The CyberWire Daily Briefing for 3.25.2014
Russian arms export agency Rosoboronexport denies it lost any sensitive data in a cyber attack it sustained some two weeks ago at the outset of the crisis in Crimea. The US looks into its electronic surveillance performance during that crisis.
Algeria's election season opens with a round of cyber attacks on campaign sites.
Microsoft warns that a Word zero-day is being actively exploited in the wild. Targeted attacks are using booby-trapped RTF files to gain control of compromised machines via a memory corruption bug. Word 2010 is principally affected, but other versions are also affected: Word 2003, 2007, and 2013 for Windows; Microsoft Office for Mac 2011; and multiple versions of Microsoft SharePoint Server. Viewing an email in an Outlook preview pane can be sufficient to infect a device. Microsoft has issued notes on mitigation.
GitHub developers may have revealed their AWS keys.
Distributed denial-of-service campaigns reappear. Researchers claim to have found a DDoS exploit for Android. Hootsuite is back online, but Basecamp is subjected to an extortion-motivated DDoS attack.
BitCrypt malware combines ransomware with Bitcoin theft. A new Android malware family (ANDROIDOS_KAGECOIN.HBT) mines Bitcoins, Litecoins, and Dogecoins. And Blockchain users are phished for Bitcoins.
MH370 seems not to have been hacked, but concerns about avionics vulnerabilities remain.
Business leaders call for more threat information sharing.
Palo Alto Networks buys Cyvera for $200M (and sees its share price take a hit).
China demands an explanation of alleged US Huawei hacking.
The US Administration and Congress seem poised to limit surveillance.
Notes.
Today's issue includes events affecting Algeria, Australia, China, France, India, Israel, Malaysia, Russia, Switzerland, Turkey, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Rosoboronexport Denies Loss of Confidential Data in Cyber Attack (Defense World) Rosoboronexport today denied any loss of confidential data that was said to be the result of a targeted cyber attack a fortnight ago
U.S. Scurries to Shore Up Spying on Russia (Wall Street Journal) In Crimea, Russia may have gotten a jump on West by evading U.S. eavesdropping
Bouteflika website cyber attack as Algeria vote campaign opens (BizCommunity) President Abdelaziz Bouteflika's website was inaccessible Sunday at the start of campaigning for Algeria's 17 April election as his camp reported a cyber attack
Zero-day vulnerability in Microsoft Word under active attack (Ars Technica) People using Word 2010 with Outlook should take immediate action, company warns
Just previewing an Outlook email could infect your computer. Microsoft warns of zero-day flaw (Graham Cluley) RTF? WTF! Microsoft hasn't patched against this zero-day vulnerability yet, which is actively exploited by malicious hackers
10,000 GitHub users inadvertently reveal their AWS secret access keys (Help Net Security) GitHub developers who are also Amazon Web Services users are advised to check the code they made public on their project pages and to delete secret access keys for their AWS account they may have posted inadvertently
Malicious apps can hose Android phones, erase data, researchers warn (Ars Technica) Denial-of-service exploit may also work against official Google Play market
Blackmail DDOS Attack Takes Out Major Online Chat Service (Gizmodo) The popular group chat system Campfire is currently being nailed with a DDoS attack. Turns out some blackmailing hackers are trying to extort money from the provider. They're refusing to negotiate
Attackers to Basecamp: If you ever want to get back online, pay us or else (Ars Technica) Site fights back against extortion-motivated denial-of-service assaults
Hootsuite Back Online Following Denial of Service Attack (Threatpost) Social media management system Hootsuite recovered rapidly from a denial of service (DoS) attack late last week, bouncing back after only being offline for a few hours Thursday morning
Ransomware and Bitcoin Theft Combine in BitCrypt (TrendLabs Security Intelligence Blog) CryptoLocker and other such ransomware threats have been a significant problem for some time now, but recently we've seen a new addition to the ransomware scene. This new threat, which calls itself BitCrypt, adds a unique angle to ransomware: it steals funds from various cryptocurrency wallets as well
Mobile Malware Mines Dogecoins and Litecoins for Bitcoin Payout (TrendLabs Security Intelligence Blog) Recently, other researchers reported that a new Android malware family (detected as ANDROIDOS_KAGECOIN.HBT) had cryptocurrency mining capabilities. Based on our analysis, we have found that this malware is involved in the mining for various digital currencies, including Bitcoin, Litecoin, and Dogecoin. This has real consequences for users: shorter battery life, increased wear and tear, all of which could lead to a shorter device lifespan
