type remains unclear.
Apple patches an iOS flaw that rendered devices vulnerable to man-in-the-middle attacks. The problem seems to extend also to MacOS; users should browse with caution.
Lookingglass releases a study highlighting third-party risk. (Security approaches that minimize third-party involvement will be interesting.)
Google buys anti-fraud startup Spider.io. Akamai closes on Prolexic.
Notes.
Today's issue includes events affecting Australia, European Union, France, Germany, Hungary, India, Democratic Peoples Republic of Korea, Republic of Korea, Syria, Turkey, United Kingdom, and United States..
San Francisco: the latest from RSA 2014
RSAC 2014: RSA Conference (Day 0) (CSO Salted Hash) Salted Hash has arrived in San Francisco to attend the RSA Conference, well as the B-Sides SF Conference. Here's a brief recap of the day so far
For 2014 RSA Conference, agenda, attendance indicate business as usual (TechTarget) Much ink has been spilled about potential boycotts of the 2014 RSA Conference, but most signs indicate that next week's event will be business as usual
RSA Conference: Are you going to San Francisco? (NetworkWorld) Well it is the end of February and like instinct drawing birds to migrate, information security people are drawn to San Francisco for the RSA Conference. In some ways RSA represents the security state of the union
Hot Topics at the RSA Conference (ESG) Mostly the same as last year but with more innovation, startups, and excitement
Sneak peek: The big security questions surrounding RSA Conference (InfoWorld) This video chat with a pair of experts highlights the important and interesting topics to look for at the major security show
Is The Hypervisor Security's Goldilocks Zone? (Dark Reading) RSA presentation to put virtualization forward as a tool to fix security's architectural problems
The FIDO Alliance Focuses RSA Conference 2014 Community on Standards-Based Strong Authentication (MarketWatch) FIDO Ready(TM) Products and Services introduce enterprise, financial services, ecommerce and consumer web services to authentication that is more secure, private and easier-to-use than passwords and PINs
SafeLogic CEO to Speak at RSA Conference in San Francisco (PRWeb) Ray Potter, co-founder and CEO of SafeLogic, to speak alongside the legendary Whitfield Diffie at the security event
ThreatTrack Security to Unveil Industry-First Malware Remediation Platform at RSA Conference (Providence Journal) ThreatTrack Security today announced its participation in the RSA Conference USA 2014, where the company will introduce its ThreatSecure advanced malware protection platform, which provides real-time detection and automated remediation of threats that evade traditional signature-based defenses. ThreatSecure demonstrations will take place in the ThreatTrack Security booth number 1901 in the South Expo of the Moscone Center
Nawaf Bitar of Juniper Networks to Deliver RSA Conference Keynote Address (SYS-Con) Juniper Networks (NYSE: JNPR), the industry leader in network innovation, today announced the details of its participation at the 2014 RSA Conference, the world's leading information security event and B-SidesSF, a grass roots, open security conference taking place the day prior to RSA
CYREN to Highlight New Cloud-Based Web Security Service at RSA Conference (Broadway World) CYREN, previously operating as Commtouch (CTCH), will showcase its newly launched CYREN WebSecurity service February 24-27 during the RSA Conference in booth 1633 at Moscone Center in San Francisco
Cyber Attacks, Threats, and Vulnerabilities
'Chinese spies' launch new Adobe zero-day attack (SC Magazine) A group of Chinese spies are believed to have resurfaced to attack vulnerable political and non-profit groups, after FireEye discovered them using a new zero-day Adobe exploit
Adobe Flash Zero Day: Operation GreedyWonk (Emisoft Blog) No more than a week after discovering Internet Explorer 10 Zero Day, researchers at FireEye have uncovered yet another critical vulnerability on widely used software. CVE-2014-0502, dubbed Operation GreedyWonk, affects the latest versions of Adobe Flash
Edward Snowden enables Chinese hack attacks (New York Post) China's military hackers are back, more brazen than ever. You can thank Edward Snowden
Researchers Find SSL Problems in Whatsapp (Threatpost) The Facebook acquisition of mobile messaging service WhatsApp has captivated the tech world this week. Much of that has to do with the massive $19 billion price tag and, to a lesser extent, the incredibly fast rise of the company. But while analysts and customers have been examining the deal, some security researchers decided to look at the security of WhatsApp itself
