The CyberWire Daily Briefing 01.14.15

Cyber Attacks, Threats, and Vulnerabilities

It's hacker jihad: Islamist skiddies square up to Anonymous (Register) Open source Notepad caught in web graffiti crossfire

Fake BBC site disappears after bogus story on Charlie Hebdo (IDG via CSO) A fraudulent website that cloned the BBC has gone offline after it received a surge of traffic for running a bogus story concerning the violence at French satirical newspaper Charlie Hebdo

Kazakh Child Soldier Executes 'Russian Spies' in Islamic State Video (Foreign Policy) In a video released Tuesday by the Islamic State, two men described as Russian agents testify that they had attempted to spy on the militants, infiltrate their computer networks, and assassinate the group's leaders. Then a long-haired young boy calmly shoots the men in the back of the head with a handgun

Islamic State begins recruiting campaign in Pakistan, Afghanistan (McClatchy) The Islamic State formally has opened for business in the crowded militant markets of Afghanistan and Pakistan, announcing in a video over the weekend that it's established an organizational structure dominated by notoriously anti-Shiite-Muslim former commanders of the Pakistani Taliban

Al Qaeda branch claims responsibility for Charlie Hebdo attack (CNN) Al Qaeda in the Arabian Peninsula claimed responsibility Wednesday for last week's rampage that killed 12 people at France's Charlie Hebdo satirical newspaper

Key US military command's Twitter, YouTube sites back online (Washington Post) The Twitter and YouTube sites for the U.S. military's Central Command are back online after being taken over by hackers claiming to support the Islamic State militant group, and Pentagon officials are reviewing some security protocols in the wake of the breach

British hacker suspected of cyber attack on US Central Command Twitter account (Mirror) Computer whizz Junaid Hussain who fled UK to join ISIS fighters in Syria two years ago was previously jailed for hacking Tony Blair's internet accounts

EUCOM, AFRICOM keep cyber vigilance after CENTCOM hack (Stars and Stripes) Other combatant commands are closely monitoring their social media platforms after U.S. Central Command's Twitter feed was briefly taken over on Monday by hackers claiming to be affiliated with the Islamic State group

Hack of U.S. military social media accounts prompts embarrassment, review (Washington Post) The high-profile hack of two social media accounts run by the U.S. military's Central Command on Monday was an embarrassment, and has prompted the Office of the Secretary of Defense to direct its own social media managers to make sure their accounts are secure, a military official said Tuesday

Military hack: A new era of cyber vandalism? (The Hill) The Monday takeover of the U.S. Central Command (Centcom) Twitter and YouTube accounts could represent the start of a new era of cyber vandalism targeting the U.S. government, security experts said

Cyber attack on CENTCOM: Just the tip of the iceberg? (Fox News) Just yesterday, a frightening warning from General Martin Dempsey. He warned that if terrorists wage a cyber war in America, we don't have the upper hand

ISIS Compromises CENTCOM Social Media: Are You Next? (ZeroFOX Intel Brief) On Monday, January 12, 2015, hackers claiming loyalty to the Islamic State of Iraq and Syria (ISIS) compromised the Twitter account and YouTube channel of the United States Central Command (CENTCOM), whose military "Area of Responsibility" (AOR) includes the Middle East, North Africa, and Central Asia

Recent Crypto-Ransomware Attacks: A Global Threat (TrendLabs Security Intelligence Blog) We noticed a recent influx of crypto-ransomware spreading in Australia. This recent wave rings similar to the hike of infections in the Europe/Middle East/Africa (EMEA) region we wrote about in early December. Upon further research and analysis, we concluded that the attackers behind these incidents could possibly belong to the same cybercriminal gang due to the similarity in their IP addresses

GE Ethernet Switches Have Hard-Coded SSL Key (Threatpost) There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely

Oracle alerts firms to bogus malware-laden 'security patches' (V3) Hackers are targeting enterprise companies with bogus, malware-laden patches purporting to come from Oracle

Someone Hacked Glorious Leader, Kim Jong-un Game and Destroyed it (HackRead) The Glorious Leader game which lets you control North Korean dictator Kim Jong Un has been hacked, according to its developers

Crayola's Facebook page hijacked, redrawn in NSFW style (Naked Security) Cranberries, oranges, peaches, lemons, grapefruits, watermelons, pears: such evocative crayon color names, aren't they?

