The CyberWire Daily Briefing for 5.28.2014
Researchers continue to unpack a possible second eBay security bug as eBay users brace for identity theft.
The novel "hacked-by-Oleg-Pliss" ransomware has affected many Apple users in Australia and New Zealand, and there's no reason to believe the campaign will be confined to those countries. Unlike more familiar forms of ransomware, "Oleg Pliss" doesn't encrypt victims' files, but instead activates the "Lost iDevice" feature on their iPhones or iPads. Security researchers offer advice on prevention and recovery (sound password practices are especially recommended) but much about the campaign remains baffling. Why should it seem confined largely to Australia and New Zealand—equally curious whether it used stolen credentials or exploited an iOS flaw?
Fidelis Security reported in February on the "STTEAM" cyber campaign afflicting Middle Eastern oil and gas companies; Recorded Future has an update.
Bitdefender says the instant messaging Trojan Gen:Variant.Downloader.167 is politely spreading itself through Europe and North America, asking nicely, "I want to post these pictures on Facebook, do you think it's OK?" (Tip: it's not "OK.")
Several Android exploits are currently active in the wild; other Android vulnerabilities are discovered in labs. Chinese Android users are hit by a banking Trojan that poses as a WeChat app. Researchers find some email and messaging programs (including Outlook) storing messages unencrypted on Android devices' SD card. Other researchers demonstrate that Android phones can be hacked to take pictures without owners' knowledge.
Snowden tells reporters he was "a trained spy," not just some lowly sysadmin.
Sabu walks with time served.
Notes.
Today's issue includes events affecting Australia, Bahrain, Canada, China, Denmark, Estonia, France, Germany, India, Iran, Israel, NATO, New Zealand, Pakistan, Palestinian Territories, Philippines, Romania, Switzerland, Thailand, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Has a second eBay zero day security flaw been discovered? (TechRadar) After last's week massive security alert, eBay may well have been hit by a second flaw, one which was discovered by a 19-year old British student
Identity Theft Could Soon Be A Reality For eBay Users (WebProNews) Identity theft is a constant concern for those who entrust their personal information to Internet companies. Now millions of users are at risk following a massive cyber-attack that recently hit eBay
Have you been hacked by Oleg Pliss? FAQ for iPhone and iPad users (Intego) iPhone, iPad and Mac users in Australia and New Zealand (and possibly elsewhere in the world) have been seeing a very strange message appear, demanding that they pay a ransom to regain access to their devices
CryptoDefense: The Ransomware Games have begun (Bromium Labs) If you see a text and / or HTML document on your Desktop called HOW_TO_DECRYPT with the following contents
Australian iPhone Hack Reminds Us Why We Need to Ditch Passwords (Wired) Australian Apple users have received a harsh reminder that computer passwords provide only a thin layer of protection on the internet
Shedding Light on STTEAM (Recorded Future) Researchers from Fidelis Security in February reported a newly identified cyber campaign dubbed STTEAM (PDF) found to be targeting oil and gas companies in the Middle East
Instant messaging Trojan spreads through the UK (Help Net Security) Hundreds of computer systems have been infected with the latest instant messaging Trojan. Bitdefender has spotted an increasing wave of infections in the past week in countries such as the UK, Germany, France, Denmark, Romania, the US and Canada
Chinese Users Targeted With Banking Trojan Disguised as WeChat App (SecurityWeek) A new banking Trojan disguised as the popular messaging app WeChat is being used by cybercriminals to harvest the financial data of Android users in China
Outlook for Android fails to keep emails confidential (Help Net Security) Did you know that Outlook and many other email and mobile messaging Android apps store your emails and messages on the device's SD card, unencrypted, and accessible to any third-party app that is permitted to access the card's contents?