Crypto weaknesses in WhatsApp "the kind of stuff the NSA would love" (Ars Technica) Poor implementation of SSL encryption could be a boon to eavesdroppers
Stop using WhatsApp now that it has been acquired by Facebook, warns privacy regulator (Computing) Users of instant messaging app WhatsApp should switch to an alternative, now that it is being acquired by social media giant Facebook, according to Thilo Weichert, a commissioner of Germany's data privacy watchdog ULD
Source code for Android iBanking bot surfaces on underground forum (CSO) The leaked source code could lead to a larger number of attacks using the mobile malware, security researchers from RSA said
Namecheap's DNS server hit with a "new type" of DDoS (Help Net Security) Popular domain registrar and web hosting service Namecheap has been having trouble with an unexpected DDoS attack targeting 300 or so domains on two of their their DNS nameservers
Namecheap fends off DDoS attack, restores services (CSO) The 100Gbps attack knocked 300 websites offline for about three hours
Twitter Spamrun: "Isn't This You?" (Malwarebytes Unpacked) The spam spreading on compromised accounts are bundles of @ messages sent to Twitter uses, which say the following
UPS Malware Spam Using Fake SPF Headers (Internet Storm Center) The "Sender Policy Framework" is a simple system to identify which mail servers are allowed to send e-mail on behalf of your domain. We have talked about this (and other standards like DMARC, DKIM) before
An In-depth Analysis of Linux/Ebury (WeLiveSecurity) ESET has been analyzing and tracking an OpenSSH backdoor and credential stealer named Linux/Ebury. The result of this work is on the Linux/Ebury malware family is part of a joint research effort with CERT-Bund, the Swedish National Infrastructure for Computing, the European Organization for Nuclear Research (CERN) and other organizations forming an international Working Group
Why The Syrian Electronic Army Hacked Us: An Interview With The Attackers (Forbes) Last week, Forbes joined the growing list of media organizations successfully infiltrated by the Syrian Electronic Army. Through spear phishing and credential stealing, the hackers were able to access our email and publishing system, post articles, and download email addresses and hashed passwords of over one million Forbes users, as outlined in my colleague Andy Greenberg's timeline of the hack. Why did they come after Forbes
The Talking Angela witch hunt — what on earth is going on? (Naked Security) For the last week, the internet — and Facebook in particular — has been positively moist with the foamy, spittle flecks of an outraged, pitchfork wielding mob
Top 10 worst state-sponsored hack campaigns: From PRISM to Stuxnet and Mask (V3) Since the first computer was connected to the internet we've seen a steady stream of a new malware variants and cyber scams doing the rounds. However, it's only in the last few years things have really heated up, with a number of startling revelations showing it's not just criminals playing fast and loose with the law and online data
Ransomware "Goes Local" In Europe (TrendLabs Security Intelligence Blog) Threats today are designed to appeal to local audiences everywhere: two separate threats we've recently encountered show how ransomware is targeted towards users in specific countries; in these cases users in Turkey and Hungary were the targets
CyrptoLocker Versus Your Company (Risk Conversation) CyrptoLocker? It sounds like something our of a sci-fi film
Hackers Using Mobile Devices To Expose Sensitive Information In Cyber Attacks (WJZ 13 CBS) Target, Neiman Marcus, Michaels and the University of Maryland. They'e all major retailers and institutions hit by hackers
Hackers deface ethical hacking website, with image of Edward Snowden's passport (Graham Cluley) The EC-Council, which offers training for the Certified Ethical Hacker (CEH) program, has had its website defaced by a hacker who claims to have access to thousands of passports belonging to law enforcement and military officials
My university got hacked but it's nothing special (Ars Technica) How a 14-year-old student ID exposed my social security number to the world
Blue Shield of California Acknowledges Data Breach (eSecurity Planet) Insurance agents' Social Security numbers were mistakenly exposed
