The CyberWire Daily Briefing for 5.29.2014
CSO advises companies to raise their vigilance against malware during periods of political crisis. Four crises at least currently warrant such increased vigilance: Russian appetite for Ukraine and Georgia (with Donets and Abkhazia on the menu, and a Russian-led trade union in the near abroad as dessert), Chinese assertion of territorial rights in the South China Sea (Vietnam is in the cyber crosshairs, the Philippines next), and Thailand's recent coup d'état (accompanied by ongoing information operations).
iSight reports on Iranian intelligence operations against the US. They involve traditional espionage tradecraft adapted to cyberspace.
The ransomware campaign exploiting the iLock feature on Apple devices (possibly enabled by compromised iCloud credentials) has spread from Australia and New Zealand to California.
Another new ransomware effort (and CryptoLocker competitor) CryptoDefense, recently investigated by Bromium, is causing concern, but there may be good news: flawed implementation of the malware has enabled some victims to recover their files.
Encryption darling TrueCrypt has apparently taken itself down. A warning against using it appeared on the TrueCrypt site yesterday along with a recommendation to switch to Bitlocker. Some observers think this may be a hack—the text on the relevant page had the short look of defacement—but the emerging consensus holds that TrueCrypt is indeed gone.
Researchers find vulnerabilities in NICE Systems' lawful intercept products.
Siemens patches Rugged OS.
Neither China nor the US is backing down from their mutual cyber recriminations. One consequence appears to be a pop in Chinese tech stocks.
Edward Snowden wants to come home.
Notes.
Today's issue includes events affecting Australia, Belgium, Canada, China, Denmark, Finland, Georgia, Indonesia, Iran, Israel, Japan, New Zealand, Norway, Pakistan, Philippines, Romania, Russia, Slovenia, South Africa, Thailand, Ukraine, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Increase your malware vigilance during geopolitical conflicts (CSO) Research shows that malware activity is likely to increase dramatically during geopolitical tension, and companies are the targets
Beijing may call Hanoi's bluff and start war: Duowei (Want China Times) Vietnam is taking a big gamble by inflaming its territorial dispute with China as Beijing could very well consider starting a war, reports Duowei News, an outlet run by overseas Chinese
Russia Urges Emergency Steps on Ukraine Amid Rebel Losses (Bloomberg) Russia called for unspecified "emergency" measures to halt the violence in eastern Ukraine after separatist militias suffered the heaviest casualties of their insurgency
Presidential Building Is Stormed in Restless Georgian Region (New York Times) Hundreds of demonstrators occupied the presidential headquarters of Abkhazia, a breakaway enclave of Georgia, on Wednesday, demanding the resignation of the region's leader and the dismissal of the government in the latest tumult to grip a separatist area supported by Russia
Thailand's military is cracking down on social media, street protests, and illicit hardwood (Quartz) This isn't the Thai military's first coup d'état, but it is introducing some new wrinkles this time around, including restrictions on public dissent, a dry run blockade of Facebook, and some high-profile investigations of people associated with the ousted Pheu Thai party–not for opposing the coup, but for illegal possession of teak wood
Iranian group created fake news organization to hack U.S. military (ComputerWorld) Active since 2011, the group targeted more than 2,000 U.S. military members, defense contractors and lobbyists, iSight Partners said
Mass Cyber Attack Locking, Holding Apple Devices Ransom Reaches Southern California (CBS Los Angeles) A global cyber attack, in which a hacker is targeting and locking iPad, iPhone and other Mac devices, and sending out a ransom message to the afflicted, has reportedly reached the Southland
Apple Ransomware Targeting iCloud Users Hits Australia (Threatpost) A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware
CryptoDefense ransomware infects via Java drive-by exploit (Graham Cluley) Boffins at security firm Bromium have discovered that the CryptoDefense malware has been spread via boobytrapped webpages, in an attempt to make more money for its creators
CryptoLocker Ransomware Competitor May Have Fatal Flaw (Threatpost) CryptoLocker certainly changed the ransomware game last year when it threatened its victims with the loss of important files if a timely ransom payment was not made. Reportedly, criminal gangs utilizing this dangerous type of ransomware were earning hundreds of thousands of dollars per month
True Goodbye: 'Using TrueCrypt Is Not Secure' (Krebs on Security) The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP
Ominous Warning or Hoax? TrueCrypt Warns Software 'Not Secure,' Development Shut Down (Threatpost) Is it a hoax, or the end of the line for TrueCrypt?
