
The CyberWire Daily Briefing for 5.27.2014
Ukraine's election systems were hacked over the weekend in an apparent attempt to disrupt that country's presidential vote. Manual ballot counting continues. CyberBerkut, the Russian-sympathizing (possibly Russian-controlled) hacktivist group claims responsibility.
Belgian's election systems also experienced problems, but those seem a simple bug, not an exploit.
New Zealand's FitzRoy supercomputer, property of the National Institute of Water and Atmospheric Research has been hacked. The attack originated from a Chinese IP address, but New Zealand authorities cautiously point out that this could be misdirection. Observers say hackers may have been constructing a supercomputing botnet for application to cryptographic problems.
eBay continues its recovery from last week's data breach as new vulnerabilities in the online auction service are reported. The market responds quickly: both customer and investor confidence suffer.
Spotify warns that a customer account may have been hijacked, and promises a security fix soon.
Avast warns that some 400,000 user accounts in the company's forum may have been compromised.
China doubles down on tu quoque criticism of the US, and takes steps to exclude Microsoft, Cisco, IBM, and US consultants from its markets. The US considers denying visas to Chinese nationals wishing to attend BlackHat and other conferences.
Russia's Putin calls US security services "unprofessional" for letting Snowden abscond. Former KGB General Kalugin (whom Putin's own service unprofessionally let relocate to Maryland back in the 1990s) says that Snowden is being run by the FSB.
Federal prosecutors recommend a light sentence for Sabu, in view of his services as an informant.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Austria, Belgium, Brazil, Bulgaria, China, France, European Union, India, Indonesia, Ireland, New Zealand, Russia, Saudi Arabia, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
'Cyber-attack' cripples Ukraine's electronic election system ahead of presidential vote (Russia Today) The systems of Ukraine's Central Election Commission were hit by a 'virus' designed to delete the results of the presidential vote, the Security Service says. CyberBerkut claim responsibility for the attack, saying the SBU is punishing innocents
Rigged Presidential Elections in Ukraine? Cyber Attack on the Central Election Commission (Global Research) It's been four months now since the situation in Ukraine is close to a disaster. The presidential elections on May 25 are seen by the western leaders as a crucial moment to unite Ukraine. But they should be held in democratic, transparent and fair conditions to show everybody in the world that the US and EU-backed authorities in Kiev are legitimate and can control the country
Software bug disrupts e-vote count in Belgian election (ITWorld) A bug led to incoherent election results, the Belgian government said
Niwa super computer attacked from Chinese internet address, PM confirms (National Business Review) Fitzroy's attacker could have been using a Chinese IP (internet protocol) address to mask their true origin, Key says. Prime Minister John Key trod delicately around the risk of a diplomatic and trade row following revelations of a cyber attack on the government's National Institute of Water and Atmospheric Research (Niwa)
Does U.S. business stand a chance of keeping Chinese cyber-spies out of its data? (NetworkWorld via CSO) The U.S. Department of Justice, working with the FBI, this week took the unprecedented step of indicting five Chinese army officers for allegedly breaking into the networks of American companies and a labor union to steal trade secrets of use to Chinese businesses
EBay flaw could let hackers hijack user accounts (Computerworld) The auction site hasn't patched the flaw after four days, so researcher goes public on flaw's danger to eBay users
eBay denies leaked data is genuine (Telegraph) Online auction site eBay has denied that personal information apparently belonging to hundreds of hacked users posted online is genuine, as security researchers say it is "consistent" with details of the cyber attack
In wake of breach, eBay has to deal with multiple web vulnerabilities (Help Net Security) As eBay flounders while trying to adequately respond to the breach it disclosed last week, and deems weak passwords to be good but stronger ones to be weak, researchers are coming forth with vulnerabilities affecting the company's web properties
