The CyberWire Daily Briefing for 3.5.2014
Russia's cyber isolation of the Crimean battlespace continues even as kinetic operations slow, and cyber ops are now reported to extend to disruption of political communications in the Ukrainian capital. Russia claims that pro-Moscow militias operating in Crimea are not under Russian control, and so one should expect to see initial stages of a broader cyber offensive against Ukrainian infrastructure conducted beneath the fig leaf of a patriotic hacktivist cyber-riot.
Western observers speculate on the range of cyber responses available should governments (the US, UK, and Germany are most often mentioned) elect to oppose the Russian adventure actively—whatever decisions may be taken, none of the options are as easy as they appear. Russia seems vulnerable to manipulation of certain key markets, and those might offer scope for a cyber counter-campaign.
Since cyber operations are first cousin to information operations, a look at charges and countercharges is instructive—the US Embassy in Moscow "sets the record straight" in a particularly direct and useful communication. Security analysts look for signs of Uroburos malware deployed in support of Russian actions.
Red Hat announces discovery of a critical crypto-bug, "GnuTLS," that could render Red Hat, Ubuntu, and Debian Linux distributions vulnerable to eavesdropping.
Researchers demonstrate a "triple handshake" man-in-the-middle attack against sites and apps running TLS. The approach exploits vulnerabilities in session resumption and client authentication during renegotiation.
Bitcoin bank Poloniex joins Flexcoin and Mt. Gox among cybercrime victims.
In these last days of Windows XP, F-Secure warns that a zero-day is "inevitable."
Today's issue includes events affecting Brazil, China, Cuba, Germany, Finland, Japan, Republic of Korea, Latvia, Morocco, Russia, Sweden, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Ukraine says communications hit, MPs phones blocked (Reuters) Ukraine's telecommunications system has come under attack, with equipment installed in Russian-controlled Crimea used to interfere with the mobile phones of members of parliament, the head of Ukraine's SBU security service said on Tuesday
Cyber battle apparently under way in Russia-Ukraine conflict (The Register) Kiev security chief says 'IP-telephonic' attack is targeting Parliament
Cyber attacks rise as Ukraine crisis spills to internet (Economic Times) The crisis in Ukraine has spread to the Internet, where hackers from both sides are launching large cyber attacks against opposing news organizations
Russia and Ukraine in cyber 'stand-off' (BBC) As diplomatic efforts are stepped up to ease tensions in Ukraine, security experts have warned that Kiev and Moscow are locked in a cyber stand-off
Cyber's Role in Ukraine-Russia Conflict (BankInfoSecurity) Will West respond in cyberspace to Russia's actions? Russia's offensive military actions in Crimea and its threats to the rest of Ukraine are raising concerns about how the conflict could play out in cyberspace
How to Beat a Russian Cyber Assault on Ukraine (Atlantic Council) Ukraine and its friends in the United States, NATO, and European Union need to prepare now for a probably inevitable (but just possibly preventable) cyber conflict with Russian-backed proxies
Why 'Beating' a Russian Cyber Assault on Ukraine Is Trickier Than You Might Think (Huffington Post) Yesterday, Jason Healy, Director of the Cyber Statecraft Initiative at the Atlantic Council, blogged about how the United States (U.S.) can "beat" a Russian cyber assault on the Ukraine
The four charts Vladimir Putin should consider as he plots his next move in Ukraine (Quartz) Vladimir Putin put the Russian invasion of Ukraine on "pause" at a press conference on Tuesday, and markets stepped back from the ledge. The rout in Russian assets was partly reversed
Setting the Record Straight on Ukraine (Embassy of the United States, Moscow, Russia) Claim: We need to return to the February 21 agreement, which the opposition failed to implement. Response: As part of the agreement, the Ukrainian Parliament (the Rada) passed a bill to return Ukraine to the 2004 Constitution
Inside Vladimir Putin's Paranoid Vision (BuzzFeed) Vladimir Putin seemed to be broadcasting from Bizarro World when he spoke on the Ukraine crisis Tuesday for the first time in weeks