True Crypt Compromised / Removed? (Internet Storm Center) Earlier today, the popular disk encryption tool Truecrypt was essentially removed from Sourceforge, and replaced with a warning that Truecrypt is no longer secure and people should switch to Bitlocker (with instructions as to how to do this). The source code was updated and essentially all functionality was removed but the installer will now just show a message similar to the one displayed on the homepage
Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery (Forbes) Encryption is a silent, unsung hero of our modern connected society . From protecting your sensitive details when you log on to Internet banking to protecting data on your laptop or mobile phone if it is lost or stolen, 'crypto' (the oft used shortened version of encryption) is a supporting pillar of the global economy and most of the digital world we all touch day to day. Establishing trust in crypto (and thus in technology as a whole), now more than ever with the revelations of the past 18 months, is difficult and the following news therefore potentially comes as a significant blow to online privacy and security. Or as some in the industry would put it, or is it?
Here's what you need to know about the sudden and mysterious death of TrueCrypt (Gigaom) It's a mystery that has the information security industry scratching its collective head: why did the anonymous developers of TrueCrypt, a tool recommended by the likes of Edward Snowden, suddenly kill the project and recommend a Microsoft encryption tool instead?
HeartBleed Virus Removal Tool Actually Carries a Trojan (Softpedia) You can't blame anyone for not knowing malware from OpenSSL flaws in the same way you can't accuse Einstein of not figuring it all out before he expired. Case in point, a new spam campaign is trying to dupe Windows users into running a so-called HeartBleed Bug/Virus Removal Tool to clean their computers
Remotely Exploitable Flaws Haunt Lawful Intercept Surveillance Gear (Threatpost) The small, but growing, group of companies that supply so-called lawful intercept gear to intelligence agencies and law enforcement organizations around the world have operated mostly under the radar until very recently. Their products are used to record and scrutinize the communications of suspected criminals and terrorists, but now they're finding that their products are coming under scrutiny by the security research community
Scrape FAST, Find'em Cards EASY! (TrendLabs Security Intelligence Blog) While researching POS RAM scraper malware, I came across an interesting sample: a RAR archive that contained a development version of a POS RAM Scraper malware and a cracked copy of Ground Labs' Card Recon software. Card Recon is a commercial Data Leakage Prevention (DLP) product used by merchants for PCI compliance
New 'Sweetheart' Schemes Exploit Mobile (BankInfoSecurity) Fraudsters abuse RDC services for fraudulent checks
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit (Dark Reading) Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD
eBay subdomains vulnerable to XSS attacks, researchers find (SC Magazine) While eBay responds to a major breach impacting its users, researchers warn that other security concerns should be on the company's list of issues to resolve — namely, cross-site scripting (XSS) flaws impacting its website
New Web Vulnerabilities Expose eBay User Data Again (Infosecurity Magazine) Internet giant eBay is hit with fresh revelations over preventable flaws in its website
Antivirus firm Avast! takes down forums after breach (The Register) You know the drill: change your passwords and prepare for the worst
Data Thieves Not Satisfied With Just Payment Data Anymore (PYMNTS) Payment card data continues to be the prime target for data compromises, but increasingly thieves are starting to go after other types of personal and valuable data to steal, according to a new report from security firm Trustwave
Which of your favourite websites are terrible at passwords? (Naked Security) Match.com, you might be one of the biggest dating sites out there, but you're breaking our hearts
Our online advertising model fails have put us all in danger (Naked Security) We don't like paying for things. No point in handing over hard-earned cash for something when we can get the same thing for free, we think
Stolen Computers Expose 1,213 Elliot Hospital Patients' Data (eSecurity Planet) Names, addresses, phone numbers, birthdates and health information may have been accessed
Security Patches, Mitigations, and Software Updates
Siemens Fixes DOS Flaw in Rugged OS Devices (Threatpost) Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company's RuggedCom switches and serial-to-ethernet devices
Patching the wrong product — a bad thing? (ZDNet) Microsoft warns that using Windows POSReady patches on a regular Windows XP system could cause problems. How seriously should you take this?