Zevin Asset Management Acknowledges Data Breach (eSecurity Planet) An employee violated company policy by using an online service provider to host a document containing custodian account user names and passwords
Well.ca Data Breach Exposes Customer Credit Card Information (eSecurity Planet) Names, billing addresses, credit card numbers, expiration dates and CVV codes were exposed
Security Patches, Mitigations, and Software Updates
Major Apple security flaw: Patch issued, users open to MITM attacks (ZDNet) Apple rushed the release of iOS 7.0.6 on Friday with a patch for a shockingly overlooked SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack
Update your iPhones and iPads now to iOS 7.06. But Mac OS X still at risk from critical security hole (Graham Cluley) Apple has quietly pushed out a security update to iOS, the operating system used by its flagship iPhone and iPad products
Behind iPhone's Critical Security Bug, a Single Bad 'Goto' (Wired) Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious "goto" in one part of Apple's authentication code that accidentally bypasses
Microsoft releases fix for Windows Update corruption errors (ZDNet) Non-critical patch addresses problems in the Windows Update system files which could cause errors in future updates
Adobe releases second critical security update for Flash Player in three weeks (ComputerWeekly) Adobe has released the second critical security update for its Flash Player plug-in in less than three weeks. Adobe has assigned the CVE identifier CVE-2014-0502 to this vulnerability and released a security bulletin
Cyber Trends
Lookingglass Study Shows Trusted Third-Party Vendors Increase the Likelihood of Attack on U.S. Banking Sector (Lookingglass Scout) Lookingglass Cyber Solutions, the leader in cyber threat intelligence management, released today the results of a recent study conducted on global financial institutions and the risks introduced by their trusted partners and providers. Lookingglass' analysis revealed that 100% of third-party networks sampled showed either signs of compromise or increased risk. This study demonstrates that third-party networks extend the attack surface and introduce risks that often go overlooked
Expert: Retailers Like Target Under Increasing Threat (KSTP ABC5 News) The cybersecurity breach at Target Corporation during the 2013 holiday season caught most of us by surprise
Energy sector a prime target for cyber attacks (CSO) Experts say the nation's critical infrastructure remains woefully vulnerable
Trends in Incident Response in 2013 (ICS-CERT Monitor) ICS-CERT continued its cyber incident response and risk reduction mission in 2013 by responding to an increasing number of incidents (footnoted) targeting our Nation's critical infrastructure
Mountains to Molehills: 'Larger problem' (Blue Ridge Now) Folks, if you think the National Security Agency is going way too far with its data collection programs, there's a bigger worry, to hear Gary Crider of Hendersonville tell it
Cyber Security: What's The Next Big Threat In 2014? (Business Insider India) Kaspersky Lab, one of the top 4 cyber security solutions providers in the world, has come up with its predictions about 2014. Not surprisingly, much of what it has seen in the crystal ball is connected to the fallout from Edward Snowden's revelations. According to Kaspersky experts, cybercriminals will target both end users and businesses this year. Let us first look at how individuals will be affected
Solving The Security Workforce Shortage (Dark Reading) To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional. Companies looking for more security staff aren't going to find them — they're going to have to make them
Can Security Survive in an Increasingly Insecure World? (Webroot Security Intelligence Blog) 2013 was not a good year in terms of cyber security. Despite companies spending an increasingly significant percent of revenue on security technology — systems designed to thwart, detect and prevent hackers from gaining access to their networks and sensitive data — attacks continue to succeed. Recently, the trend has shifted to attacking point of sale (POS) systems. While Target is the largest example, similar attacks have occurred in industries ranging from department stores to hospitals to hotel chains. Basically anywhere large scale financial transactions take place. The focus on POS systems doesn't come as a surprise. Cybercriminals have always
What Second Life? Digital Natives' Lives Revolve Around Being Online (Trend Micro Simply Security) I recently enjoyed a blog post by Brian Solis that discussed the blurred lines between the current physical dimension that our social lives have historically been comprised of to the digital personals and lives we lead within those social communities