Ebay Plans To Boost Its Cyber Security Amid Threats Of Global Legal Actions (CJ News India) The computer systems of eBay were recently attacked and compromised by unknown hackers. Ebay initially downsized the incidence and its impact by stressing upon mere password change. However, things are not as casual and easy as Ebay has considered. Three U.S. States are investigating whether Ebay's has committed any wrong by not reporting the matter in a timely manner
eBay believed customer data was safe, despite a warning given two weeks prior: Report (TechFirst) eBay initially believed that its customers' data was safe as forensic investigators reviewed a network security breach discovered in early May and made public this week, a senior executive told Reuters on Friday
Security experts criticise eBay over failing to inform customers about cyber-attack (Parcel2Go) Online auction site eBay has come under criticism from security experts after failing to fully inform its Irish and international customers of the hacking incident it suffered
Half of Britons less likely to use eBay after cyber attack (Telegraph) Almost half of Britons will be wary of using eBay in the future, following a massive cyber attack that the Information Commissioner says must be a "wake-up call" for business
Spotify Was Hacked, Warns Android Users Of Impending Update (TechCrunch) Spotify users, take note. The music streaming service just posted a message on its company blog indicating that one user's account was hacked, but assuring that steps are being taken to ensure others will not fall victim to the same exploit
Wicked hybrid of Zeus and Carberp malware unleashed to the wild (CSO) Functions from both malware families used by this hybrid beast to target 450 financial firms
Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass (Ars Technica) Accounts accessed from Wi-Fi hotspots and other unsecured networks are wide open
RAT in a jar: A phishing campaign using Unrecom (General Dynamics Fidelis Cybersecurity Solutions) In the past two weeks, we have observed an increase in attack activity against the U.S. state and local government, technology, advisory services, health, and financial sectors through phishing emails with what appears to be a remote access trojan (RAT) known as Unrecom. The attack has also been observed against the financial sector in Saudi Arabia and Russia
Scammers still using Google Drive for Phishing attacks (CSO) For the second time in as many months, scammers have unleashed another phishing scam leveraging Google Drive
Google Image Search results redirect to Browlock ransomware (Help Net Security) Browlock is the most basic approach to ransomware there is: there is no actual malware that blocks the victims' computer or encrypts its contents, there is only a Web page, with JavaScript tricks that prevent users from closing a browser tab or the browser altogether
Apple ransomware strikes Australia — pay Oleg $100 or else (Naked Security) This morning, a number of Australian iPad and iPhone users woke up to a strange sight
Avast admits 400,000 accounts hit by forum hack (V3) Roughly 400,000 Avast users' account details have been compromised, following a cyber raid on the security firm's forums
DDoS attacks: Criminals get stealthier (Help Net Security) There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations' efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attack
Monsanto Subsidiary Hacked (eSecurity Planet) An undisclosed number of Precision Planting customers' and employees' personal information may have been accessed
Lowe's Acknowledges Third Party Data Breach (eSecurity Planet) Employees' names, addresses, birthdates, Social Security numbers and driver's license numbers may have been exposed
Data Breach at American Institutes for Research Exposes 6,500 Employees' Info (eSecurity Planet) Information potentially accessed includes the employees' Social Security numbers and credit card information
Bulletin (SB14-146) Vulnerability Summary for the Week of May 19, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
TMI! Facebook moves to stop over-sharing (Computerworld via CSO) Facebook is adding tools to helps its users to stop over-sharing their personal posts with total strangers
Cyber Trends
Next Gen Warfare: Hackers, Not the Government, Will Fight Our Next Big War (BetaBeat) Make way for cyber warriors
The Internet Is Burning (TechCrunch) Online security is a horrifying nightmare. Heartbleed. Target. Apple. Linux. Microsoft. Yahoo. eBay. X.509. Whatever security cataclysm erupts next, probably in weeks or even days. We seem to be trapped in a vicious cycle of cascading security disasters that just keep getting worse
Cyber failures spark search for new security approach (Phys.org) With cybersecurity's most glaring failures in the limelight, many experts say it's time for a new approach