Important Notice to Our Users (Spotify) We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we're taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I'm posting today
Cyber Trends
Hackers are winning the cyber crime war, says new study (TechTimes) The cyber war is going well, at least if you are one of the hackers, states a new study published by the California business consulting firm PwC, the United States Secret Service, the CERT Division of Carnegie Mellon University's Software Engineering Institute and CSO security news magazine
The Half-Baked Security Of Our 'Internet of Things' (Forbes) It is a strange series of events that link two Armenian software engineers; a Shenzen, China-based webcam company; two sets of new parents in the U.S.; and an unknown creep who likes to hack baby monitors to yell obscenities at children. "Wake up, you little slut," the hacker screamed at the top of his digital lungs last summer when a two-year-old in Houston wouldn't stir; she happened to be deaf. A year later, a baby monitor hacker struck again yelling obscenities at a 10-month-old in Ohio
2013 Incident Summary (New Zealand National Cyber Security Centre) The incidents summarised in this report reinforce that cyber security is truly a global issue, and New Zealand organisations are just as vulnerable as organisations in any other part of the world
8 key cybersecurity deficiencies and how to combat them (Help Net Security) While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organization' cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries
Employee behaviors expose organizations to insider threat (Help Net Security) A third of UK professionals are likely to consider risky behaviors that endanger or undermine data protection
Ineffective password security practices plague organizations (Help Net Security) Just over 13 percent of IT security professionals admit to being able to access previous employers' systems using their old credentials, according to Lieberman Software
Fraud study finds MasterCard holding lowest fraud rate (Help Net Security) 2Checkout released a study of online payments fraud, based on a worldwide sample of approximately one million payment transactions tracked each quarter
Marketplace
China Accuses Cisco Of Working 'Intimately' With U.S. Gov On Cyberspying (CRN) Cisco Systems is denying accusations from a Chinese media outlet claiming the San Jose, Calif.-based networking company is aiding the U.S. government's alleged cyberspying efforts in China
FBI's Wanted List Sends Chinese Tech to First From Worst (Bloomberg) Investors in Chinese technology shares can thank the U.S. Justice Department for turning their unprofitable bets into the stock market's biggest winners
The Most Powerful Security Companies In The World (Silicon India) Oracle: Oracle was previously into software vending until recently it acquired the Sun Microsystems, its main competitor, making it the owner of both hardware and software parts. Sun Microsystems is known for creating Java programming language and Oracle is gaining control over it in order to operate all the patch updates and security advisories on it
Antivirus Software Might Be Dead, But Symantec Certainly Is Not (The Motley Fool) Symantec (NASDAQ: SYMC) is a consumer antivirus software manufacturer that is, perhaps, best known for its flagship Norton Antivirus. Sales of the company's Norton brand have stagnated in the last couple of years, a trend that prompted one of its executives to publicly declare that antivirus software is dead. But, make no mistake, the cyber-security industry is still valued at $70 billion per year
WidePoint — A Prime Acquisition Target Due To Triple; $6.50 Price Target (Seeking Alpha) WidePoint (WYY) has a low market cap of $112 million and recently won three government contracts worth a combined $670 million. Poised to benefit from outstanding growth within the cloud-mobility and security market, WYY is an attractive acquisition target because of its cheap valuation and strong growth outlook
Senate Defense Bill Unearths NSA 'Sharkseer' Program (Nextgov) Highlights from the Senate Armed Services Committee's new defense policy bill show lawmakers would like to drop $30 million on an obscure National Security Agency cybersecurity program called Sharkseer
Procera Networks Receives $3.5 Million in Follow-On Orders From Three Tier 1 Broadband Operators (CEN) Momentum in EMEA, APAC and LATAM continues to grow with investments in customer satisfaction
Target gets serious about its digital transformation (FierceRetailIT) Target (NYSE:TGT) has formed a digital advisory group to assist as it tries to fight back from the very damaging data breach and mismanaged Canadian market entry. The Minneapolis-based retailer has enlisted technology executives from outside the traditional retail space to help chart a path along its digital transformation
Bill Christman: ICF Extends Cyber R&D Support for Army Research Lab (GovConWire) ICF International (NASDAQ: ICFI) has won a three-year, $50 million contract to continue providing support services for a cyber technology research and development program at the Army Research Laboratory
FireHost Names Two New Execs (Texas Tech Pulse) Dallas-based secure cloud hosting provider FireHost reported this morning that it has added two new executives, as part of a leadership expansion. FireHost said it has named Jeff Schilling as Chief Security Officer (CSO) and Jim Hilbert as Senior Vice President of Global Sales
HackerOne Bug Bounty Platform Lands Top Microsoft Security Expert (Threatpost) With bug bounties being all the rage, the platforms that support them are emerging as important pieces of the security research, disclosure and reward ecosystem. One of those platforms, HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft's bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure
Cyber-security expert Brian E Finch joins Pillsbury as a public practices partner (The Lawyer) Pillsbury has announced the appointment of Brian E Finch, a leading authority in cyber security, as a partner in the public practices section in Washington DC, where he will represent major corporations in their public policy and their global security strategy and compliance needs. Finch joins Pillsbury from Dickstein Shapiro, where he led the global security practice in the firm's government law and strategy group
Products, Services, and Solutions
Some Antivirus Tools Wildly Effective Against Zero-Day Malware (PC Magazine) A Trojan or other malicious program that's been analyzed by antivirus researchers is very easy to detect and block. Antivirus programs handle such threats using a kind of file fingerprint known as a signature. In many cases, a single well-crafted signature can match a whole family of related malware. The real problem involves detecting zero-day threats; malware or malware variants that have never been seen before. In a recent test by AV-Test Institute, several antivirus tools proved wildly effective against zero-day threats, while others failed miserably
New certification seeks to bolster insider threat programs (TechTarget) The CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute has announced a new certificate aimed to help information security leaders develop formal insider threat programs
Your own, customised, personal Microsoft security bulletin dashboard (Graham Cluley) When Microsoft publishes a raft of new security updates, the last thing an IT system administrator needs is to get a headache trying to unravel what patches they need for what versions of what software throughout their organisation
SwishData Launches "Hacked: The Series", a Government Cyber Security Campaign (Digital Journal) SwishData, a woman-owned group of leading data performance architects for the federal marketplace, today announced the launch of a new online resource called "Cyber Attack Defenders," which shines a light on the real dangers and realities that federal agencies face when it comes to cyber security
Technologies, Techniques, and Standards
Sinkholes: Legal and Technical Issues in the Fight against Botnets (Infosec Institute) The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture
Is FedRAMP the Final Answer? (FedTech) The cloud security program is a good first start, but adoption must extend beyond the government, experts say
Schwartz: Cybersecurity framework gaining foothold (FierceGovernmentIT) The federal cybersecurity framework released earlier this year is helping critical infrastructure sectors that previously lagged catch up to those with more expertise, said Ari Schwartz, a White House cybersecurity official
Mobile security: Is antimalware protection necessary? (TechTarget) There's been a fair amount of discussion about whether mobile devices need antimalware protection. With my employees using their own devices at work, for work, I want to make sure my company is adequately protected. Is the antimalware investment a necessary one? If not, is there a better product to use?
Stave off infection: Assessing the best antimalware protection (TechTarget) It seems every security vendor claims it has the unique capability to find and stop (or at least minimize the impact of) advanced malware, which can be loosely defined as "anything your existing antimalware product doesn't catch, but probably not including old viruses and worms that we don't really care about"
The benefits of subscription-based penetration testing services (TechTarget) A number of providers now offer subscription-based penetration testing services. How do they compare to traditional pen testing, and how should I determine if this is the right option for my enterprise?
How to use Kismet: A free Wi-Fi network-monitoring tool (TechTarget) IT security professionals often work on large campuses with many networks and endpoints. It's not always easy to keep tabs on every network, especially Wi-Fi networks that can come and go frequently
Next-generation firewall comparisons show no product is perfect (TechTarget) Next-generation firewalls rose to prominence several years ago as vendors promised that they could deliver a variety of security features
Army cyber chief wants more failure (FCW) Lt. Gen. Edward Cardon says a freer attitude toward experimentation would yield better results for Army Cyber Command. It's a common refrain in the development world these days — developers need the freedom and space to fail faster. The agile way of thinking is reaching into the tradition-bound U.S. Army, at least at the level of its top cyber commander, Lt. Gen. Edward Cardon
Risk management issues, challenges and tips (Help Net Security) Gary Alterson, is the Senior Director, Risk and Advisory Services at Neohapsis. In this interview he discusses the most significant issues in risk management today, offers tips on how to develop a risk management plan, and more
Online gaming threats and protection tips (Help Net Security) In this podcast, recorded at Infosecurity Europe 2014, Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, talks about online scams and phishing attacks, specifically those related to protected Steam accounts
Security by Sharing! OWASP Austin: Talk on Crowd-Sourced Threat Intelligence (Alien Vault) Jaime spoke at the Austin OWASP chapter meeting on 5/27. He is a security researcher with broad experience in network security and malware analysis. The last OWASP meeting Jaime presented at was in Barcelona sixyears ago, when he was doing penetration testing
Principles of compliance in the financial services industry (ComputerWeekly) The financial services sector is subject to multiple and complex legal and regulatory compliance requirements that span international boundaries — all of which have implications for storage, backup and the security and integrity of data
Design and Innovation
Microsoft Ventures partners for cyber-security accelerator, one startup to get $1m investment (The Next Web) Microsoft Ventures, the startup-nurturing and investment-focused side of Microsoft, has announced today that it is launching a cyber-security-focused program at its accelerator in Tel Aviv, Israel, in collaboration with Jerusalem Venture Partners
Research and Development
Cyber Threats: Net Psychology (iHLS) Artificial intelligence researchers are constantly trying to teach machines to think like humans. Despite all their efforts, though, there's a massive gap between human and machine psychology. An Israeli startup recently began using these differences to form a new, refreshing model of information security
Quantum Cryptography with Ordinary Equipment (IEEE Spectrum) Researchers in Japan have come up with a way of doing quantum cryptography that could overcome two of the technology's big problems. The new protocol is designed to work with off-the-shelf equipment and use less bandwidth than existing methods. It's just a mathematical proposal, but it could help make quantum key distribution more commercially viable
'Black Box' Software Could Be the Future of Cryptography (Motherboard) Imagine trying to throw a dart at a bullseye that's 200 feet away with only your bare hands. Now, add a blindfold to the equation. Theoretically, it might be possible. But practically, it's pretty much impossible—about the same odds as trying to break a new form of software protection called indistinguishability obfuscation
Academia
Mikulski seeks $120M to create cyber security center at Naval Academy in Annapolis (Baltimore Business Journal) U.S. Sen. Barbara Mikulski on Thursday introduced a bill that includes $120 million to construct a Center for Cyber Security Studies at the U.S. Naval Academy in Annapolis
Coding exposure: 900 students develop their first programs at App Day (GeekWire) Inside the gymnasium on Friday at Rainier Beach High School was a scene best described as organized chaos
Legislation, Policy, and Regulation
China Threatens Further Action Against U.S. Over Hacking Dispute (Bloomberg) China said it will take further action against the U.S. for prosecuting five of its military officers for alleged hacking, saying it has evidence its companies have also been hacked
China tries to limit damage from cyber spying spat (Fort Mill Times) China tried Wednesday to cool a dispute with Washington over cyber spying, reminding the United States of its need for Chinese help over North Korea and appealing to it not to hurt cooperation in anti-terrorism and other areas
China Says U.S. Also Engages in Hacking (Wall Street Journal) A Chinese government report accused the U.S. of Internet surveillance into the highest levels of its leadership and key national institutions, in the latest response from Beijing to the Obama administration's efforts to punish alleged state-sponsored hacking from China. The report by the China Internet Media Research Center published Monday described China as "a main target" of U.S. secret surveillance and said Washington has eavesdropped on its state leaders, scientific institutes, universities
Senator urges parliamentary oversight of national security services (Ottawa Citizen) In the wake of revelations about the breadth of electronic spying by the U.S. National Security Agency, Sen. Hugh Segal says Canada needs a parliamentary intelligence oversight committee for Canada's security services, such as Communications Security Establishment Canada and the Canadian Security Intelligence Service. He, and others, argued the point at a public meeting of the Senate Liberal caucus Wednesday
Slovenia establishes anti-cyber-attack unit (Xinhua via Global Post) Slovenia's armed forces has established a special unit that will be responsible for the security of cyber system of the nation, Slovenian Press Agency reported on Wednesday
White House staff, Obama's top military adviser disagree on cyber strategy (Inside Cybersecurity) White House officials and President Obama's top military adviser disagree about whether the United States has a coherent national strategy to address cyber threats. The rift surfaced when Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, recently voiced concerns at the Atlantic Council about the nation's lack of preparedness for a cyber attack, cited strategic shortcomings and assigned blame to Congress
House intel chair: Chances bleak for cyber bill after August (Defense News) Congress is unlikely to take up a sweeping cybersecurity bill this year if one is not moving in both chambers by August, says House Intelligence Committee Chairman Rep. Mike Rogers
Data Brokers: A Call for Transparency and Accountability (US Federal Trade Commission) In today's economy, Big Data is big business. Data brokers—companies that collect consumers' personal information and resell or share that information with others—are important participants in this Big Data economy
Discontent in Defense Sector Over Export Controls (National Defense) Aerospace and defense firms have cheered the Obama administration's five-year effort to overhaul the U.S. export licensing system at a time when American manufacturers seek international growth
NSA director forgets name of NSA program, hopes nobody is recording his speech (Washington Post) Answering questions at a cybersecurity symposium Wednesday, U.S. Cyber Command Chief and National Security Agency Director Adm. Michael Rogers tried to explain his job — but while doing so, he forgot the name of an NSA program
Litigation, Investigation, and Law Enforcement
NSA leaker Edward Snowden: I want to come home to U.S. (CBS News) National Security Agency leaker Edward Snowden says he would like to go home
Edward Snowden Says The US Stranded Him In Russia — Here Are 4 Problems With That Claim (Business Insider) Former National Security Agency contractor Edward Snowden told "Nightly News" anchor Brian Williams in Moscow that he "never intended to end up in Russia"
A Year Later, Most Americans Think Snowden Did The Right Thing (Dark Reading) On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched
Germany drops NSA prosecution due to lack of evidence (PCWorld) Data protection officials are bewildered by the German federal prosecutor's decision not to start a criminal investigation into the alleged mass surveillance of German citizens by the U.S. National Security Agency
UK National Cyber Crime Unit open to business (ComputerWeekly) The UK's National Cyber Crime Unit is open to working with business and other organisations in the private sector, says deputy director Andy Archibald
Jason Jordaan: Corruption fuels SA cyber crime (ITWeb) Rampant corruption in SA is fuelling the problem of cyber crime. So said Jason Jordaan, head of forensic laboratory at the Special Investigating Unit (SIU) in SA, who was delivering a keynote at the ITWeb Security Summit this morning
Watchdog puts UK gov IT on RED alert. Yes, that's a bad thing (Channel Register) The UK government's "G-Cloud" project is one of more than 20 IT-related government-run projects that have been given a "red" or "amber/red" status by the Major Projects Authority (MPA), a watchdog that oversees government projects
62-year-old man arrested over tweeting as 'ghost' of murdered toddler James Bulger (Naked Security) UK police have arrested a 62-year-old man in connection with tweets purportedly coming from the ghost of murdered toddler James Bulger
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Maryland Cybersecurity Roundtable (Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll be joined by members of the Federal Facilities Advisory Board, as well as representatives from Maryland's cybersecurity companies, military installations, federal facilities, and other partners.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
Cyber Security Summit (Huntsville, Alabama, USA, Jun 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".
AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, Jun 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.