"Obamacare" phishing email leads to banking malware‏ (Naked Security) Looking through the SophosLabs spamtraps recently revealed an interesting malware distribution campaign

Cyber attack on ASUCR website decreases transparency (University of California Riverside Highlander) As a result of a cyber attack that shut down the ASUCR website, members of ASUCR have decided to switch to an older server under the domain name, ASUCRexchange.ucr.edu, which still holds remnants of its old merchandise store that closed in 2012

4 Mega-Vulnerabilities Hiding in Plain Sight (Dark Reading) How four recently discovered, high-impact vulnerabilities provided "god mode" access to 90% of the Internet for 15 years, and what that means for the future

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Microsoft on Tuesday posted eight security updates to fix serious security vulnerabilities in computers powered by its Windows operating system. Separately, Adobe pushed out a patch to plug at least nine holes in its Flash Player software

Adobe Patches Nine Vulnerabilities in Flash (Threatpost) Adobe today released the year's first round of security updates for Flash Player, addressing nine vulnerabilities in the software including several critical bugs that could allow an attacker to take control of an affected system

Siemens Patches SIMATIC WinCC Apps for iOS Against Password-Related Flaws (Softpedia) A total of three vulnerabilities have been removed by Siemens from the iOS version of SIMATIC WinCC Sm@rtClient, mitigating the risk of a potential attacker to extract access credentials under certain conditions

Microsoft fixes Windows security bugs in January's Patch Tuesday (ZDNet) The software giant issued 8 patches to fix security vulnerabilities in Windows, including one considered "critical" — the most severe rating

Microsoft Patches Zero-Day Windows Flaws Disclosed by Google (eWeek) The first patch Tuesday of 2015 includes a few surprises in what it contains and what it doesn't

Windows 7: Everything new is old again (Naked Security) Windows 7 logoSometimes in the security business it feels like you are always the bearer of bad news

Google discloses *another* Microsoft Windows vulnerability before a patch is ready (Graham Cluley) Earlier this month, Google controversially published proof-of-concept code, providing malicious hackers with a blueprint through which they could exploit Microsoft Windows 8.1 through a zero-day vulnerability

Google starts flame war after borking WhiteHat Aviator secure browser (Inquirer) WhiteHat Security was made red in the face after Google managed to bork what it markets as "the most secure browser by default"

How Secure Is Android if Google Won't Patch? (eSecurity Planet) A security researcher alleges that Google won't patch its older Android software for a new vulnerability. Luckily, users have options to boost security for older versions of the OS

Cyber Trends

The risks of a big man-made IT disaster are on the rise (IT World) IT services are but one human error away from a spectacular failure, and there's very little evidence to suggest that we've found a way to stop people from making mistakes

Experts pick the top 5 security threats for 2015 (PC World) Massive, high-profile data breaches pockmarked 2014, culminating in the bizarre events surrounding the hack of Sony Pictures — allegedly by North Korea in retaliation for the politically incorrect stoner comedy The Interview. That's a tough act to follow, but I'm sure 2015 will make an effort. I spoke with security experts to find out what we have to look forward to

Cisco: Complacency and Ignorance Make Staff Major Security Threat (Infosecurity Magazine) Complacency and low levels of security awareness are contributing to a major insider threat facing UK organizations today, according to new research from Cisco

New Data Illustrates Reality Of Widespread Cyberattacks (Dark Reading) All retailers, healthcare & pharmaceutical firms in new study suffered cyber attacks in the first half of 2014, FireEye found

Which Industries Observe Cybersecurity Best Practices? (Bloomberg TV) Tripwire Security Analyst Ken Westin and Blue Coat Systems Hugh Thompson discuss cybersecurity and the White Houses vision for information sharing

Endpoint Security Activities Buzzing at Enterprise Organizations (ESG) Endpoint security used to be a quasi "set-it-and-forget-it" category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then