Transport and automotive industry faces cyber risk as reliance on technology grows (Insurance Business Online) The Australian transport and automotive industry sectors could be exposed to a number of risks as a result of an increasing reliance on internet connected infrastructure, says Zurich
Lewis: Cybercrime is big money for hackers (CNN via WCTI 12) In the early days of the Internet boom, some thought we would enter an era where there would be one integrated world economy with no borders, where we would share similar democratic values, and where governments would be less important and civil society could pick up many governmental tasks
The connected home is going mainstream faster than anybody realizes (Quartz) In the US, at least, the "internet of things" is not the future any more, but the present
Marketplace
China's state-owned sector told to cut ties with U.S. consulting firms (Reuters) China has told its state-owned enterprises to sever links with American consulting firms just days after the United States charged five Chinese military officers with hacking U.S. companies, the Financial Times reported on Sunday
The escalating US-China spying war is McKinsey's loss and Huawei's gain (Quartz) US consultants may be the next victim of the US and China's escalating battle over cyber-spying. Chinese officials have asked state-owned enterprises to stop employing US consulting companies, the Financial Times reported (paywall), because of fears they are reporting company secrets to the US government
China Targets Cisco and Microsoft In Retaliation to the US' Indictment of Five PLA Officers for Cyber Espionage (NDTV) On May 19, the U.S. indicted five People's Liberation Army (PLA) officers for hacking and economic espionage on the computer systems of five U.S. companies and one trade union. The Chinese Communist Party (CCP) authorities are reluctant to back down. In addition to the angry response immediately after the charges were published, the CCP government later retaliated against U.S. companies Cisco and Microsoft
China Said to Study IBM Servers for Security in Spy Dispute (Bloomberg via the Washington Post) The Chinese government is reviewing whether domestic banks' reliance on high-end servers from International Business Machines Corp. compromises the nation's financial security, people familiar with the matter said, in an escalation of the dispute with the U.S. over spying claims
US-China tech exchange strained over hacking accusations (PCWorld) The U.S.' escalating feud with China over hacking charges could end up hurting IT suppliers in both countries, as suspicions and eroding trust threaten to dampen the tech exchange between the two nations
US may block visas for Chinese hackers attending DefCon, Black Hat (Ars Technica) Organizers of those conferences skeptical of the move to exclude Chinese nationals
Majority of European IT Managers Don't Trust U.S. Clouds (eSecurity Planet) 62 percent also say using a European-based cloud is easier from a regulatory and compliance perspective, according to Perspecsys
F5 Networks secures data centres against DDoS attacks with Defense.Net buy (V3) F5 Networks has acquired distributed denial of services specialist Defense.Net, in a move to better protect its customers from high capacity cyber attacks
Thales to Acquire Alcatel-Lucent's Cybersecurity, Comms Security Business (GovConWire) Thales has agreed to acquire the cybersecurity and communications security business of Alcatel-Lucent in a move to jointly offer network security products and services
The SI Org Closes Purchase of QinetiQ NA's Services Arm (GovConWire) QinetiQ confirmed Tuesday that it has completed the sale of its U.S.-based services division to The SI Organization, a little more than a month after regulatory and shareholder approvals were met
Zacks Investment Ideas feature highlights: EBay, Imperva, Symantec and Check Point Software Technologies (Digital Journal) Today, Zacks Investment Ideas feature highlights Features: EBay (Nasdaq:EBAY-Free Report), Imperva (NYSE:IMPV-Free Report), Symantec (Nasdaq:SYMC-Free Report) and Check Point Software Technologies (Nasdaq:CHKP-Free Report)
Army Awards No-Bid Cyber Range Deal to Lockheed-Martin (Nextgov) Lockheed Martin has snagged a $14 million deal to help model hacks during cyber operation simulations, according to the Defense Department
HP axes up to 16,000 more jobs (Ars Technica) Total since May 2012 could hit 50,000
Products, Services, and Solutions
FireEye Forensic Analysis Platforms Certified by North Atlantic Treaty Organization to Handle Information Classified as NATO SECRET (MarketWatch) Advanced malware execution and inspection now authorized for NATO operations in Europe and North America