Apps on your Android phone can take photos without you knowing (Help Net Security) A researcher has demonstrated that it's possible for malicious attackers to create an Android app that will surreptitiously take pictures and upload them to a remote server without the user being aware of or noticing it
Spotify Android Application at Issue in Breach (Threatpost) Users of Spotify on Android will soon be asked to update the application after a breach was reported this morning by the streaming music service's chief technology officer
Did an undisclosed SMF 2.0.6 flaw enable the AVAST forum breach? (SC Magazine) The AVAST forums were hacked on Sunday and about 400,000 users had information compromised. It might have been an undisclosed vulnerability in Simple Machines Forums (SMF) 2.0.6, the years-long community platform of choice for computer security company AVAST Software, that enabled attackers to compromise information on nearly 400,000 AVAST message board users
Internet Explorer 8 under threat in India: Cyber agency (Zee News) Cyber security sleuths have alerted Indian users against a "high" level virus activity in a select version of popular Microsoft-owned web browser — the Internet Explorer
Vulnerability title: Unathenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages (Portcullis Security) The default setup allows an unauthenticated user to access administrative functions such as backing up of key files within the CMS. This is done by appending the following to a domain using the software affected
Compromised non-payment card data on the rise: Trustwave (Credit Union National Association) Payment card data continues to lead the way in the type of online information most often compromised by data breaches, but data thefts involving non-payment card data is gaining ground, according to analysis from online security technology company Trustwave
Why More Retailer Breaches on the Way (BankInfoSecurity) Malware infections of POS networks Are multiplying
Fat-fingered admin downs entire Joyent data center (The Register) Cloud operator now home to most mortified sysadmin in the USA
AutoNation Acknowledges Third Party Data Breach (eSecurity Planet) Customers' names, addresses, e-mail addresses and credit card numbers may have been accessed
Security Patches, Mitigations, and Software Updates
Here's How to Keep Getting Free Security Updates for Windows XP Until 2019 — And Why You Shouldn't (Lumension Blog) Have you heard the news? A way has been found to trick computers into receiving security updates for Windows XP — even though Microsoft stopped officially supporting the operating system back in April
Cyber Trends
FireEye CEO IDs the next big cyber threat (CNBC) As the threat of cyber-security attacks continues to loom over U.S. businesses and the federal government, the CEO of FireEye said Tuesday that the rate of attacks has been rising
Why Companies Should Seek Help in Malware Detection (CIO) Companies have shortened the amount of time between malware infection and discovery, but too few organizations detect the breach on their own, a security report found
Co-op Identifies Ways to Improve Cyber Security (Electric Co-op Today) When it comes to the federal government's commitment to cyber security for the power grid, electric cooperatives see room for improvement
Estonia exercise shows NATO's growing worry about cyber attacks (Reuters via the Chicago Tribune) It started with hactivists defacing websites and a e-mails pointing users to links that stole data
Resiliency and Recovery Offset Cybersecurity Detection Limits (SIGNAL) Not only is the cost of cyber intrusion severe, the likelihood of it occurring is assured. Cybersecurity defenses must be flexible, innovative and persistent to address an ever-changing threat
Study Shows Businesses Not Prepared for Attacks (Huffington Post) Amazing: With the proliferation of cyber attacks globally, most businesses are ill-prepared to deal with this, says research from the Economist Intelligence Unit and Arbor Networks
Healthcare IT Security Worse Than Retail, Study Says (InformationWeek) Bad news for healthcare community: New study shows retailers like Target and eBay are more secure than many healthcare organizations
The cloud will transform the airport experience (Help Net Security) Airports are increasingly identifying the need to switch to cloud systems in order to improve operational efficiencies, according to Amadeus, who collected the viewpoints of over 20 senior IT leaders from the airport industry to investigate the business case for adopting cloud based Common Use systems at airports
Marketplace
Investors undeterred by data breaches (SFGate) Last week, eBay revealed that it had been hit by a cyberattack and data security breach, and users' information
China's Payback for US Hacker Indictments Begins (TechNewsWorld) The fallout from U.S. indictments against Chinese hackers is just beginning. "You'll probably see economic repercussions of one sort or another," said GWU's Frank Cilluffo. "Whether this was just the first shoe and there are others to drop, I'm not sure, but it will make what is already a complex and vexing market even more so for U.S. and other companies doing business in China"
Black Hat: We haven't been asked to block Chinese hackers (ZDNet) News broke Saturday alleging the US government would take steps to block Chinese attendees from America's biggest hacking conferences. Black Hat says, "not us"
Huawei ready to take on Cisco in enterprise networking (Want China Times) The rivalry between Chinese telecommunications giant Huawei and US-based Cisco Systems, a world leader in supplying networking equipment, is heating up as Huawei continues to come up with new technologies and products in the enterprise networking field, reports Shanghai's China Business News