Marketplace
Skills in cyber security, a report (Business Standard) India's talent pipeline in information security-skills emerges at its weakest with just under a percentage of student population in engineering equipped with basic skills in information security. This report by EC-Council, the global professional certification body for IT security related programmes, looks into the skill gaps gaps and its consequences
Google buys London firm Spider.io to fight ad fraud (V3) Google has bought out London-based fraud prevention startup Spider.io in an effort to protect its advertising business model from ad-clicking malware spread by botnets
Akamai Closes Prolexic Buy (Zacks) Akamai Technologies (AKAM - Analyst Report) recently announced that it has completed the acquisition of the privately-held cloud based security-solutions provider Prolexic Technologies. The acquisition is expected to boost Akamai's cyber security offerings
Meg Whitman is ready to make a deal (IT World) After two-and-a-half years running Hewlett-Packard, CEO Meg Whitman says she's ready to make some deals — particularly in the areas of security, big data, cloud and mobility
Catapult Consultants and Blue Ridge Networks Team to Create Health IT Cybersecurity "Dream Team" (Broadway World) Catapult Consultants, LLC, a leading healthcare solutions firm, today announced that it has reached a marketing agreement with Blue Ridge Networks, a leading provider of cybersecurity solutions
Hyland and two more head for Fortinet exit doors (CRN) Changing of the UK guard at network security vendor
Pamela Drew Promoted to EVP Ranks at Exelis; David Melcher Comments (GovConWire) Pamela Drew, president of Exelis' (NYSE: XLS) information systems business, has been promoted to an executive vice president role the aerospace and defense contractor
Water security perimeter helps thwart cyber threats at major utilities system (WaterWorld) A major U.S. water utilities system recently selected Owl Computing Technologies, Inc., a network security solutions provider, for the deployment of an electronic security perimeter to mitigate external cyber vulnerabilities
Products, Services, and Solutions
Cimcor Partners With AIG eRisk Hub to Offer CimTrak IT Security Solution to Cyber Insurance Customers (Virtual-Strategy Magazine) Cimcor has partnered with AIG eRisk Hub. The site will offer CimTrak and industry updates to cyber insurance customers.
KEYW Corporation and Hexis Cyber Solutions Announce Advanced Cyber Training Program for Enterprise Security Professionals (IT Business) KEYW Corporation (KEYW) and Hexis Cyber Solutions, Inc. (Hexis), wholly owned subsidiaries of The KEYW Holding Corporation (Nasdaq:KEYW), today announced the availability of KEYW's Parrot Labs Training courses designed to provide enterprise security professionals with the technical, hands-on training they need to effectively identify, engage and remove today's most advanced attacks. Leveraging extensive experience protecting government customers against the most advanced threats, instructors will help enterprise employees better prepare for attacks from cybercriminals
Proofpoint Adds Next-Generation Predictive Defense To Targeted Attack Protection Solution (Dark Reading) Protects users from malware and advanced threats in both URLs and email attachments
New App to Combat Extremists' Cyber Attacks (Venice-MarVista Patch) Called Combat Hate, it was launched by the Simon Wiesenthal Center
Cyvera Launches New TRAPS XP Agent to Protect Microsoft Windows XP Users (CEN) Secures Windows XP machines from cyber threats as Microsoft support deadline
Skyhigh Networks Unveils Dashboard for Cloud Risk (TopTechNews) The range of cloud-based apps like Skyhigh's CloudRisk Dashboard vary in their security levels, from those with enterprise controls to those that are more consumer friendly. Skyhigh's CloudRisk Dashboard might be useful "if you want visibility into what your employees are doing" in the cloud, said Gartner analyst Lawrence Orans
Cyber Squared says the solution to cyber crime lies in firms sharing information (Washington Post) The growing number of cyber attacks on U.S. businesses, federal agencies and other institutions could be stymied if the victims of those attacks shared more information about the perpetrators, says Adam Vincent, the chief executive of Cyber Squared
Zscaler Shifts to DNS to Protect Enterprises (eSecurity Planet) Sometimes a full Web proxy is too much, and all you need is DNS re-direction to provide security
Dropbox Addresses Government Surveillance With Updated Privacy Policy (Threatpost) The online storage service Dropbox has amended its privacy policy at least in part to better address increased concerns regarding how the service perceives, responds to, and handles government requests for user-data
Technologies, Techniques, and Standards
Automated Malware Analysis (InfoSec Institute) Malware analysis is an interesting topic that all Information security engineers are quite aware of. In manual malware analysis, malware samples are taken and moved to an isolated machine called Sandbox, where in-depth analysis is carried out. The processes followed to find out the attributes of the malwares are usually the same, so it is obviously a necessity to automate the analysis process to save time. One such automated analysis that I would like to showcase in this article is with the help of Cuckoo
Researchers crack ransomware encryption (Virus Bulletin) 'Bitcrypt' authors confused their bytes and digits. Two French researchers have found a serious vulnerability in a new piece of ransomware that has allowed them to crack the keys used by the malware to encrypt the victim's files
RCS offers enterprises an alternative to BYOD (FierceMobileIT) RCS offers an alternative to BYOD because enterprises can allow employees to customize their mobile experience on corporate-liable devices, while maintaining a corporate dashboard to monitor and control business communications and applications, according to market research firm Mind Commerce
Why Your Car Won't Get Remote Software Updates Anytime Soon (MIT Technology Review) Software is taking over cars. But it may be a while before it can be updated without a trip to the dealer
Research and Development
IARPA seeks algorithm to measure trustworthiness (FierceGovernment) In its first ever challenge contest, the Intelligence Advanced Research Projects Activity is seeking to use data to measure the trustworthiness of individuals
Legislation, Policy, and Regulation
South Korea to develop Stuxnet-like cyberweapons (BBC) South Korean plans to develop Stuxnet-type weapons to damage North Korean nuclear facilities
Hacked companies off the hook under new privacy laws (IT News) The Office of the Australian Information Commission (OAIC) has confirmed it won't hold organisations accountable for the exposure of personal information when accessed via a cyber attack, as long as the Office is satisfied with the level of security in place within the targeted systems
U.S. now bugging German ministers in place of Merkel: report (Reuters via the Chicago Tribune) The National Security Agency (NSA) has stepped up its surveillance of senior German government officials since being ordered by Barack Obama to halt its spying on Chancellor Angela Merkel, Bild am Sonntag paper reported on Sunday
Spy Chief James Clapper: We Can't Stop Another Snowden (Daily Beast) President Obama's Director of National Intelligence spent his life protecting secrets. Then came the biggest leak of all
Editorial: NSA can't justify phone data program (MetroWest Daily News) Of the many questions that still surround the National Security Agency's vast global spying operations, one seems especially pertinent: Do they actually work? That is, have they helped to prevent terrorist attacks against Americans? In the case of the NSA's phone-data program
Collins challenger among candidates who see potent weapon in surveillance issue (Morning Sentinel) Opposition to domestic spying appeals to a range of midterm hopefuls, from progressives to tea partiers
Is the End of Net Neutrality Near? (IEEE Spectrum) The Federal Communications Commission may still be able to enforce open network regulations despite losing the latest court case
Litigation, Investigation, and Law Enforcement
ABA asks NSA to explain how intelligence agency deals with attorney-client privilege (ABA Journal) Following news reports that a foreign ally of a U.S. intelligence agency may have spied on a BigLaw firm, the American Bar Association has asked the director of the National Security Agency and its general counsel for an explanation of how it deals with attorney-client privilege
Lawyers group questions the targeting of law firm by spy agency (ComputerWorld) The NSA does not rely on foreign partners to circumvent US law, the agency contends
NSA Slayer Wants Default Against Feds (WND) 'Obama Justice Department is playing its usual game, to delay, obstruct'
University of Maryland working with Secret Service on data breach (Baltimore Business Journal) The U.S. Secret Service and cybersecurity expert MITRE Corp. are working with the University of Maryland over this week's data breach, university officials said Friday
Massachusetts Court Rules That Warrantless Access Of Cellphone Location Data Violates State Constitution (TechDirt) The Massachusetts Supreme Court has restored a bit of its citizens' Fourth Amendment rights, even if the decision finding that law enforcement needs a warrant to obtain cellphone location data specifically doesn't address that
Harvard supercomputing cluster hijacked to produce dumb cryptocurrency (Ars Technica) Wow. Shibe-faced Dogecoin illicitly mined on Ivy League supercomputer
Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities
RSA Conference USA (San Francisco, California, USA, February 24 - 28 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else
Nellis AFB Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members
Cloud Expo Europe (London, England, UK, February 26 - 27 2014) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms
Suits and Spooks Security Town Hall (San Francisco, California, USA, February 27, 2014) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights
Trustworthy Technology Conference (San Francisco, California, USA, February 27, 2014) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology
Creech AFB Technology & Cyber Security Expo (Indian Springs, Nevada, USA, February 27, 2014) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more
Nuclear Regulatory Commission ISSO Security Workshop (Rockville, Maryland, USA, March 17, 2014) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates
ICS Summit 2014 (Lake Buena Vista, Florida, USA, March 17 - 18 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (Gaithersburg, Maryland, USA, March 19, 2014) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
Suits and Spooks Singapore (Singapore, March 20 - 21 2014) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process
Cyber Security for Energy & Utilities (Abu Dhabi, UAE, March 23 - 26 2014) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE
Veritas 2014 (London, England, UK, March 25 - 27 2014) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy
Black Hat Asia (Singapore, March 25 - 28 2014) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
Cyber Security Management for Oil and Gas (Houston, Texas, USA, March 26 - 27 2014) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management
SyScan 2014 (Singapore, March 31 - April 4 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia
Interop Conference (Las Vegas, Nevada, USA, March 31 - April 4 2014) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Free OWASP Training and Meet Up (San Francisco, California, USA, Feb 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
RSA Conference USA (San Francisco, California, USA, Feb 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each year, educational sessions feature new and returning educational tracks you won't find anywhere else.
Nellis AFB Technology & Cyber Security Expo (, Jan 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case last year, the 2014 event will once again have a Cyber Security theme. This is an excellent opportunity for any technology or cyber company to meet with the personnel at Nellis AFB, as well as the local AFCEA members.
Cloud Expo Europe (, Jan 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex hosting to development platforms.
Suits and Spooks Security Town Hall (, Jan 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton San Francisco on February 27, 2014 (7pm-10pm). We are condensing the Suits and Spooks two-day "collision" model into a 3-hour debate and discussion format to help raise awareness about the complexities involved in balancing security objectives with our privacy rights.
Trustworthy Technology Conference (, Jan 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.
Creech AFB Technology & Cyber Security Expo (, Jan 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB. At the 1st Annual event held in February 2013 over 100 Creech AFB personnel attended this event. Some of their job descriptions included: Commander, Flight Chief, Communications Officer in Charge, IT Lead, Systems Admin, Wing Training, Information Assurance Officer, Knowledge Management, Section Chief, Avionics, Physical Security, Project Manager, Director and more.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.