How far are you willing to go to spy on your employees' smartphones? (NetworkWorld via CSO) The scoop: Mspy mobile phone monitoring service/app, starting at $40 per month (as tested, features would cost $70 per month)
Elex do Brasil Technology Launches Yet Another Cleaner, OPSWAT Certified PC Cleaner Software (Digital Journal) YAC PC Cleaner earned OPSWAT Certification — an industry benchmark for anti-spyware
Windows 8.1 virus protection for business, consumer compared (ZDNet) AV-Test tested 34 antivirus/endpoint protection products on Windows 8.1, comparing their performance from March to April
Anti-surveillance mask foils facial recognition systems (Help Net Security) The unnerving ubiquity of security cameras in public places and the fact that an increasing number of them are connected to facial recognition systems has spurred Chicago-based artist Leo Selvaggio to think of a way to foil these systems
Belden Debuts Cyber Security Toolkit (DesignNews) With nearly every device getting connected through the Internet of Things and with constant reports of hacking and cybertheft, the idea of a toolkit to tap down the cyber covers is timely. Belden Inc. has produced a cyber security toolkit — the Tofino Enforcer Software Development Kit (SDK) — to protect critical industrial infrastructure. The goal is to bring next-generation security to SCADA Networks
Kaspersky proves its not a nice cyber-world (ITWire) Kaspersky's new cyber-portal should scare the bejesus out of every computer user. It brings together real time statistics on cyber threats and malware — as well as the number of mobile phones sold today, new porn sites started and more
IBM Takes Aim at Endpoint Security with Trusteer Apex (eSecurity Planet) In a world where anti-virus is no longer entirely effective, IBM launches new technology to secure endpoint devices
Technologies, Techniques, and Standards
8 Lessons from the eBay Cyber Attack (CBR) Practical tips on avoiding being the next victim
Emerging security technology: What's old is new again (TechTarget) The proliferation of online and mobile data is a boon for sales, marketing, product development and, in turn, cybercrime. The concept of data-driven security to counter these data-driven cyberthreats is still relatively new, but when I asked what emerging security technologies IT execs would recommend to combat such cybercrime — and cyberthreats in general — the answers were surprisingly old school. As ISSA founder and former Citibank CISO, Sandy Lambert, put it: When it comes to cyberthreats, go back to the basics
Password's days numbered, security experts say (Waterloo Record) Yet another cyber attack on a corporate database has online security experts calling on companies to improve the way they keep our private information private — and possibly replace traditional passwords
Lessons from 3 Organizations That Made 3 Privacy Mistakes (InfosecIsland) Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes
Applying zero-knowledge to data storage security in cloud computing (TechTarget) The zero-knowledge principle opens up a discussion about cryptographically secure cloud-based applications. A zero-knowledge proof is when one party proves to a second party that something is true without providing any additional information
Doing it right: Cloud encryption key management best practices (TechTarget) Enterprises are moving more data into the cloud than ever before, in all different types of service models. As the sensitivity of data moving into the cloud increases, security professionals are actively looking to protect this data using encryption, with tried-and-true techniques they've been using in their data centers for years. In some cases, however, this may not be possible or may require some different approaches and tools, especially for encryption key management
Why Is Privacy Important to Security Practitioners & Professionals? (Dark Reading) David Hoffman, director of Intel's security policy and global privacy office, shares his ideas on how organizations can achieve data security, along with privacy protections that enhance business potential
Design and Innovation
Cyber-physical systems readied for demos by White House-led team (NetworkWorld) Internet of Things tech is cheap and available, and its only limits may be imagination, says Presidential Innovation Fellows
5 ways computer security has truly advanced (InfoWorld) Security isn't all gloom and doom. Amid the progress today, these four developments in particular have made us safer
Research and Development
Heads or tails: Experimental quantum coin flipping cryptography performs better than classical protocols (Phys.org) Cryptography — the practice and study of techniques for secure communication in the presence of third parties, referred to as adversaries — has a long and varied history