F5 Networks Buys Defense.Net (Zacks) In a bid to strengthen its security service, F5 Networks Inc. (FFIV - Snapshot Report) has recently acquired Defense.Net, Inc., privately-held cloud-based security solutions provider. The acquisition is expected to boost F5 Networks' cyber security offerings. Financial details of the deal were not disclosed
Nokia fires up new security team for mobile broadband (ZDNet) Nokia is beefing up its mobile broadband business with a new security unit
AirPatrol Corp Lands Top Honors in 2014 Tech Awards (Wall Street Journal) Mobile device locationing and cyber security firm bests dozens of others to be named "Superstar Company of the Year" at the 2014 Tech Awards
Why Splunk, Inc. Shares Could Fly 40% (Motley Fool) Shares of Splunk, Inc. (NASDAQ: SPLK) surged 7% today after Northland Capital Markets upgraded the data management software technologist from market perform to outperform
Check Point Appoints Marie Hattar as Chief Marketing Officer (MarketWatch) New CMO brings extensive IT and networking marketing leadership to Check Point
Former IRS Chief Risk Officer David Fisher Joins SRA as VP, Biz Transformation Officer (GovConWire) David Fisher, former chief risk officer and senior adviser to the commissioner at the Internal Revenue Service, has joined SRA International as vice president and business transformation officer
Products, Services, and Solutions
BlackBerry Demos Super-Secure BBM Protected (PCMagazine) BBM Protected provides separate encryption keys for each message sent rather than one key for an entire conversation
Web application penetration testing with ImmuniWeb (Help Net Security) Switzerland-based ethical hacking and penetration testing experts High-Tech Bridge recently released an interesting security product that uses a hybrid approach towards web application security testing
Digital Shadows inks reseller agreement with Nettitude (BusByway) Digital Shadows, a cyber intelligence company that protects organisations from data loss and targeted cyber attack, has today announced that Nettitude, a global leader in the delivery of cyber security testing, risk management, compliance and incident response services, has signed an agreement to become a reseller of Digital Shadows' core managed services, Data SearchLight™ and Threat SearchLight™
Panda fuses with the Cloud (Gadget) Panda Security has announced its new cloud offering, Panda Cloud Fusion, offering organisations of most sizes security, management and support in one solution
Technologies, Techniques, and Standards
Stop attackers hacking with Metasploit (TechTarget) Automated security tools have been one of the most significant advancements in information security. Automation has become a necessity given the increasing complexity of networks and software — and the threats targeting them
How IT security experts handle healthcare network access (Health IT Security) Healthcare network security has become more complicated over the years because of the explosion of mobile device connectivity. And because it's so difficult for healthcare organizations to have a firm grasp on where their perimeters begin and end, they must look for new ways to ensure networks are secure both internally and externally
Should enterprises expect heightened risk on important dates? (TechTarget) Attackers seem to target enterprises more on important dates and holidays. How can enterprises adjust their defenses to account for expected heightened risks on certain dates?
Secure file sharing uncovered (Help Net Security) Ahmet Tuncay is the CEO of Soonr, a provider of secure file sharing and collaboration services. In this interview he talks about making security a priority, discusses what drives employees to routinely use personal online file sharing solutions for confidential data, outlines the critical features of secure file sharing solution, and more
Assessing SOAP APIs with Burp (Internet Storm Center) Something I've noticed recently is that most of the websites I've been asked to assess now seem to be "new, improved, and with an API". Often the API is based on SOAP, and it's been an interesting discussion on how best to scan these new Web Services based on WSDL for vulnerabilities
SSL After The Heartbleed (Dark Reading) Encryption gets a big wake-up call — and a little more scrutiny
Research and Development
Error Correction Moves Quantum Computing Closer to Reality (IEEE Spectrum) A new superconducting system operates with 99 percent accuracy
IBM patents fraudster detection technology for websites and apps (CSO) IBM has invented a technique for identifying fraudsters who have stolen credentials
Virus Bulletin announces Péter Ször Award (Virus Bulletin) 'Brilliant mind and a true gentleman' commemorated through annual award for technical security research
Academia
Students take part in UAE cyber security contest (The National) Dozens of students are taking part in a competition that aims to raise awareness of cyber security
Cyber-security energy firm to donate technology to Israel's first 'smart campus' (Jerusalem Post) Nation-E donates its energy infrastructure to the ORT Hermelin Academic College of Engineering and Technology in Netanya
Cyber Cadets: West Point Graduates Hackers (Bloomberg BusinessWeek) For the first time, this year's graduates of the U.S. Military Academy at West Point are able to join America's Cyber Command straight out of college. For years the Department of Defense has ostracised hackers but now they are encouraging and recruiting them