Why Healthcare Cybersecurity Cannot Ease Up in 2015 (HealthITSecurity) Regardless of an organization's size, it's essential to have comprehensive healthcare cybersecurity protections in place. More facilities are implementing the use of connected devices, such as mobile phones, tablets, and laptops. Moreover, cloud storage is gaining popularity, and more providers are connecting their systems to one another through health information exchanges (HIEs)

New Research From Aberdeen Group and Wombat Security Confirms Security Awareness and Training Measurably Reduces Cyber Security Risk (Marketwired) Monte Carlo analysis reveals that changing employee behavior reduces the risk of a security breach by 45% to 70%

Cyber Terrorism: Complexities and Consequences (Infosec Institute) While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists: Technological complexity, image, and accident (Against Cyberterrorism, 2011, p. 27)

Marketplace

2015: The Year Of The Security Startup — Or Letdown (Dark Reading) While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers

Ionic Security raises $40M for the launch of its secret security platform (VentureBeat) Ionic Security just landed $40.1 million in new funding for a document-encryption platform it has built, but details on exactly how that platform works are still sketchy

BlockCypher Raises Seed Funding To Be The Web Services For Cryptocurrency (TechCrunch) With an eye toward making blockchain technology easy to integrate into any application, BlockCypher has raised $3 million in its first round of financing

Booz Allen Hamilton Holding Lifted to "Buy" at Bank of America (NYSE:BAH) (InterCooler) Booz Allen Hamilton Holding Co. logoBank of America upgraded shares of Booz Allen Hamilton Holding (NYSE:BAH) from a neutral rating to a buy rating in a research note released on Friday morning, TheFlyOnTheWall.com reports. They currently have $32.00 target price on the stock

A10 Networks Inc Analyst Rating Update (Stafford Daily) A10 Networks Inc (NYSE:ATEN) has received a Neutral rating from research analysts at Zacks with a rank of 3. The company has been rated an average of 1.63 by 8 Wall Street Analysts. 5 analysts have added the counter in their list of strong buys. 1 stock experts have also rated a buy. 2 broker firms see some more upside in the counter and have advised hold

Infoblox Inc Analyst Rating Update (Stafford Daily) Infoblox Inc (NYSE:BLOX) has received a Neutral rating, according to the latest recommendation of 3 from research firm, Zacks. The counter could manage an average rating of 2.33 from 9 analysts. 3 market experts have complete faith in the companys business and have marked it as a strong buy. 6 analysts have rated the company at hold

Shirlington Startup Helping Big Companies Prevent Hacking (ARL Now) One of the most promising companies in the cybersecurity space is based in a small office in Shirlington, where it helps Fortune 100 companies protect themselves from hackers

Former Department of Defense CISO Joins Palerra Board of Directors (Marketwired) Robert Lentz brings unprecedented Federal security experience to Palerra

Products, Services, and Solutions

The Free Encryption App That Wants to Replace Gmail, Dropbox, and HipChat (Wired) Cryptographers devote their careers to the science of securing your communications. Twenty-four-year-old Nadim Kobeissi has devoted his to the art of making that security as easy as possible. His software creations like Cryptocat and Minilock encrypt instant messages or shared files with three-letter-agency-level protection, with user interfaces that require Lincoln-Log-level skills. Now he's combining elements of his dead-simple apps into what he's calling his biggest release yet, a single platform designed to encrypt everything you and any group of collaborators do on the desktop

M2Mi Announced as Winner of the 2014 M2M Evolution IoT Excellence Award (PRWeb) Machine-to-Machine Intelligence (M2Mi) Corporation today announced that M2M Intelligence® the essential platform for the M2M and IoT economy, has received the 2014 M2M Evolution IoT Excellence Award for innovation

CloudPassage Announces Support for Docker (PRNewswire) Near real-time visibility and protection now available to applications and data using popular container technology

Uruguay selects Gemalto for eID secure document and issuance solution (Nasdaq) Uruguay ranked number one in Latin America in the 2014 United Nations eGovernment index

Elastica, Accuvant Reseller Agreement Extends Cloud Application Security to Leading Enterprises (CNN Money) North American security integrator chooses Elastica to provide customers with cloud application security solutions