Bitcoin phishing attack targets Blockchain users (Graham Cluley) If you're an advocate for the Bitcoin digital currency be on your guard, because phishers are after your cash
Guess Who's Spying on Huawei? (Slate) The New York Times reported over the weekend, based on files provided by Edward Snowden, that the National Security Administration has been hacking into the servers of Chinese telecommunications giant, Huawei. The story is not particularly surprising, though it is somewhat ironic given that for years, the U.S. government has been warning that Huawei's servers aren't safe given the risk of spying by Chinese intelligence
Vodafone, Airtel and Idea may have been compromised by National Security Agency (dna india) GSM players Vodafone, Airtel and Idea, which use Huawei equipment, may have been compromised by the National Security Agency (NSA), the spy unit of the US
The Mobile Cybercriminal Underground Market in China (Trend Micro) Places in the Internet where cybercriminals converge to sell and buy different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what's more interesting to note is that recently, prices have been going down
How to steal a Facebook page, with help from Mark Zukcemberng (Graham Cluley) Reader "Jeremy M" has got in touch, with an amusing example of an attempted attack that has been seen on Facebook
Employee with Minnesota-based insurer risks data of 38K members (SC Magazine) Roughly 38,000 members of Minnesota-based HealthPartners may have personal information at risk after an employee brought home electronic files containing the data, showed the files to a family member for help with formatting, and transferred the files to their own devices, between 2008 and 2010
Malaysia Airlines Flight MH370: Are planes vulnerable to cyber-attack? (Christian Science Monitor) Malaysia Airlines Flight MH370, the Boeing 777 that Malaysia says went down in the Indian Ocean, likely was not the target of a cyber-attack, experts say. But, they add, the vulnerabilities of such planes are quite real
Black Market for Malware and Cyber Weapons is Thriving (Foreign Policy) The world of computer hackers who sell stolen credit card numbers, spyware, and cyber weapons is often likened to an "underground," a word that implies the existence of a place cut off from most Internet users and existing in a corner of the Web that most people never see. But a new report concludes that the markets actually function more like thriving bazaars subject to the same economic forces as legitimate stores. And just like those legitimate stores, the bazaars aren't that hard to find
Bulletin (SB14-083): Vulnerability Summary for the Week of March 17, 2014 (US CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Microsoft security advisory: Vulnerability in Microsoft Word could allow remote code execution (Microsoft Support) Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information
Now Tumblr gets two-factor authentication, boosts security for users against account hijacks (Graham Cluley) Tumblr has today announced a new feature, which I would urge all users to consider enabling
Isn't It Time Oracle Gave Us Monthly Security Updates for Java? (Lumension) In some ways, it could be argued that Java is an incredible success. I'm serious. Stop laughing at the back. You see, according to Oracle, Java's developer, the product is used on over 3 billion different devices worldwide. That *is* impressive. But, for those of us concerned with securing systems and keeping computer data safe, it's been a nightmare
Cyber Trends
Gulf nations must unite to fight cyber threats, says former FBI chief (The National) Cooperation is key when it comes to tackling the constantly adapting threat from cyber criminals. That was the advice given by the former FBI cyber security unit chief, Don Codling, at a conference in Abu Dhabi
How Companies—Together—Can Stop Cyberattacks (Wall Street Journal) Millions of consumers were impacted by recent large-scale credit-card data breaches at retailers. These breaches have resurrected the issue of cybersecurity for policy makers. The financial-services sector has successfully tackled cyberattacks for decades, but consumers interact with many others in the "payments ecosystem" when making purchases. The security of cybersystems is only as strong as the weakest link in the system
Have you sold your online soul for a mess of potage? (ComputerWeekly) It is not just smart TVs that require you to agree to global surveillance by you technology or service provider and those to whom they decide to provide information. Do you care?
