The CyberWire Daily Briefing for 3.4.2014
The first Russian cyber operations in its Crimean incursion are reported (by Ukrainian security authorities). These seem initially restrained, directed largely toward isolation of the Crimean battlespace, but there's a strong likelihood they'll see expansion through either Ukrainian retaliation or Russian escalation. Estonian and (especially) Georgian experience of being on the receiving end of Russian cyber attack offer instructive precedents. Some observers think the initial and uncharacteristic restraint of the Russian cyber offensive is explained by wariness of Ukraine's capable domestic hacking talent: a cyber riot can be as troublesome as a closely-run state campaign.
Russia's adventure for now enjoys the tepid, foot-dragging diplomatic support of China, so Kevin Mandia's retrospective of Chinese cyber capabilities is timely.
The Syrian Electronic Army threatens consequences for US Central Command should the United States undertake cyber operations against the Assad regime.
A large SOHO router pharming campaign, in progress since mid-December, has been exposed by Team Cymru. Some 300,000 machines are infected, with ground zero located in two London IP addresses registered with 3NT solutions. The campaign has so far been largely concentrated in Eastern Europe and Asia. Team Cymru calls it a "logical evolution of botnet technology." The campaign's motive, purpose, and attribution remain obscure, but Dynamoo sees fingerprints of Serbian cyber criminals.
Bitcoin bank Flexcoin has shut down—it's been looted. Mt. Gox attributes its own fall to criminal hacking. But Bitcoin isn't synonymous with either Flexcoin or Mt. Gox: Bitcoin ATMs continue to open, most recently in Singapore and Ireland.
Notes.
Today's issue includes events affecting Bosnia Herzegovina, Chile, China, India, Italy, Japan, Netherlands, Philippines, Poland, Russia, Serbia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Ukraine hit by cyberattacks: head of Ukraine security service (Reuters) Ukraine's telecommunications system has come under attack, with equipment installed in Russian-controlled Crimea used to interfere with the mobile phones of members of parliament, the head of Ukraine's SBU security service said on Tuesday
Hack Attack—Russia's first targets in Ukraine: its cell phones and Internet lines (Foreign Policy) The Russian forces occupying Crimea are jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow hasn't succeeded in imposing an information blackout, but the attacks could be sign that Russia is looking to escalate its military operations against the new government in Kiev without firing a shot
Where are the cyberattacks? Russia's curious forbearance in Ukraine. (Christian Science Monitor) Russia's recent conflicts with former Soviet states have included massive cyberattacks. But so far, none have been apparent in Ukraine, possibly because Ukraine can hit Russia back
Russia's cyberwar against Ukraine is every bit as strategic as its ground offensive (Quartz) The head of Ukraine's security service says that the mobile phones of Ukrainian lawmakers are under attack by equipment located in Russian-controlled Crimea
Are we about to witness a full-on cyber-war between Russia and Ukraine? (ITProPortal) Russia has invaded Ukraine. Well, at least the province of Crimea. Are we about to see cyber-war unfold? After months of hearing about cyber-war, cyber-espionage, and attacks against critical infrastructure, it's only natural to wonder if the physical conflict between Russia and Ukraine is about to spill over into cyberspace. Most countries, the United States included, have cadre of forces trained in digital attacks and defences, and this kind of provocation seems like the perfect scenario to unleash them
China's support for Russia's Ukraine incursion is half-hearted, at best (Quartz) It was only a month ago that the close ties between Russia and China were on prominent display, with Chinese president Xi Jinping vowing that the two countries would "continue deepening our consultations and cooperation on major international issues and together maintain world and regional peace, security and stability"
Chinese Government Hacking, One Year Later (eSecurity Planet) What has changed in the year since Kevin Mandia first exposed hacking by the Chinese Army? A year after first issuing his landmark report titled, 'APT1: Exposing One of China's Cyber Espionage Units', Kevin Mandia gave an update on the report's aftermath. Mandia is now the senior vice-president
Syrian Electronic Army Threatens to Hack CENTCOM (Defense One) The Syrian Electronic Army takes to Twitter to threaten an attack on U.S. Central Command if the United States conducts cyberwarfare operations against Syria
300,000 Compromised Routers Redirecting Traffic to Attacker Sites (Threatpost) More than 300,000 small office and home office routers, most in Europe and Asia, were compromised in a campaign that started in mid-December, continuing a rash of security incidents involving home and small business networking equipment