Legislation, Policy, and Regulation
Cyber espionage and US-China relations: The world's biggest candy store (The Interpreter) Don't believe anything you read on the cyber espionage spat between US and China. Depending on who's talking, the US is a 'thief crying stop thief' and a 'mincing rascal'; or China's 'scale of commercial hacking is immense', perhaps the 'greatest transfer of wealth in history'
The Thai junta briefly blocked Facebook in a dry run for a social media blackout (Quartz) The Thai junta briefly blocked Facebook in a dry run for a social media blackout
Instagram Banned in Iran Due to Privacy Concerns (HackRead) Earlier it was reported that Iran may have banned WhatsApp due to its 'American Zionist' ownership under Mark Zukerberg
Electronic spy agency gathers personal information in cyberdefence role (Canadian Press via the Vancouver Sun) Canada's electronic spy agency says it gathers and sometimes keeps personal information — including names and email addresses of Canadians — as part of efforts to protect vital networks from cyberattacks
Probe alleged US spying in PH: lawmaker (ABS-CBN News) A lawmaker wants the House of Representatives to probe into the alleged US spying operations in the Philippines through the National Security Agency's MYSTIC program
NSA reform lite (Eugene Register-Guard) Senate should pass tougher surveillance bill
Google's Brin Says NSA Surveillance Revelations Were a "Huge Disappointment" (Re/code) Onstage at Code Conference, Google co-founder Sergey Brin said that recent revelations of National Security Agency surveillance were "a huge disappointment, certainly to me and obviously to the world as a whole"
Senate defense bill mulls bonuses for cyber pros (Nextgov) Current and aspiring Defense Department personnel with cyber skills could see a boost in pay under a Senate 2015 defense policy bill that lawmakers detailed on Friday
Litigation, Investigation, and Law Enforcement
Kerry Tells Snowden to 'Man Up' and Come Home (AP via ABC News) Secretary of State John Kerry on Wednesday called National Security Agency leaker Edward Snowden a fugitive and challenged him to "man up and come back to the United States"
Snowden: I was a trained spy, not just a hacker (USA TODAY) Edward Snowden says he's more than just a hacker or systems administrator, as the Obama administration and media have portrayed him
Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked (Mashable) In early January, Micah Lee worried journalist Glenn Greenwald's computer would get hacked, perhaps by the NSA, perhaps by foreign spies
Kinsley, Greenwald and Government Secrets (New York Times) Michael Kinsley's review of Glenn Greenwald's new book, "No Place to Hide" hasn't even appeared in the printed Book Review yet — that won't happen until June 8 — but it's already infuriated a lot of people. After the review was published online last week, many commenters and readers (and Mr. Greenwald himself) attacked the review, which was not only negative about the book but also expressed a belief that many journalists find appalling: that news organizations should simply defer to the government when it comes to deciding what the public has a right to know about its secret activities
What does GCHQ know about our devices that we don't? (Privacy International) While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them
Do Personal Computers Come With NSA Surveillance Devices Built-In As Standard? (TechDirt) As Techdirt reported last year, one of the most bizarre episodes in the unfolding story of the Snowden leaks was when two experts from the UK's GCHQ oversaw the destruction of the Guardian's computers that held material provided by Snowden. As everyone -- including the Guardian's editor Alan Rusbridger — pointed out, this was a particularly pointless act since copies of the documents were held elsewhere, outside the UK. The only possible explanation seemed to be that the UK government was trying to put the frighteners on the Guardian, and engaged in this piece of theater to ram the point home. But a fascinating blog post from Privacy International raises the possibility that there is another far more disturbing explanation
Iranian court beckons Facebook's Mark Zuckerberg to answer accusations of privacy violation (Naked Security) Iran banned Facebook's WhatsApp earlier this month. The reason? WhatsApp has been bought by Facebook, which of course is owned by CEO Mark Zuckerberg — an "American Zionist", Abdolsamad Khorramabadi, head of the country's Committee on Internet Crimes, reportedly explained
Scenes from the Sabu sentencing: "I'm not the same person you saw three years ago. " (Ars Technica) All further indictments dropped and no more prison if the hacker stays out of trouble
Andy Coulson prosecution not fair or rigorous, phone-hacking trial told (The Guardian) Former News of the World editor's barrister says his client has faced a 'juggernaut' police investigation and prosecution
Houseguest downloads child porn, cops show up (Ars Technica) Giving out your Wi-Fi password always carries at least some risk
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Maryland Cybersecurity Roundtable (Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll be joined by members of the Federal Facilities Advisory Board, as well as representatives from Maryland's cybersecurity companies, military installations, federal facilities, and other partners.
Cyber Security Summit (Huntsville, Alabama, USA, Jun 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, Jun 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.