Shift in big data: From standalone product to 'feature inside' (FierceBigData) For a while now, big data has steadily become the root of decision-making in every aspect of business. It should come as no surprise then that its emerging ubiquity would move it to feature rather than standalone status—that it would become part of all software. Movement on that front is already in evidence. Here is what's happening now
Momentum of big data overwhelms experts' expectations (FierceBigData) Even the most accomplished experts in the big data field have been taken aback and completely overwhelmed by how fast and drastically big data is changing our lives. While change has always been the only constant, change this constant and on this scale is a completely new experience
These companies are mining the world's data by selling street lights and farm drones (Quartz) Few tech bigwigs get excited about disrupting nitty-gritty municipal markets like street lighting. Even fewer have ever set foot on an actual farm, much less thought of technology designed for one. But the boring world of basic needs and utilities hides huge opportunity for tech's favourite revenue source: data
Marketplace
Intelligence community IT integration contract could be worth $6B (FierceGovIT) Federal intelligence agencies could spend up to $6 billion over five years on a wide-ranging information technology contract aiming to integrate IT services into a common environment
Polish Government Announces $100M Fund To Support Ukrainian Startups (TechCrunch) Poland is to put $100 million (300 million Zloty) into supporting small Ukrainian companies, which will obviously include tech companies by implication, and allow more Ukrainian companies to list on its stock exchange. "We do this to support the new Ukrainian industry, new business and build a new middle class," sad President Bronislaw Komorowski told Polish newspaper Gazeta
Palo Alto Networks To Acquire Cyvera For Approximately $200 Million (Dark Reading) Cyvera provides cyberdefense solutions that protect organizations from sophisticated, targeted cyberattacks
Palo Alto Networks to buy Israeli cybersecurity firm (Reuters via the Chicago Tribune) Palo Alto Networks Inc , which makes firewalls to protect companies from cyber attacks, said it would buy a tiny Israeli security firm, Cyvera, for about $200 million in a move that some analysts expect will crimp profits over the next few years. Palo Alto's shares fell as much as 7 percent in late morning trading
Don't Fiddle While FireEye Burns… (Nasdaq) FireEye's (FEYE) rising stock price brings back vivid memories of my tenure at Goldman Sachs during the Internet bubble. A stock would be deemed "cheap", because it was trading at only 30x revenue (while its peers were trading at 40x). I thought those days were over. Yet, FEYE (a fairly recent IPO) now trades at roughly 30x 2014 revenue (at the time of publication in PTT). As a former portfolio manager, I can't justify this on any metric. In my recollection, investors have never been able to make money on established companies trading at 30+ times projected revenue
Application Software Industry Announce Survey Results and New Applications - Analyst Notes on FireEye, Splunk, Red Hat, CommVault Systems, and Intuit (MarketWatch) Today, Analysts Review released its analysts' notes regarding FireEye, Inc. FEYE +1.97%, Splunk, Inc. SPLK +0.23%, Red Hat, Inc. RHT -0.01%, CommVault Systems, Inc. CVLT -0.01%, and Intuit Inc. INTU -0.02%. Private wealth members receive these notes ahead of publication
Phoenix Datacom to augment digital forensics capabilities for UK Government Departments and Enterprise customers (Digital Journal) Phoenix Datacom, the UK's most technically competent provider of solutions and professional services to enhance the performance and security of networks and applications has partnered with Guidance Software — recognised industry leader for digital investigative solutions
BAE Systems Unit To Hire 300 High Technology Graduates In Two Years (Bernama) BAE Systems Applied Intelligence is ramping up its cyber intelligence operations in Malaysia by hiring 300 high technology graduates in the next two years
Microsoft set to roll out anti-cybercrime strategy in Europe (ComputerWeekly) Microsoft plans to expand its botnet disruption strategy beyond the US through public-private partnerships (PPPs) in Europe and other regions of the world
Microsoft to Include Itself in Future Transparency Reports (InfoSecurity Magazine) Microsoft has stated that it conducted a search of the emails of one of its own users while looking for the source of stolen Windows IP. It did this on its own cognizance without prior court order. Details became available court filings accusing a previous employee of the 'Theft of Trade Secrets'
Microsoft Says: Come Back with a Warrant, Unless You're Microsoft (EFF via infosec island) EFF has long argued that law enforcement agencies must get a warrant when they ask Internet companies for the content of their users' communications. In 2013, as part of our annual Who Has Your Back report, we started awarding stars to companies that require warrants for content. It is now unclear whether Microsoft, one of our inaugural "gold star" companies in that category, is willing to live by its own maxim
Worried about the government? Internet giants also dip their hands in the cookie jar (IT World) Security protections have been tightened at many of the major online services, as firms like Google and Microsoft pledge to protect their users against unwanted prying eyes. But while many people fret about unwarranted government access to their data, the Internet firms themselves play by their own set of rules
Newest bug bounty touts $10K rewards, appeals for help in finding Flash flaws (ComputerWorld) Vulnerability broker mocks talk of "heroes" who find bugs
Former FBI Director Mueller Joins Wilmer (Legal Times) Former Federal Bureau of Investigations Director Robert Mueller III has joined Wilmer Cutler Pickering Hale and Dorr as an equity partner, the firm said Monday
Products, Services, and Solutions
Former NSA And Google engineers Launch A New And More Secure Disconnect Search (Dark Reading) Disconnect Search protects users' privacy in four ways
Lumeta Announces Integration With Allgress (Dark Reading) Integrated solution includes centralized data store
Lancope Unveils New Version of StealthWatch System (Dark Reading) StealthWatch 6.5 delivers enhanced usability and security analytics
Privus: Fully Encrypted Email, Chat and Texting made Simple (Kickstarter) An absolutely uncrackable encrypted email service that's as easy to use as Gmail, and lets you keep your existing email address
Trend Micro extends mobile security portfolio (ITWeb) Internet security company Trend Micro has unveiled a set of solutions to combat the unprecedented array of cyber attacks that are continually victimising individuals and enterprises via mobile platforms
Foundation to fight cybercrime by offering free advice on domain-name security (NetworkWorld) Goal of Secure Domain Foundation is help domain name registrars and others adopt best security practices
Product pitch: ForgeRock Identity Relationship Management (Help Net Security) In this product pitch recorded at RSA Conference 2014, Daniel Raskin, VP of Marketing at ForgeRock, talks about Identity Relationship Management
Multiven Launches Pearl Guard to Defend IT & Network Devices Against Cyber-Attacks (WebWire) Multiven today launched Pearl Guard, a new service offering that provides businesses, telcos, government agencies as well as owners and operators of Internet-enabled devices with during-breach expert technology support to defend against any computer network attack, restore software configurations and replace damaged equipment within 24 hours of a cyber-attack
WhiteHat Releases Aviator Browser for Windows (Threatpost) Keeping Web sessions private and secure can be a daunting task, especially for users who may not be so familiar with how to lock down their browsers, but WhiteHat Security is trying to make that process simpler with the release of a beta version of its Aviator browser for Windows
A thin lifeline for XP users: New Malwarebytes suite will support the older OS (CSO) The new Anti-Malware Premium suite unites five technologies under a new interface, including a behavior-based detection engine
Technologies, Techniques, and Standards
How To Secure Your WordPress Website From Hackers (Forbes) Millions of websites are powered by WordPress software and there's a reason for that. WordPress is the most developer-friendly content management system out there, so you can essentially do anything you want with it. Unfortunately, that has some downsides as well
Integrating Physical Security Sensors (Internet Storm Center) I have been playing for a few years now with different network connected devices. As a "security guy", a lot of this research has been about vulnerability in these devices, or what we sometimes call the "Internet of Things". Over the years, I also learned to appreciated the ability of these devices to deliver physical context to some events that I may see in my logs, and I started to add the state reported from some of these devices to my syslog collector feeding into my SIM (right now not a full SIM, but Splunk for the most part).
Prezi Got Pwned: A Tale of Responsible Disclosure (Engineering at Prezi) The emails that arrive in a security engineer's inbox can be put into three broad categories
Research and Development
Academics Spy Weaknesses in Bitcoin's Foundations (MIT Technology Review) One thing cannot be disputed about the person (or persons) responsible for creating Bitcoin: they were skilled in math, and expert at coding. Five years after the Bitcoin software was first released, no major fixes have been needed to the core code, which uses cryptography to generate and transfer virtual money
Why Google Glass security remains a work in progress (CSO via TechHive) University researchers' recent experiment with spyware for Google Glass has demonstrated that lots of security work remains before the head-mounted computer eyepiece is available for consumers
Cybersecurity Lies Take Longer than Cybersecurity Truth (SIGNAL Magazine) Attacks on a computer's Basic Input/Output System (BIOS) do not receive a lot of attention, and protecting against them is often not a priority, but they are on the rise, say researchers at The MITRE Corporation, a not-for-profit research organization funded by the U.S. government. The MITRE team is developing tools to protect against BIOS attacks and is searching for organizations to help evaluate those tools
Academia
Slideshow Outlines Cyberwar Training for Chinese Students (Epoch Times) Computer science students in China are exhorted to "shoulder the responsibility of safeguarding [China's] cyber sovereignty, and engage in the arduous task of cyber battle," according to an "Introduction to Computing" presentation from China's East China University of Science and Technology
Cyber Security Research Alliance Initiates First Research and Development Projects with Drexel University and George Mason University (IT Business Net) The Cyber Security Research Alliance (CSRA) today announced the selection of its first academic research partners who will work together to advance cyber physical system security in transportation vehicles, medical devices and the power grid. Drexel University and George Mason University will begin their research with a survey and taxonomy
UD hires national defense expert Starnes Walker to lead new cybersecurity initiative (Broadway World) UD hires national defense expert Starnes Walker to lead new cybersecurity initiative The University of Delaware Cybersecurity Initiative (UDCSI), which emphasizes issues facing corporate America, has named a leading national expert as founding director
Legislation, Policy, and Regulation
Obama to Call for End to N.S.A.'s Bulk Data Collection (New York Times) The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency's once-secret bulk phone records program in a way that — if approved by Congress — would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials
Ruppersberger bill would end NSA bulk telephone data collection (Baltimore Sun) Rep. C.A. Dutch Ruppersberger, the top Democrat on the House Intelligence Committee, plans to introduce bipartisan legislation Tuesday that would end the National Security Agency's bulk collection of U.S. telephone and email data — the surveillance program that has drawn fire from privacy advocates, civil libertarians and some lawmakers since it was revealed last year
Obama reassures Internet CEOs on tech privacy (News Herald) A week before a self-imposed deadline for a review of National Security Agency programs, President Barack Obama sought Friday to assure leading Internet and tech executives that his administration is committed to protecting people's privacy
Opinion: The Feud Between the CIA and the Senate Is Not a Problem — It's a Glimmer of Hope (The Atlantic via Government Executive) Political reporters are often unaware of the assumptions baked into the stories they write. Take the dispute between the Senate Intelligence Committee and the CIA. Politico's latest on the subject: "Dianne Feinstein-CIA feud enters uncharted territory." Here is the lede
China calls on US to quit spying on its companies (The Hill) China is calling on the United States to explain its use of cyberespionage and to stop spying on its companies after a report revealed the National Security Agency hacked into the servers of a major Chinese company
Turkey Twitter ban is 'a losing battle', expert claims (BBC) The Turkish government is "fighting a losing battle" in banning social media network Twitter, experts have said. Locals continue to tweet via virtual private networks (VPN), anonymous web browser Tor and text messages, said security expert Rik Ferguson
Want to be anonymous? Now you have a right to be (Sydney Morning Herald) Australian citizens now have the right to remain anonymous or use a pseudonym when interacting with government agencies, private health service providers, and large organisations under new privacy laws
Reporting cyber attacks should be "a legal requirement" (SC Magazine) The opposition Labour party is calling for new laws to be introduced so that businesses are forced to report when they have been hit by a cyber attack
White House, Treasury officials to appear at SEC cyber security event (Reuters via the Chicago Tribune) Cyber security experts from the White House, Treasury Department and Department of Homeland Security will be among panelists appearing on Wednesday at a roundtable on the challenges hackers pose to public companies and financial markets
Advocates Seek 'Smart Regulation' of Surveillance Technology (Threatpost) Politicians and policy analysts, discussing the issue in a panel Monday, said that there is room for sensible regulation without repeating the mistakes of the Crypto Wars of the 1990s
Litigation, Investigation, and Law Enforcement
Twitter, Facebook sued for 'abusive' methods (The Local (French Edition)) A French consumer watchdog group announced on Tuesday it was suing Twitter, Facebook and Google for allegedly breaking France's privacy laws. The lawsuit is the latest in a battle over privacy protection on social networks in France
Facebook's online teen privacy argument challenged in California court (Naked Security) A long-running legal dispute that was settled is now bubbling up once again. Namely, the way that Facebook appropriates children and teen users' names and photos for "Sponsored Story" ads when users "Like" something, regardless of whether such users want to be seen as endorsing the subject of their thumbs-upping
Snowden's latest NSA claims strain credulity (FierceBigData) One of the more appalling things about the Snowden revelations is how quickly he was embraced as either hero or villain. In the court of public opinion, judgment is often made based on emotion and not much else. But now that the heat of the moment has passed, it's time to look at the evolving evidence with a more discerning eye. "As each new allegation about the National Security Agency's data-gathering capabilities hits the news, one has to wonder how much of it is true and how much is sensationalism," writes Wayne Rash in eWeek
U.S. notified 3,000 companies in 2013 about cyberattacks (Washington Post) Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions
California's DMV Investigates Card Processing Breach (InfoSecurity Magazine) When Brian Krebs learned of a private MasterCard warning being circulated to banks, he challenged the DMV — and only then did it issue a public statement that it was indeed investigating a potential security issue
Judge to porn trolls: IP addresses aren't people (Ars Technica) Adult film company Malibu Media has sometimes been called a "porn troll," or "copyright troll," because it has sued hundreds of people for allegedly illegal downloads of pornographic movies that it owns. Malibu is believed to have filed over 1,000 such lawsuits
When gov't spies fake your company's website, what can be done? (Ars Technica) Intel agencies' techno-impersonations wouldn't be immune from trademark law.
US gov't secures first-ever win against Android app pirates (Ars Technica) Two men could face a maximum sentence of 5 years in prison and a $250,000 fine
Stanford Hospital, Contractor to Pay $4.1 Million for 2010 Data Breach (eSecurity Planet) The breach exposed 20,000 emergency room patients' medical information
Judge Refuses to Dismiss Confession, Evidence in Reuters Employee Hacking Case (Wired) A federal judge has refused to dismiss a recorded confession and computer evidence collected in the case of Mathew Keys, a former Reuters employee accused of conspiring with members of Anonymous to hack his former employer
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SOURCE (, Jan 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals come together to gain knowledge and skills, network with peers, and advance their careers and professional development. SOURCE enables individuals, teams, and organizations to leverage information to improve decision-making, optimize performance, and achieve business objectives.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Fourth Annual China Defense and Security Conference (Washington, DC, USA, Mar 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding China's rising military power and strategy by carefully examining Chinese-language sources. Speakers at the conference will provide an extensive overview of recent developments in military training and operations reform, and take on challenging questions in Chinese foreign policy, including considerations of the role of cyber-warfare in Chinese strategic thought.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
SEC Cybersecurity Roundtable (Washington, DC, USA, Mar 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Mar 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
CyberBiz Summit (Linthicum, Maryland, USA, Mar 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.
Cyber Saturdays (Laurel, Maryland, USA, Mar 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming Cyber Saturdays could be a great way to spend part of your weekend.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
NSA Hawaii (, Jan 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by the NSA Hawaii NSA/CSS Technology Directorate. The focus of this event will be Cyber Security, Big Data and Cloud Computing technologies but all interested companies are welcome to exhibit.
InfoSec World Conference & Expo 2014 (, Jan 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
IT Security Entrepreneurs Forum (ITSEF) 2014 (, Jan 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.
Women in Cybersecurity Conference (, Jan 1, 1970) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.