SOHO Pharming: Growing Exploitation of Small Office Routers Creating Serious Risks (Team Cymru) This report details our recent analysis of a widespread compromise of consumer-grade small office / home office (SOHO) routers. Attackers are altering the DNS configuration on these devices in order to redirect victims' DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack
Two London IP Addresses Hijack Over 300,000 Home Routers (International Business Times) Security firm Team Cymru has discovered a huge man-in-the-middle cyber attack affecting over 300,000 small home and office internet routers that hijacks their internet connection — and the attack seems to originate from two IP addresses in London
London firm at centre of hack redirecting 300,000 routers (PC Pro) A London-registered company appears to be at the centre of a massive attack that's redirecting traffic from 300,000 routers, a security firm has said
Flaw in Yahoo! Suggestions Allowed Hackers to Delete 1.5 Million Posts and Comments (Softpedia) Ibrahim Raafat, a security researcher from Egypt, has uncovered a vulnerability in Yahoo! Suggestions that could have been exploited by a malicious actor to delete all 365,000 posts and 1,155,000 comments published by users
Illinois Bank: Use Cash for Chicago Taxis (Krebs on Security) First American Bank in Illinois is urging residents and tourists alike to avoid paying for cab rides in Chicago with credit or debit cards, warning that an ongoing data breach seems to be connected with card processing systems used by a large number of taxis in the Windy City
[Meetup suffers DDoS attack] (Meetup HQ Blog) No doubt, this has been a tough weekend for Meetup. Since Thursday, we faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We've had many hours of downtime over several days, a first for us in 12 years of growing the world's largest network of local community groups
Flexcoin is shutting down. (Flexcoin) On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. The attacker made off with 896 BTC, dividing them into these two addresses
Mt. Gox users targeted with fake promises of lost Bitcoin recovery (Help Net Security) Bitcoin exchange Mt. Gox has shared more details about the issues that have led to it filing for bankruptcy protection just as malware peddlers have started taking advantage of affected users' desperation and desire to recover their lost bitcoins
Chilean investigative media organization's website down after cyber attack for second time this year (Journalism in the Americas) The website of the Center for Investigative Journalism (CIPER) in Chile was hacked on Thursday, Feb. 27, for the second time this year
Anatomy of an Apple theft protection bypass — and how to avoid it (Naked Security) A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend
Four Vulnerabilities Found in Oracle Demantra (Threatpost) Oracle's Demantra is fraught with vulnerabilities that could allow an attacker to extract sensitive information, carry out phishing attacks, and modify content within the application, among other attacks
Netflix users targeted in active tech support scam (Help Net Security) Malwarebytes' security researcher Jerome Segura has recently analyzed a rather creative tech support scam that is actively targeting Netflix users
L.A. Care Health Plan Acknowledges Data Breach (eSecurity Planet) The breach, the company says, resulted from 'a manual information processing error which we have since corrected'
Twitter screws up, accidentally sends deluge of password-reset messages (Naked Security) Twitter goofed, sending out a deluge of password-reset emails on Monday evening that turned out to have been triggered by a system error
Hacking Critical Infrastructure Companies — A Pen Tester's View (Dark Reading) At the RSA Conference, a pen tester outlines some of the elements of a successful attack on energy companies
Cyber crooks will go after medical records next (Help Net Security) As security firms and law enforcement agencies continue to cooperate and successfully take down botnets, cyber crooks will be forced to look for new and more lucrative targets, and especially ones that are poorly secured
Researchers Create Legal Botnet Abusing Free PaaS and IaaS Offers (Dark Reading) Hack depends on scripts creating scores of unique email addresses and automating execution of email verification
Italian spyware firm relies on U.S. Internet servers (Washington Post) An Italian computer spyware firm, whose tools foreign governments allegedly have used to snoop on dissidents and journalists, relies heavily on the servers of U.S. Internet companies, according to a new report
Phone Phishing, Data Breaches, and Banking Scams (TrendLabs Security Intelligence Blog) Recently, I received a rather unusual call that claimed to be from National Australia Bank (NAB), one of the four largest banks in Australia. The caller had my complete name and my address. They claimed that they had flagged a suspicious transaction from my account to an Alex Smith in New Zealand to the tune of 700 Australian dollars. They needed my NAB number to confirm if the transaction was legitimate