Synnex To Distribute Promisec Endpoint Security Products (CRN) Promisec has signed a distribution agreement with Synnex as part of a broader effort to grow its channel business

Cimcor Releases CimTrak Version 2.0.6.18.1; Builds on Heritage of Integrity Monitoring Innovation (Virtual Strategy Magazine) Save your IT security team time and money with the most recent enhancements to CimTrak

Townsend Security Achieves VMware Ready™ Status (Host Review) Alliance Key Manager is a VMware Ready encryption and key management solution that helps enterprises manage risk and meet compliance requirements

EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation (PRNewswire via CNBC) The Cloud Security Alliance (CSA) today announced that global professional services organization, Ernst & Young (EY), has helped Ribose become the first company worldwide to achieve the Cloud Security Alliance Security, Trust and Assurance Registry (STAR) Attestation level of third-party assessment

Kaspersky Lab Announces New Version of Security Solution for OS X (BusinessWire) Kaspersky Internet Security for Mac now offers safe money protection to Mac users

Bottomline Technologies offering cyber fraud and risk services following Intellinx acquisition (Finextra) Bottomline Technologies (NASDAQ: EPAY), a leading provider of cloud-based payment, invoice, and digital banking solutions, today announced that it is now offering comprehensive cyber fraud and risk management solutions as a result of the acquisition of Intellinx, Ltd

Technologies, Techniques, and Standards

Gitrob Combs GitHub Repositories for Secret Company Data (Threatpost) Free online code repositories such as GitHub provide a valuable collaboration service for enterprise developers. But it's also a trove of potentially sensitive company and project information that's likely to warrant attention from hackers

Gitrob: Putting the Open Source in OSINT (Michael Henriksen) Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined

Shodan exposes IoT vulnerabilities (CSO) The Shodan search engine is the Google for the Internet of Things, a playground for hackers and terrorists -- and, maybe, a useful tool for companies looking to lock down their own environment

Open Wi-Fi hotspots — Threats and Mitigations (PacketStorm Security) Users must update to better security measures while connecting to open Wi-Fi hot-spots as they turn out to be more risky than useful. It would come across as a cause of concern to know that 42% of wireless 802.11 access points come with no security mechanisms. By this we mean they are not even protected by WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access)

Cost of breach vs. cost of deployment (Help Net Security) In security terms, 2014 read like a who's who of data breaches. Huge, global companies like Target, eBay and Coca-Cola have succumbed to data loss. Public services like the US Postal Service have also been left exposed. Others do not want to follow suit in 2015

Cyber Risk: Pre-Loss Planning (Willis Wire) The threat of cyber risk (financial loss, disruption, or reputational damage caused by a failure of an organization's information technology systems) is an increasingly critical issue that almost all organizations are faced with today. The recent data failures suffered have made it apparent that the immediate impact of determining the cause of the failure and the expense to fix the failure are major concerns, but by no means the only concerns

BBB Shares Five Resolutions for a Scam Free New Year (Nebraska TV) The Better Business Bureau wants to help consumers have a scam free year. To help, BBB serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa is sharing five resolutions to stay scam free in 2015

Academia

AACC hopes to connect students to state's 30,000 cyber job openings (Capital Gazette) Mikulski, community colleges discuss ways to link students to Maryland's 30,000 vacancies in cyber industry

With big data invading campus, universities risk unfairly profiling their students (Christian Science Monitor: Passcode) Obama's proposed Student Digital Privacy Act aims to limit what schools can do with data collected from apps used in K-12 classrooms. But college students are just as vulnerable to privacy violations

Legislation, Policy, and Regulation

France to beef up its surveillance powers (The Local (France)) Prime Minister Manuel Valls has said that France is now engaged in a "war on terrorism", announcing plans to ramp up intelligence capabilities, aimed at amending the faults that lead to the country's "clear failings" over the Paris terror attacks

After Charlie, security and intelligence reform in a world of big data (The Hill) The twin terror attacks last week on the satirical magazine Charlie Hebdo and the Hyper Cacher kosher grocery store in Paris are, once again, leading to questions about the efficacy of intelligence operations against terrorist groups. This is not just a French problem; it affects the governments of all civilized nations

How Should The US Respond To Cyber Attacks? (Task and Purpose) Given cyber warfare's inherently asymmetric nature, do the traditional laws of armed conflict still hold true?