Is Uroburos the First Known Russian Cyberweapon? (InfoSecurity Magazine) At a time of heightened tension between Russia and the West over Ukraine, a German security firm describes a sophisticated rootkit that it suggests may have been developed by Russian intelligence services. Named after a string found in the code, Ur0bUr()sGotyOu#, the Uroburos malware is thought to target governments, research institutes and major corporations
Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (Ars Technica) This GnuTLS bug is worse than the big Apple "goto fail" bug patched last week
Triple Handshake Attacks Target TLS Resumption, Renegotiation (Threatpost) A team of researchers has published a paper that explains a number of attacks against websites and Web-based applications running TLS. The researchers' techniques do not exploit implementation errors, the most common attack vector against encryption securing online communication, instead focus on exploiting features of the protocol that include session resumption followed by client authentication during session renegotiation
Two more Bitcoin exchanges fall prey to alleged hacker theft (TechRadar) Bitcoin taking the one-two punch
"Bank" that claimed to solve Bitcoin's security problem robbed, shuts down (Ars Technica) Flexcoin said it solved "nearly all" of Bitcoin's problems, then it lost $600,000
Mt. Gox Bitcoin Meltdown: What Went Wrong (InformationWeek) Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish
Meetup CEO on why he wouldn't pay $300 to stop DDoS attacks (FierceCIO: TechWatch) Social networking site Meetup has been hit by a string of Distributed Denial of Service (DDoS) attacks since last Thursday, and was restored and overwhelmed a few times since. What makes this noteworthy is that company CEO and co-founder Scott Heiferman had apparently received an email that attempted to extort $300 from him as a condition to stop the DDoS, which promptly commenced
A newly uncovered cyber-spying attack has old Spanish oath embedded in its code (Miami Herald) The cyber-spying attack has carefully selected its more than 1,000 victims in 31 countries, including Cuba
F-Secure report warns XP zero-day attack is imminent (PC World) Are you still using Windows XP? In its latest Threat Report, security vendor F-Secure warns that a powerful zero-day attack against Windows XP is a matter of when—not if—and provides some guidance for those stalwart (or foolhardy) PC warriors who plan to ignore the April 8 "XPocalypse" when Microsoft support for the OS officially expires
University to block computers with Windows XP (Daily Illini) Starting April 8, the University will block computers with Windows XP support from connecting to their networks
Thieves Jam Up Smucker's, Card Processor (Krebs on Security) Jam and jelly maker Smucker's last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers' credit card data. Closer examination of the attack suggests that the company was but one of several dozen firms — including at least one credit card processor — hacked last year by the same criminal gang that infiltrated some of the world's biggest data brokers
China cyber-gangs use 'vast underground network' (BBC) Chinese cybercriminals are increasingly targeting mobile users via a vast underground network of tools and services, according to a new report
Government spying tools will worsen Internet security: experts (Reuters) Electronic spying tools used by the U.S. government could end up in the hands of organized criminals and hackers, further eroding Internet security, warned industry leaders who called for new restrictions and oversight of government activity
Scammers turn to Facebook for targeting (Help Net Security) Scammers are increasingly taking advantage of Facebook targeting tools and user trust to push cheap pharmaceuticals, designer replicas and other products in a trend reminiscent of traditional spam, according to Bitdefender
"Girl killed herself" Facebook scam — be aware before you Share! (Naked Security) The "Girl killed herself video" bait-and-switch scam on Facebook, now in its fifth year, is back. Here are three tips to help us stamp these scams out at last. Be aware before you Share
Stolen Laptop Exposes AppleCare Customers' Data (eSecurity Planet) Names, birthdates, mailing addresses and Social Security numbers may have been exposed
Cyber attack left Carroll County school system without internet, but data was not breached (Carroll County Times) Technology services continues to monitor external traffic coming into the Carroll County Public Schools' network after a cyber attack caused a network shutdown last week.
KCOM caught in yet ANOTHER customer privacy snafu (The Register) Hull-based telco KCOM has coughed to another privacy clanger — this time admitting to wrongly sharing some of its customers' email addresses with other subscribers
How this one innocous tweet could hack a bank account (ZDNet) One inane tweet from mid-2012 was enough to start a chain reaction of information-gathering that could have rivaled the work of a government intelligence agency. And with that dossier of data, a hacker could have ended up ruining one man's life
Mobile Threat Monday: Don't Let Apps Send Your Data in Plain Text! (PC Mag) Most apps are going to snag some piece of your personal information. It might be your device ID, it might be your email address, or it might be your entire address book. Sometimes, this access is warranted, but even when an app really does need this information it should also secure it for transfer. This week, Bitdefender points us to two apps that have a legitimate need for your personal information, but transmit it in plain text that's easily intercepted
Security Patches, Mitigations, and Software Updates
Windows XP end-of-support message to start popping up on Saturday (Graham Cluley) On Saturday 8th March, Windows XP users will start to see this message appearing on their computers
AVG Retires LiveKive, Symantec Announces End of Life for Network Access Control (Softpedia) Symantec and AVG Technologies have announced that their retiring some of their products. AVG will no longer offer the LiveKive backup service, while Symantec will retire its Network Access Control (NAC) solution
Is the security perimeter gone? IT execs weigh in (FierceITSecurity) Is there an enterprise security perimeter anymore? That was one of the questions tackled by a panel of chief information security officers and other IT execs at the RSA Conference last week
When it comes to disaster recovery, it's nothing but failure (CSO) A new study from the Disaster Recovery Preparedness (DRP) Council has nothing but doom and gloom when it comes to the state of disaster recovery
Virtual appliances displace hardware in enterprise network security (FierceITSecurity) Virtual security appliances are displacing security hardware in the enterprise network, concludes Michela Menting, ABI Research's senior analyst in cybersecurity
Malware attacks on Android devices see 600% increase, says Sophos (FierceMobileIT) Malware targeting the Android platform is exploding, with a 600 percent increase in just the past 12 months
Physicians split on use of mHealth apps (FierceMobileHealthcare) A poll of 1,500 physicians across the country finds that 37 percent have prescribed a mobile medical application to their patients, according to QuantiaMD, a social learning network for physicians
The risk of offshoring security (CSO) Outsourcing across all industries has become commonplace, but as the InfoSec Institute's Kim Crawley points out, the economical and security issues of such a trend may cause irreparable damage
Security Firms Face Crisis Of Trust (Dark Reading) Mikko Hypponen reflects on shift toward rampant government spying and use of malware — and targeted attack attempts on F-Secure
How One Company is Using Maths to Beat the Hackers (CBR) New R&D security hub will collaborate with educational institutions to advance security. FireEye, an advanced cyber attack prevention specialist, has announced the soft opening of a research and development (R&D) centre in Dresden, Germany
Security company opens headquarters in Northern Ireland (ProSecurityZone) Securitas is making a positive impact on Belfast's economy with the opening of its new headquarters in the city which will serve all of Northern Ireland
Target Invests $100M in Data Security (Retail Info Systems News) Following the data breach announcement and the rapid change in the pace of sales, the Target team reacted quickly making nimble adjustments to minimize its excess inventory. This quick response allowed the retailer to end the year with a clean inventory position
Deutsche Telekom works with CipherCloud to protect hosted apps (PC World) Deutsche Telekom has joined forces with CipherCloud to help enterprises protect hosted applications using encryption and other technologies such as data loss prevention
Procera Networks' NAVL Engine Selected by GFI Software for WebMonitor™ Solution (MarketWatch) Procera Networks, Inc., the global Internet Intelligence company, today announced that its Network Application Visibility Library (NAVL) has been selected by GFI Software™ to enhance GFI WebMonitor™, one of the industry's leading web security solutions for small to mid-size businesses
Yahoo says Marissa Mayer has fixed its biggest problem (Quartz) In September 2012, shortly after Marissa Mayer took charge of Yahoo, she moved swiftly to try and rectify what was considered the search giant's biggest problem: a lack of talent. The company's long-serving head of human resources departed, and a former private-equity executive, handpicked by Mayer, replaced him
Yahoo has joined the war for your online identity—about half a decade too late (Quartz) For nearly half a decade, Yahoo has been giving away its most valuable asset to its rivals. Now it has decided that that must stop