Darpa Program Benefit: Cyber-Secure Software (Aviation Week) Darpa project lays groundwork for future flight deck security
'Hack-proof' drone revealed by Pentagon (Naked Security) Developing software that is totally impervious to hackers is arguably the holy grail of computer security and, until now, has perhaps been nothing more than a pipe dream
Academia
We're Training High Schoolers to Fight a Cyber War (Fiscal Times via Yahoo!News) The Department of Justice indicted five Chinese hackers last week for being part of an elite Chinese hacking unit that allegedly hacked the computers of major American companies to steal their corporate secrets
Legislation, Policy, and Regulation
Twitter caves to Pakistani "blasphemy" censorship requests (Ars Technica) It's the first time Twitter's censorship policy has been used in the country
Magid: Internet security is a global issue that requires global cooperation (San Jose Mercury News) The National Cyber Security Alliance, or NCSA, is a Washington, D.C.-based organization that promotes online security and safety. Its board consists of representatives from Microsoft, Google, Facebook, Comcast and other U.S. companies, and it works closely with the Department of Homeland Security to provide security advice for American businesses and consumers. I've attended meetings in Washington, Pittsburg and Silicon Valley with NCSA staff, and the agenda has always focused on U.S. security issues
Afghan anger at US monitoring 'nearly all' phone calls (West Australian) Afghanistan on Sunday expressed anger at the United States for allegedly monitoring almost all the country's telephone conversations after revelations by the Wikileaks website
House Committee puts NSA on notice over encryption standards (ProPublica via Moneylife) Amendment would remove requirement that the National Institute of Standards and Technology consult with the NSA on encryption standards
NSA reform to be 'fight of the summer' (The Hill) Civil libertarians who say the House didn't go far enough to reform the National Security Agency are mounting a renewed effort in the Senate to shift momentum in their direction
'Watered-down' bill loses support (Honolulu Star-Advertiser) U.S. Rep. Colleen Hanabusa on Thursday voted against a bill that would restrict the National Security Agency's bulk collection of phone records, arguing that it was too watered down
NSA reform falls short (Charleston Post and Courier) A large bipartisan majority of the House of Representatives last week passed a bill, the USA Freedom Act, to end the bulk collection of American telephone records by the National Security Agency. The bill also would throw a modest amount of light on the decisions of a secret federal court that oversees intelligence collection by the executive branch
Reining in the NSA (Connecticut Day) Finally forced into action by the revelations of former National Security Agency contractor Eric Snowden, the House last week passed a bill to place some limits on the mass collection of electronic data that Americans have been subjected to in the name of protecting the homeland
Assessing Cybersecurity Regulations (The White House Blog) Effective regulations are an important tool to protect the security and economic vitality of our nation. The President is committed to simplifying and streamlining regulations while ensuring that the benefits justify the costs. In fact, this Administration has undertaken one of the most significant and transparent reform efforts aimed at eliminating unjustified regulatory costs to date
Under Secretary for Intelligence and Analysis, Department of Homeland Security: Who Is Francis X. Taylor? (AllGov) Francis Xavier Taylor was confirmed April 7, 2014, as the Department of Homeland Security's (DHS) under secretary for intelligence and analysis. As the head of the Office of Intelligence and Analysis, he is responsible for gathering intelligence from other government and non-government sources on potential threats to U.S. national security
Creating an 'embryonic' cyber defense force (Jakarta Post) Many other nations already have their own armies of tame hackers. The United States has its US Cyber Command, China maintains its so-called Blue Army and the Israelis operate under the flag of Unit 8200
Litigation, Investigation, and Law Enforcement
Beijing Levels New Attack at U.S. Cyber-Spying (New York Times) A week after United States prosecutors indicted five People's Liberation Army officers on charges of cyber-theft, a Chinese government agency has issued its own lengthy, political indictment of American cyber-espionage, accusing the Obama administration of spying on the Internet on a scale far greater than that of other countries
The world's biggest internet spy is playing cop (People's Daily Online) Since the U.S. Department of Justice announced indictments against 5 Chinese military officers, some U.S. media have reported that the U.S. is conducting spying operations not confined to national security. The claims are based on secret documents leaked by former U.S. National Security Agency contractor Edward Snowden
Commentary: U.S. cyber-scoundrelism doomed to backfire (Global Post) "Play by the rules" seems to be Washington's sacrosanct motto on international interaction. But time and again rules are just a lump of clay in Uncle Sam's hands
DoD Distances Itself From US Hacking Indictment of PLA Soldiers (Defense News) The Pentagon is distancing itself from the US Justice Department's charging of five Chinese People's Liberation Army (PLA) officers with 31 criminal counts of hacking and cyber espionage against six US companies
Former KGB general: Snowden is cooperating with Russian intelligence (VentureBeat) Former National Security Agency contractor Edward Snowden probably never envisioned that he'd someday be working for the Russian federal security service, or FSB
Putin Slams U.S. Special Forces as 'Unprofessional' for Letting Snowden Slip (Moscow Times) If the U.S. special services had acted professionally, National Security Agency leaker Edward Snowden would be "rotting in jail," Russian President Vladimir Putin told the St. Petersburg International Economic Forum Friday
Edward Snowden may be coming home: 'There are negotiations,' lawyer says (Washington Times) National Security Agency whistleblower Edward Snowden may be heading back to the United States from Russia if certain conditions can be struck with the government, his attorney told Germany's Der Spiegel
Greenwald: I'm Going to Publish Names of NSA Victims (NewsMax) Glenn Greenwald, the former Guardian newspaper journalist who helped reveal the National Security Agency's secret phone and Internet surveillance program and the identity of leaker Edward Snowden, says he plans to publish a list of names of U.S. citizens who were targeted by their own government
Snowden's deeds — for all they're worth (Slate via the Salt Lake Tribune) Journalist Glenn Greenwald takes on the doubters and reveals what was at stake when government secrets were brought to light
The Pentagon report on Snowden's 'grave' threat is gravely overblown (Guardian) NSA defenders still won't tell the whole truth, but a newly revealed damage assessment offers a window into government damage control — not any actual damage done by Snowden
NSA Spying In Austria Beyond Unacceptable: Analyst (Voice of Russia) The National Security Agency [NSA] has reportedly gained direct access to the fiber optic network linking Vienna, Austria to the Internet, and has been spying on the roughly 17,000 diplomats stationed in the Austrian capital city, where several important international organizations are headquartered, including the Organization of Security and Cooperation in Europe, the International Atomic Energy Agency and Organization of the Petroleum Exporting Countries (OPEC)
Tech firms: Government's gag orders violate First Amendment (Dallas News) Court documents unsealed Friday show Google, Yahoo, Facebook and Microsoft are arguing that government gag orders that stop them from disclosing the number of national security requests they receive violate the companies' First Amendment right to free speech
11 arrested as Europol busts Bulgarian carding gang (Naked Security) A joint operation between French and Bulgarian law enforcement backed by Europol's European Cybercrime Centre (EC3) has brought down a carding gang operating out of Bulgaria and targeting victims in France and other European countries
Department of Justice bashes $20 million identity refund fraud ring (NetworkWorld via CSO) The US Department of Justice said 10 people were indicted today for their roles in a $20 million stolen identity refund fraud conspiracy
Federal prosecutors: Cooperation of hacker in New York City case helped stop 300 cyberattacks (AP via Pendleton Times-Post) Federal prosecutors in New York say an admitted computer hacker helped the FBI thwart hundreds of cyberattacks on government and corporate computer systems
MCCCD Data Breach Costs Reach $19.7 Million (eSecurity Planet) The district's governing board recently approved an additional $300,000 for records management, and $2.3 million in lawyers' fees
Network Engineer Jailed for Attack on Former Employer (eSecurity Planet) Ricky Joe Mitchell was also ordered to pay $428,000 in restitution, plus a $100,000 fine
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, Jun 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.