Stopping the Next Cyber-Attack (Bloomberg View) Cybervandalism, cyberterrorism, cyberwarfare. No matter what you call the recent attacks against Sony Pictures, we weren't ready. And we won't be ready until our nation — with the government and industry working together — takes action to defend itself

Is banning encryption a crazy plan or an absolute necessity? The reality is much more complicated than that (ZDNet) David Cameron's impossible dream ignores the realities of communication in a hyper connected world

Wanted: end-to-end encryption (with a backdoor for this crazy guy) (Graham Cluley) UK Prime Minister David Cameron is worried that people are encrypting their communications, and that he (and indeed, law enforcement agencies) can't see what you're saying

David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban (Guardian) The prime minister's pledge to give security services access to encrypted communications is 'crazy', experts say

Encryption is not the Enemy (Threatpost) There are few things scarier these days than a politician stepping in front of a microphone, taking a deep breath and opening his mouth to pontificate on security. A long list of American elected officials have reinforced this, and on Monday, UK Prime Minister David Cameron jumped to the head of this undistinguished line with his dangerous statement that encrypted communications shouldn't be allowed

No, the NSA Isn't Like the Stasi — And Comparing Them Is Treacherous (Wired) Ever since Edward Snowden handed thousands of National Security Agency documents over to filmmaker Laura Poitras and writer Glenn Greenwald in a Hong Kong hotel room, the NSA's mass surveillance of domestic phone calls and Internet traffic has been widely compared to the abuses of East Germany's secret police, the Stasi

SECURING CYBERSPACE — President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts (White House: Office of the Press Secretary) Since the start of his Administration, when he issued the Cyberspace Policy Review — the first top-to-bottom, Administration-wide review of cybersecurity — President Obama has led efforts to better prepare our government, our economy, and our nation as a whole for the growing cyber threats we face

Obama unveils cybersecurity proposals: 'Cyber threats are urgent and growing danger' (Guardian) Proposed legislation will allow companies to share information with government agencies including NSA, with which White House admitted there were 'overlapping issues'

Toward Better Privacy, Data Breach Laws (KrebsOnSecurity) President Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well lead to more voluminous but less useful disclosure. Here are a few thoughts about how a federal breach law could produce fewer yet more meaningful notice that may actually help prevent future breaches

Obama's cybersecurity plan rehashes proposals maligned by privacy groups (Christian Science Monitor: Passcode) The president will flesh out his cybersecurity agenda during his upcoming State of the Union address. But so far the initiatives appear to be little different from previous proposals on breach notification and information sharing

President Obama's New Cybersecurity Proposal Is Already Facing Skepticism (National Journal) The information-sharing proposal to be announced Tuesday comes in the wake of last year's Sony hack — but already has privacy advocates sounding alarms

Cyber security expert says businesses, government need to do much more to counter hackers (ABC 7: the Denver Channel) A Colorado based cyber security expert says President Obama's efforts to protect consumers from hackers are "a step in the right direction but no where near the end of the journey"

Leidos' Rob Zitz: White House Should Push for Govt-Industry Cyber Intell Exchange (ExecutiveBiz) Rob Zitz, chief systems architect at Leidos, said he hopes that President Barack Obama would urge public and private organizations to bolster sharing of cyber threat intelligence, the Washington Business Journal reported Monday

Can the Government Protect Companies From Hackers? (Bloomberg TV) Include Security Founder Erik Cabetas and Whitehat Security Vice President Robert Hansen discuss the role of government in cyber protection Bloomberg's Cory Johnson on "Bloomberg West"

SEC weighs cybersecurity disclosure rules (The Hill) The Securities and Exchange Commission is advancing measures that would require publicly owned companies to disclose more information about their cybersecurity vulnerabilities, including data breaches