Greg Hill Named Chertoff Group Principal; Michael Chertoff, Chad Sweet Comment (GovConWire) Greg Hill, formerly chief of staff at the House Homeland Security Committee, has been named principal at The Chertoff Group and partner at TCG Capital Partners, the security advisory company's investment vehicle
Kyle Scott Joins Telos ID as Strategy, Business Development VP (GovConWire) Kyle Scott, a former director of business development and program manager at QinetiQ North America, has been named vice president of strategy and business development for Telos Identity Management Solutions
Who is the reclusive billionaire creator of Bitcoin? (The Telegraph) Public awareness of Bitcoin has never been higher, but few are aware that its origins are a mystery — a secretive programmer called "Satoshi" invented the currency and still holds more than four per cent of all coins in existence. Who is he and what is his plan
Native American tribes adopt Bitcoin-like currency, prepare to battle US government (The Verge) MazaCoin could be what the Lakota people need to boost them out of longstanding poverty, but is it legal
Behold Arscoin, our own custom cryptocurrency! (Ars Technica) And you can mine them to buy fancy hats
Here's how to spend your hard-earned Arscoins (Ars Technica) Send coins to a friend or buy a silly hat for the Ars Technica forums
NASDAQ Finally Launches Its Market For Privately-Held Companies (TechCrunch) Just as the JOBS Act kick-starts bigger markets for shares of privately held companies, NASDAQ is launching its own entrant in the field
Products, Services, and Solutions
A Self-Destructing Phone Isn't the Last Word in Security (Op-Ed) (LiveScience) Businesses battling to keep their information safe pricked up their ears last week as it was announce that Boeing has produced a mobile phone that self-destructs should the wrong person try to use it
DB Networks Partners with AMP Tech Solutions (NewsFactor) DB Networks partners with AMP Tech Solutions to deliver behavioral analysis-based core IDS to federal market — partnership uniquely addresses need for continuous monitoring of database traffic to identify advanced and highly obfuscated attacks within federal agencies
Inline IPsec and MACsec encryption on Brocade MLXe repels prying eyes (TechTarget) Brocade is adding IPsec and MACsec encryption to its enterprise routers and campus switches to address the increasing demand to secure data everywhere, from the LAN to the WAN and the cloud
Tufin firewall management software gets smarter about business apps (TechTarget) As part of its ongoing effort to stretch beyond firewall rules management, Tufin Technologies enhanced its firewall management software to support application lifecycle management and troubleshooting
Samsung Galaxy heart-rate sensor ignites regulatory review (FierceMobileHealthcare) Government health officials in South Korea want to take a closer look at the heart-rate sensor built into Samsung's impending Galaxy S5, but the regulatory review likely won't impact the smartphone's scheduled debut on April 11
RingCentral Receives Enterprise-Ready Rating from the Skyhigh CloudTrust™ Program (Wall Street Journal) RingCentral's cloud business communications platform meets stringent enterprise-class security and performance requirements
Exponential-e Gets Certified (Light Reading) Leading technology enabler Exponential-e announced today that it has become one of the first European Cloud Service Providers (CSP) to attain CSA STAR Certification
Security Processor Increases Data Center Security (Dark Reading) Freescale announces support from Silicom and Green Hills Software for its C29x crypto coprocessor
SERUS Delivers Supply Chain Visibility & Intelligence for Outsourced High Tech Manufacturing (MarketWatch) SaaS-based solution links end-to-end supply chain, empowering users at any stage with the right information at the right time
FreedomPop Announces The Privacy Phone, A Fully-Encrypted Smartphone For $10 A Month (TechCrunch) Meet the Privacy Phone, a device that FreedomPop brags is the only smartphone and mobile service that allows for encrypted communications. Lovingly nicknamed the "Snowden Phone" by FreedomPop, It can even be purchased with Bitcoin to further protect the owner's anonymity. Simply put, if you're in the market for a phone to plan to help run a criminal enterprise or serially
Network analysis and threat detection for MNOs (ProSecurityZone) Mobile Network Operators now have access to Peakflow for the analysis of mobile networks and the detection of threats on LTE networks
Behavioural analysis based intruder detection (ProSecurityZone) DB Networks is providing advanced database threat protection through an Intruder Detection System virtual appliance based on behavioural analysis
Unified identity management and governance (ProSecurityZone) Dell One Identity provides integrated identity governance and privileged access management for improved performance and lower costs
Small Business version of UTM (ProSecurityZone) The Firebox T10 from WatchGuard brings enterprise level Unified Threat Management for home users and small offices
Automatic connectivity restoration for network service providers (ProSecurityZone) Distributed enterprises and service providers can benefit from self-healing management networks with built-in 3G or LTE cellular backup
Technologies, Techniques, and Standards
NIST announces security framework…yawn (Help Net Security) Let me start out by saying that I have a bias against regulatory compliance standards; especially those that are non-specific, not prescriptive, require voluntary cooperation for information gathering, and allow auditors to pass judgment on adequacy with little oversight or discussion
Using dynamic ARP inspection to stop sniffing attacks (TechTarget) Securing the network infrastructure has never been more important. Today, employees and co-workers access resources from many different locations ranging from the workplace and mobile networks to free Wi-Fi found at restaurants and other public locations. What's the one thing in common that all these technologies share? All make use of switches. Attackers can exploit switches if they're not properly secured with dynamic ARP inspection (DAI). One common exploit is sniffing. Sniffers can potentially allow an attacker to capture passwords, usernames or other types of sensitive information
7 Ways to Tell If It's a Fake (McAfee Blog Central) Unfortunately in today's world, scammers are coming at us from all angles to try and trick us to get us to part with our hard earned money. We all need to be vigilant in protecting ourselves online. If you aren't paying attention—even if you know what to look for—they can get you
How To Avoid Data Theft When Using Public Wi-Fi (Forbes) Each week seems to bring news of yet another security breach that puts our personal information into the hands of hackers. The username and password theft here at Forbes.com, the hack of Kickstarter users' contact info, and of course, the massive data breach at Target
Building secure applications: A useful primer (Mobile Industry Review) I know quite a few developers looking at the issue of app security so when @DominicTravers tweeted me this excellent app security primer, I thought it was definitely worth a quick post
Refusing to see the elephants on the lawn (CSO Salted Hash) The other day I was walking through the airport in Toronto. For once I wasn't going to catch a plane or was returning from some place. It was nice. I had a meeting that went well and I was walking back to the car. As I made my way down the stairs I noticed that they were all grey with the exception of one black one
Design and Innovation
Facebook looks to buy drone company for "atmospheric satellites" (Ars Technica) On Monday evening, TechCrunch caught wind of a deal in progress between Facebook and Titan Aerospace, an unmanned aircraft startup that is building what it calls "atmospheric satellites." These "satellites" are solar-powered drones designed by Titan to be capable of flying for up to five years without landing, and they will operate at altitudes above commercial airspace. This will allow them to act as low-cost communications relays for wireless networks
Any company can copy the keystone of Apple's design process (Quartz) It turns out that the key to Apple's creativity, speed, and adaptability is, on its surface, the exact opposite of the kind of free-wheeling creativity one might expect. It's a checklist. A really long one
Research and Development
DARPA Chip Aims to Secure Electronics Throughout the Supply Chain (NextGov) The Pentagon is experimenting with computer chips inside parts for defense systems and other electronics, such as iPhones, that would identify compromised or counterfeit components
Hour of Code: Let's Enable All Children To Become Creators, Not Just Consumers (Forbes) I am a woman who straddles two seemingly opposing worlds, technology and fashion. Yet they are not so different from each other
Raytheon partners with NCCDC to become the title sponsor of nation's largest cyber tournament for college students (MarketWatch) Competition builds skills and inspires next generation of cyber leaders
UNH to host cyber defense competition (Seacoast Online) Next week, some of the region's brightest up-and-comers in the hot field of cyber security will gather at the University of New Hampshire for the Northeast Collegiate Cyber Defense Competition, hosted by UNH's computer science department March 14-16
Legislation, Policy, and Regulation
Latvia launches Cyber Defence Unit to beef up online security (Deutsche Welle) The Latvian army hired the country's first 13 cyber guards in February. As part of the Cyber Defence Unit, they will also help Latvia's military and government's IT security response in the event of a conflict
President's budget proposes $1.25B for DHS cyber activities (Federal Times) President Obama's fiscal 2015 budget request would pour more than $1 billion into the Homeland Security Department's coffers for cyber initiatives, including funding for a new voluntary program for critical infrastructure companies and money to bolster civilian network security
QDR Emphasizes Cyber, Science and Technology (Defense News) The Pentagon's latest Quadrennial Defense Review (QDR) has emphasized the need to protect science, technology, research and development, specifically cyber capabilities, a key priority of senior defense officials
Spy chief outlines hopes for cybersecurity bill (The Hill) Congress needs to overhaul a pair of privacy laws to allow the government to communicate with private companies and foreign nations, according to National Security Agency (NSA) Director Gen. Keith Alexander
US State Dept: "Surveillance should not be arbitrary," except when it is (Ars Technica) State Dept. official reiterates president's January policy on digital snooping
NSA made Snowden leak worse: Senate Dem (The Hill) The National Security Agency's slow response to Edward Snowden's security leaks exacerbated an already devastating national security problem, Sen. Sheldon Whitehouse (D-R.I.) charged Tuesday
ACLU Report On Metadata Details Law Enforcement Abuse, Shows There's No Clear Cutoff Between Content And Data (TechDirt) The ACLU of California has put together a thorough report on metadata, the information harvested daily by the NSA, as well as by several private contractors working in conjunction with law enforcement and investigative agencies
Debate on mobile app regulatory oversight heats up (FierceMobileHealthcare) The mHealth Regulatory Coalition says a proposed law to eliminate oversight by the U.S. Food and Drug Administration on mobile healthcare software poses serious risks to patients and that Congress must play a key role in ensuring FDA guidance on mobile applications
Phone Security Legislation Introduced (BankInfoSecurity) Rep. José E. Serrano, D-N.Y., has introduced legislation in the U.S. House of Representatives that would require a kill switch on smart phones. The bill would give consumers the ability to wipe their phone data, helping to deter the rising number of cell phone thefts, the sponsor says
How to protect our electric grid: Column (USA Today) Important steps are needed now to guard against cyber threats to key U.S. sectors
Inside the U.S Department of Homeland Security's Network (eSecurity Planet) Head of National Cybersecurity Protection System explains where DHS is making investments to defend the U.S federal government's network
Litigation, Investigation, and Law Enforcement
Department of Justice Releases Documents on Pen Registers and Trap and Trace Applications to the FISC (IC on the Record) On Friday, the Attorney General through the Department of Justice, declassified and released 24 documents that were responsive to a portion of a Freedom of Information Act request by the Electronic Privacy Information Center
Supreme Court Denies Review of NSA Warrantless Surveillance Case (eNews Park Forest) The Supreme Court announced yesterday that it would not hear Center for Constitutional Rights v. Obama, a lawsuit challenging the National Security Agency's warrantless surveillance of people within the United States. The suit sought an injunction ordering the government to destroy any records of surveillance that it still retains from the illegal NSA program
FTC Announces Identity Theft Was Top Consumer Complaint During 2013, 14 Years Running (Workplace Privacy Report) According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down
Journalist: NSA won't give me a secure channel to communicate on (Ars Technica) Barton Gellman, one of the few journalists that has been given access to the entire trove of documents provided by whistleblower Edward Snowden, told the RightsCon conference Tuesday that American federal authorities have declined to provide him with a secure means to communicate with them
Puffchat, the less secure Snapchat competitor, threatens researcher who found privacy holes (Graham Cluley) PuffchatYou would think, considering how many security problems have beset the teen sexting app Snapchat, that it would be hard to produce a competing app which was more careless with users' data
Police Contract With Spy Tool Maker Prohibits Talking About Device's Use (Wired) A non-disclosure agreement that police departments around the country have been signing for years with the maker of a cell-phone spy tool explicitly prohibits the law enforcement agencies from telling anyone, including other government bodies, about their use of the
For a complete running list of events, please visit the Event Tracker.
Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, Mar 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.
Eurocrypt 2014 (, Jan 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
CYBERSEC 2014 (, Jan 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.
cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, Mar 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization architectures and describe novel approaches to implementing virtualization technology / hypervisors for offensive and defensive cyber security applications. Case studies will be presented for malware detection, reverse engineering, code protection, security testing, stealthy code and other applications.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.