The Mobile Cybercriminal Underground Market in China (TrendLabs Security Intelligence Blog) The availability of affordable mobile Internet access has changed the computing landscape everywhere. More and more people are using mobile devices both for work and for entertainment. China is no exception. According to a report published by the China Internet Network Information Center (CNNIC), 81% of Chinese Internet users went online using their mobile phone in 2013. The CNNIC also reported that China ended 2013 with 618 million Internet users and 500 million mobile Internet users
9 Worst Cloud Security Threats (InformationWeek) Leading cloud security group lists the "Notorious Nine" top threats to cloud computing in 2013; most are already known but defy 100% solution
Security Patches, Mitigations, and Software Updates
Microsoft denies extending Windows XP support for China (ZDNet) Reports on Monday that Microsoft has extended support for Windows XP in China are incorrect
XPired! (Internet Storm Center) Yes, Windows XP is about to Xpire. This sunset has been a while in the making, and has even been paused so that the world could admire it a while longer. But now, it really is upon us, on April 8, the earth rotation will stop for a second or three, and then move on
Apple Updates iOS Security Paper with iCloud, Appsec Insights (Threatpost) Apple updated its iOS Security guide with new information on the encryption and security processes protecting iCloud Keychain, Recovery and Internet services such as iMessage, FaceTime and more
Google Fixes Nearly 20 Bugs in Chrome 33 (Threatpost) Google has fixed 19 security flaws in its Chrome browser, including more than a dozen high-risk bugs. The company paid out $3,500 in rewards to security researchers who reported flaws. Two of the high-risk vulnerabilities fixed in Chrome 33 are use-after-free flaws, one in SVG images and the other in speech recognition
Cyber Trends
TrustyCon talks made available on video (Help Net Security) As announced, the TrustyCon infosec conference, established by security consulting firm iSEC Partners, the Electronic Frontier Foundation (EFF) and DEF CON and held simultaneously as RSA Conference USA 2014, has drawn quite a crowd
Supply-Chain Threats Still An Uncertain Danger (Dark Reading) With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains
Advanced Threat Report 2013 (FireEye) The 2013 edition of the FireEye Advanced Threat Report analyses more than 40,000 advanced attacks across the globe to map out the latest trends in advanced persistent threat (APT) attacks. Leveraging real-time threat intelligence from millions of security alerts across customer deployments, FireEye tracked more than 160 distinct APT malware families and logged 22 million command-and-control (CnC) transmissions. This report correlates that intelligence to provide insight that spans countries, industries, and threat vectors
Less than zero: Zero-day vulnerabilities (SC Magazine) Organizations are struggling with how to more quickly account for and guard against zero-day vulnerabilities
Four trillion security transactions reveal security highlights (Help Net Security) In 2013, CYREN analyzed more than four trillion security transactions worldwide — averaging 10 to 15 billion transactions per day
Trends shaping mobile forensics in 2014 (Help Net Security) Mobile forensic provider Cellebrite surveyed its customer base and conducted interviews with leading mobile forensic experts and analysts spanning the industry, asking their opinion on top trends shaping mobile forensics this year
Insurance companies denying energy firms cyber-insurance (ProSecurityZone) Industry analysts have commented on the recent news that energy companies in the UK will be refused insurance due to having weak cyber defences
BYOD and Martha Graham: The interpretive dance of security, privacy (FierceMobileIT) The relationship between security and privacy in a BYOD environment is like an "interpretative dance," explains Constantine Karbaliotis, America's privacy leader for consultancy Mercer
People, not PCI standards, cause data breaches (Venture Capital Post) Cisco Systems Security Solution Architect, Christian Janoff wrote in his column with VentureBeat that the reason why payment card data breaches are happening is not because of the failure of PCI standards but it's the people. They are not ready to deal with today's threats
Cyber Pranks — Funny or Mean? (McAfee Blog Central) We all know that kids love to play pranks — it is just part of childhood. Whether it is whoopee cushions, switching the salt and the sugar or good old plastic spiders, harmless pranks can be fun and actually a good way of teaching kids resilience
Marketplace
Cubic Completes Acquisition of Intific Inc. to Strengthen Virtual Simulation and Advance Research Capabilities (Wall Street Journal) Cubic Corporation announced today that it has completed the acquisition of Intific, Inc., an Austin, Texas-based advanced technology company focused on software and game-based solutions in modeling and simulation, training and education, cyber warfare, and neuroscience. Intific will become part of the Cubic Defense Systems segment which is a market leader in innovative live, virtual, and game-based training solutions. Intific completed 2013 with approximately $14 million in revenue and employs 80 personnel primarily located in Austin, Texas and Alexandria, Virginia
Maryland's cybersecurity industry thrives as hackers' evolve (The Gazette) Maryland — home to the National Security Agency, the National Institute for Standards and Technology, research institutions and an ever-growing number of network security businesses — has grown into a cybersecurity powerhouse
40 Million Reasons To Buy This Cyber-Security Laggard (Seeking Alpha) The loss of credit card information for 40 million Target (TGT) customers in December is just one in a growing list of high-profile cyber-crimes. The increase in these attacks, both financial and politically-motivated, is on the rise and is one of our megatrends for the next decade. Symantec (SYMC) has lagged peers in the industry but looks poised to surprise higher on the completion of its reorganization
RSA Conference Organizers Accused of Attempting to Sabotage Trustycon (CSO Salted Hash) An article in the New York Times alleges that RSA Conference organizers phoned in warnings to venue management in order to have TrustyCon shutdown
Career advice: Moving into Internet security (Computer World) Premier 100 IT Leader Stuart Kippelman also answers questions on career growth
Apple CFO Oppenheimer to retire in Sept. (MarketWatch) Apple Inc.'s Chief Financial Officer Peter Oppenheimer will retire at the end of September, the company announced Tuesday. He will be replaced by Luca Maestri, who currently serves as Apple's vice president of finance and corporate controller
Yolanda Rodríguez Appointed Panda Security Global Channel Director (Digital Journal) Panda Security, The Cloud Security Company, has announced that Yolanda Rodríguez has been appointed as its new Global Channel Director
Products, Services, and Solutions
Bitdefender unveils SME Small Office security solution (TechDay) Bitdefender has launched a new edition of Small Office Security, a solution for PCs and Macs designed to improve security and ease management for small and medium businesses
Lunarline Weighs in on Recent Retail Sector Hacks (Broadway World) Following reports that hackers triggered more than 60,000 unaddressed alerts in an attack on Neiman Marcus's credit card payment systems, Lunarline released a statement emphasizing a widespread need for retail organizations to develop stronger internal cyber security capabilities
Appthority App Risk Management (Droid Report) Appthority App Risk Management provides service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data
Technologies, Techniques, and Standards
Cyber Intelligence Collection Operations (Tripwire: The State of Security) In the previous article in this series I talked about developing your cyber intelligence analyst skills. The approach largely relied on becoming tool agnostic and developing a strong base through education. As the analyst it is your opinion and expertise that matters most
Feds Look To Big Data On Security Questions (InformationWeek) Government IT leaders believe continuous monitoring and advanced analytics can help agencies better understand their networks and security
Less risk, more reward: Managing vulnerabilities in a business context (Help Net Security) Network security can be both an organization's savior, and its nemesis. How often does security slow down the business? But security is something you can't run away from. Today's cyber-attacks have a direct impact on the bottom line, yet many organizations lack the visibility to manage risk from the perspective of the business. This quandary is a common balancing act that organizations must manage without truly understanding the impact to the bottom line
Top 10 excuses for sticking with Windows XP (ZDNet) There are many reasons why users will be sticking with Windows XP after Microsoft ends all support next month. In the final analysis, none of them are good excuses
Why Your Security Incident Reporting Process Matters (CSO) The only expected outcome of security awareness is reporting suspected incidents. That means the reporting process needs to work for people in an open, transparent, and effective way
How NIST Develops Cryptographic Standards (Schneier on Security) This document gives a good overview of how NIST develops cryptographic standards and guidelines. It's still in draft, and comments are appreciated
CSRIC cybersecurity working group to begin work on recommendations (Inside CyberSecurity) A new group of outside advisers to the Federal Communications Commission will begin its work this month at a meeting of the Communications Security, Reliability and Interoperability Council
Why SMBs Need Mobile Device Security (Trend Micro Simply Security) There's a growing security issue for small and midsize businesses (SMBs) that's called BYOD. The trend of "bring your own device" to work—defined as employees using their own smartphones, laptops or tablets for business tasks—is becoming a major challenge for all organizations. However, for smaller businesses, it's a real and serious security issue that needs to be addressed sooner rather than later
Research and Development
Our brains work hard to spot phishing scams, but still often fail (Naked Security) Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate
Academia
Cyber School Not a Fix for Snow Days (Arkansas Business) Students may love nothing more than a snow day
Legislation, Policy, and Regulation
Nick Clegg: reforming legal framework underpinning spy agencies unavoidable (The Guardian) Deputy prime ministers says it would be extraordinary for matter to be neglected by MPs after next year's general election
China Establishes Presidential Commission to Shore Up Its Cyberdefenses (IEEE Spectrum) China is often pointed to as the home base for bad actors in the world of cybercrime and alleged to be a participant in undeclared cyberwarfare. But China's computer networks are not immune from attack. The government revealed the extent of its concern over cybercrime when it announced that President Xi Jinping is chairing a new working group on cybersecurity and information security
Spy hang-ups: Threatening close relations with NSA, telecoms balk at Obama privacy proposals (AP via the Minneapolis Star-Tribune) When Apple, Google, Microsoft and other tech giants united in outrage last summer over the National Security Agency's unfettered spying, telecommunications giants such as AT&T, Verizon and Sprint—whose customers are also the targets of secret government spying— remained noticeably mum
Snowden leaks have permanently damaged the NSA (Baltimore Sun) After 9/11, the National Security Agency quickly and quietly expanded its knowledge base, but it likely couldn't pull off the same feat again today
Obama adviser Podesta promises full vetting of big data's impact on privacy (IT World) Work is well underway on a study of big data technologies' impact on privacy rights, a senior Obama administration official said Monday, stopping short of saying that substantive new policy changes could be around the corner
Fighting for rights in a time of big data (FierceBigData) More than a dozen civil rights groups are working to establish fairness guidelines for use by big data wielding law enforcement, hiring and commerce entities. They rightly point out the potential use of big data in discriminating against seniors and other groups. Below is the set of principles they think should be adopted across the board to prevent discrimination. The big surprise to some is that these principles do not apply only to minorities but to the much broader sweep of human rights
Federalist Society Event on "The NSA, Security, Privacy, and Intelligence" (Lawfare) From last Monday, here is video of the Federalist Society's event, "The NSA, Security, Privacy, and Intelligence"
Can Protected Data Be Shared to Improve Services? (Government Executive) "Start with what you have," is the advice consultants recommend to organizations that are just launching performance measurement initiatives. Now the Office of Management and Budget has issued guidance encouraging agencies to use existing program data in new ways
Commentary: Why We Need a Defense Clandestine Service (Defense News) I was a CIA spy from 1979 to 1988, leaving when invited to be a co-creator of the Marine Corps Intelligence Center from 1988 to 1993. Since 1993, I have been one of the more persistent published proponents of intelligence reform around the world
Best way to counter cyber libel? Delist it from book of crimes — Recto (Manila Standard) Senate President Pro Tempore Ralph Recto wants to decriminalize libel, saying that delisting it from the book of crimes is the best way to address the libel provision in the much-criticized Cybercrime Prevention Act
Litigation, Investigation, and Law Enforcement
Lawsuit to shorten NSA data access has opposite effect (FierceBigData) Proving once again that fact is stranger than fiction, a lawsuit initiated by the ACLU, the EFF and other advocacy groups that meant to shorten the time that the NSA can keep data resulted in the agency getting to keep data even longer. And when the same group sued to restrict access to the data, the court instead awarded more access to people and agencies
EFF Urges Court to Kill National Security Letters (Courthouse News Service) The Electronic Frontier Foundation filed two briefs asking the 9th Circuit to stop the federal government from issuing national security letters that allow it to spy on millions of Americans.
US says Sprint fraudulently charged hidden fees for government wiretaps (The Verge) The US government is taking Sprint to court for allegedly inflating the cost of performing wiretaps by millions of dollars. In a complaint filed on Monday, the government said Sprint had asked law enforcement agencies for an extra $21 million in reimbursement for its surveillance costs over a period of several years, raising its total bill by around 58 percent
Scareware pusher loses appeal against epic $163 million fine (Naked Security) The US Federal Trade Commission (FTC) is celebrating what it calls a "huge victory for consumers", after an appeal court threw out an attempt to overturn a massive fine imposed on Kristy Ross, a former representative of scareware marketing firm Innovative Marketing Inc. (IMI) which pushed fake security products such as WinFixer and XP Antivirus
Bitcoin exchange Mt. Gox says it's a likely victim of hacking theft (AP via the Vancouver Sun) The Tokyo bitcoin exchange that filed for bankruptcy protection blamed theft through hacking for its losses Monday, and said it was looking into a criminal complaint.
Verizon Updates Transparency Report with FISA Order Data (Threatpost) Verizon updated its transparency report, publishing data on FISA orders for customer content and account information
Top UK official involved in national porn filter arrested for child porn (Ars Technica) Deputy director of policy is a longstanding advisor to the Prime Minister
Patrick Rock arrest: David Cameron defends secrecy (The Guardian) Prime minister answers questions about decision not to reveal arrest or resignation of aide over child abuse image claims
Florida Cops' Secret Weapon: Warrantless Cell Phone Tracking (Wired) Police in Florida have offered a startling excuse for having used a controversial "stingray" cell phone tracking gadget 200 times without ever telling a judge: the device's manufacturer made them sign a non-disclosure agreement that they say prevented them from telling the courts
Online Identity: The Legal Questions (InfoRiskToday) The more organizations structure business and processes around online identities, the more they navigate in tricky legal waters, says attorney Tom Smedinghoff, who offers guidance
Chemical makers' cyber, physical security program approved for SAFETY Act liability coverage (Inside CyberSecurity) The chemical industry's "Responsible Care" initiative, a system of both cyber and physical security management practices, has qualified for continued liability protection under the SAFETY Act program run by the Department of Homeland Security
Cybersecurity push fuels liability debate for infrastructure software developers (Inside CyberSecurity) The push to improve cybersecurity for critical infrastructure will put software developers in plaintiffs' crosshairs, but how the courts and Congress might address related liability issues is up for debate, according to lawyers with a wide range of views
US girl loses her father's $80K settlement after boasting about win on Facebook (Naked Security) The daughter of a US man took to Facebook to blow a raspberry at her father's employer — the school from which she recently graduated — after he won $80,000 (£47,800) in a settlement over an age discrimination suit
Man "fixes" women's computers, watches them through webcams (Ars Technica) Found guilty on three counts of unauthorized access and two counts of voyeurism
Fort Benning Employee Charged with $2.2 Million Identity Theft Scheme Targeting Soldiers (eSecurity Planet) Tracy Mitchell allegedly used service members' stolen identities to file more than 1,000 fraudulent tax returns
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, Mar 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization architectures and describe novel approaches to implementing virtualization technology / hypervisors for offensive and defensive cyber security applications. Case studies will be presented for malware detection, reverse engineering, code protection, security testing, stealthy code and other applications.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.