White House: Obama Will Fight Media To Stop Anti-Jihad Articles (Daily Caller) President Barack Obama has a moral responsibility to push back on the nation's journalism community when it is planning to publish anti-jihadi articles that might cause a jihadi attack against the nation's defenses forces, the White House's press secretary said Jan. 12

US Senator Makes a Plea for Chip-and-PIN Cards (Infosecurity Magazine) In the wake of an unprecedented spate of damaging data breaches and point-of-sale (PoS) hacks, Sen. Mark R. Warner (D-Va.), a member of the Senate Banking Committee, has sent a letter to federal banking regulators questioning the lack of follow-up to better protect consumers. He also called for chip-and-PIN technology to be implemented across the board

Meet the Congressman Who Will Watch Our Spies (Bloomberg View) Representative Devin Nunes may not be well known outside of his California congressional district or the Washington beltway, but he is about to become one of the most important figures in the U.S. national security state

DISA To Defend DoD Networks In New Role (DefenseNews) The Pentagon is standing up a new headquarters within the Defense Information Systems Agency (DISA) that will assume responsibility for defending military networks and will reach initial operating capability this week

DISA endpoint security approach evolves with technology (C4ISR & Networks) As network endpoints multiply and evolve, DISA strives to maintain bulletproof protection

DISA's Hawkins to retire this year (C4ISR & Networks) Defense Information Systems Agency Director Lt. Gen. Ronnie Hawkins Jr. expects to retire by the end of 2015

Marine Corps Cyber Commander Chosen for Top DIA Post (DoD News) The first Marine Corps officer to lead the Defense Intelligence Agency will take command later this month, Pentagon spokesman Army Col. Steve Warren told reporters today

NJ law requires health insurance carriers to encrypt sensitive data (SC Magazine) New Jersey has passed a law requiring health insurance carriers to encrypt sensitive patient data

Litigation, Investigation, and Law Enforcement

France arrests 54 for defending terror; announces crackdown (AP) France ordered prosecutors around the country Wednesday to crack down on hate speech, anti-Semitism and glorifying terrorism, announcing that 54 people had been arrested for those offenses since the Paris terror attacks

Court rules NSA doesn't have to divulge what records it has (Washington Times) A federal judge on Tuesday said the National Security Agency is not obligated to confirm nor deny it has someone's specific phone records, shooting down a conservative think tank's effort to try to use the spy agency to reveal secrets that other federal agencies want kept hidden

Trial Begins for Former C.I.A. Official Accused of Breaching National Security (New York Times) The Justice Department on Tuesday pressed ahead with the prosecution of a former Central Intelligence Agency official, a day after it said it would not force a reporter for The New York Times to testify at the trial

In Defense of David Petraeus (Politico) So he might have slipped a few secrets to his biographer/lover. Who am I to judge?

Silk Road stunner: Ulbricht admits founding the site, but says he isn't DPR (Ars Technica) Ulbricht made the site, left, and was "lured back" to be the "ultimate fall guy"

Go time: Silk Road jury picked (Ars Technica) Alleged drug kingpin Ross Ulbricht faces decades behind bars if convicted

Man gets 10 years in prison after perpetrating website sales scam (Ars Technica) John Winston Boone stole $1.3M from 18 people, over domains like paloalto.org

Russian Hacking Suspect Seeks Block to Extradition to US (AP via ABC News) The lawyer for a Russian accused by U.S. authorities of involvement in a huge computer hack that stole and sold at least 160 million credit and debit-card numbers called on a Dutch judge Tuesday to ban his extradition to the United States

Most Famous Hackers of all Time (Ethical Hacking) The hacking now a days became a very cool career in the eyes of the young generation. With the biggest companies like Sony, JP Morgan, Yahoo, CNN. NewYork Times, Ebay all hacked in the past even with their millions of dollars investment on securing their Websites. The Hackers in the peoples eyes are the most coolest persons on the planet

Apple, Google reach new deal to end U.S. lawsuit over poaching (Reuters) Four Silicon Valley companies including Apple Inc and Google Inc have agreed to a new settlement that would resolve an antitrust class action lawsuit by tech workers, who accused the firms of conspiring to avoid poaching each other's employees

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

Upcoming Events

FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics