The CyberWire Daily Briefing 05.30.14

Summary

By The CyberWire Staff

As Russia sleeps the sleep of repletion before further feedings on the near abroad, FireEye notes an interesting trend: a spike in malware callbacks to command-and-control servers as tension between Russia and Ukraine increased—probably worth adding to any list of indicators and warnings.

Iranian security services made effective use of both social media and front news organizations in recent espionage campaigns, but over-reached in their construction of fake identities: they impersonated former UN ambassador John Bolton, spent months cultivating trust with a (well-selected) US Baha'i advocate, connected through LinkedIn, but were blown by Google who warned the victim that someone from Tehran had tried to break into her Gmail account.

Investigators and researchers continue to work on two mysteries: how is the "Oleg Pliss" ransomware getting on iPhones, and what is actually up with TrueCrypt?

South- and Southwest-Asian hacktivists resume exploitation of targets-of-opportunity.

BitSight rates sectors on cyber security. From best to worst, they're finance, retail, energy utilities, and then healthcare and pharma.

Former US Defense Secretary and ex-DCI Gates says France is as big a cyber industrial espionage threat as China. Where there are advanced technological capabilities in a dirigiste political economy, there's also the likelihood of industrial espionage.

China continues to kick back at US indictment of PLA officers, suggesting evidence was fabricated.

NSA releases an email exchange between Snowden and its General Counsel. Snowden's email is so muted it hardly counts as whistleblowing. Perhaps IGs and OGCs should work on their ability to discern and read subtext?

Notes.

Today's issue includes events affecting Australia, Belarus, China, European Union, France, India, Iran, Israel, Kazakhstan, Pakistan, Russia, Turkey, Ukraine, United Kingdom, United States.

Selected Reading

Cyber Trends

Inside the malware war zone (Help Net Security) Adam Kujawa is the Head of Malware Intelligence for Malwarebytes. In this interview he talks about the evolution of malware in the past decade, illustrates the differences in global malware based on the point of origin, highlights the events that changed the threat landscape, offers insight about future threats, and more

Panda: Trojans account for three-quarters of all malware (Computing) Trojan Horse malware now accounts for almost three-quarters of all malware detected globally, according to anti-virus software maker Panda Security, and four-fifths of all infections

The concept of privacy is not unrealistic: McAfee (CSO) In today's digital age it may seem like the concept of privacy is unrealistic, but McAfee, part of Intel Security, remains upbeat about the prospects

Hackers don't just prey on the big boys, warns expert (Oxford Mail) A hi-tech security expert has warned Oxfordshire entrepreneurs after the cyber attack on online auction house eBay

5 Big Cyber Threats for Small Businesses (Property Casualty 360) Why small and midsize businesses are targets for cybercriminals

Hacking for the greater good (Help Net Security) As long as people write code, they will write code with flaws, says Katie Moussouris, former Senior Security Strategist Lead at Microsoft Security Response Center and, as of today, Chief Policy Officer of HackerOne, the company that partially hosts the Internet Bug Bounty

'Half of American adults hacked' in the past year — really? (Naked Security) A new study publicized this week claims that almost half of all American adults — about 110 million people — have had their personal data hacked in the past year

The Cyberspace Landscape Of India Is Changing (Ground Report) The recent cyber security updates by Perry4Law and PTLB have indicated that there has been an extraordinary surge in the cyber attacks at a global level. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been messing up with computer systems located in different parts of the world

Healthcare industry lags in security effectiveness (Help Net Security) BitSight analyzed Security Ratings for S&P 500 companies in four industries — finance, utilities, retail and healthcare and pharmaceuticals. The objective was to uncover quantifiable differences in security performance across industries from April 2013 through March 2014

Large Electric Utilities Earn High Security Scores (Dark Reading) Critical infrastructure is a big target for attack, but new data shows some operators in that industry suffer fewer security incidents than other industries

Legislation, Policy and Regulation

Why NSA Critics Are Wrong About Internet Vulnerabilities Like 'Heartbleed' (Business Insider) In a recent article "Obama Policy on Zero Days Craps Out", Stanford's director of civil liberties Jennifer Granick made the case that the White House should be more forthcoming with its disclosures of "zero day" threats and other web/software vulnerabilities

Will NIST-NSA Cooperation Continue? (BankInfoSecurity) House bill would no longer require NIST to work with NSA

U.S. Cyber Command wants DISA to take greater role in DoD cyber defense (Federal News Radio) U.S. Cyber Command is in talks with the Defense Information Systems Agency to give DISA more day-to-day responsibilities for defending DoD networks from cyber threats

Did Maine Guard chief try to remake second unit without telling governor? (Portland Press Herald) Two people say he went to Washington last year to pitch a plan to convert a South Portland squadron into a cyber security team, but a LePage spokeswoman disputes their accounts

California businesses get new guides from state Attorney General on privacy, cyber-security (Inside Counsel) The new guides benefit both consumers and businesses, as information is presented transparently

Products, Services, and Solutions

Lookout Mobile Security's 'Theftie' App Designed To Combat Smartphone Theft (Industry Leaders) With smartphone thefts becoming rampant, legislators and the telecommunications industry continue to wait for the implementation of a cell phone kill switch, as a possible solution. But a San Francisco-based mobile security firm Lookout is providing other ways to address the problem

Do Lookout's 'Theftie' Photo Alerts Violate Privacy? (Wall Street Journal) Mobile security firm Lookout on Wednesday unveiled a new tool for tracking down potential phone thieves: the "theftie," a covert snapshot of someone using your phone in a suspicious manner

WatchGuard Technologies First To Deliver True Integration of Wired and Wireless Network Security (MarketWatch) Fireware® 11.9 allows users to deploy, configure and manage wireless access points from a WatchGuard UTM or NGFW threat management appliance without requiring additional hardware

CYREN Launches New Service to Combat Phishing Attacks (IT Business Net) CYREN (NASDAQ: CYRN), a leading provider of cloud-based security solutions, today launched its CYREN URL Phishing Feed, a powerful new service that allows its web and email security partners to block phishing sites before they reach unsuspecting end users

HOSTING Partners With DOSarrest Internet Security to Offer DDoS Protection Services (MarketWatch) DOSarrest Internet Security, an industry leading DDoS protection provider, has announced a partnership agreement to offer its full suite of DDoS products to HOSTING, the leading cloud service provider in the market today

Incapsula Launches New Infrastructure DDoS Protection Services (Wall Street Journal) Incapsula, the cloud-based security service, today announced two new services, built to protect against large scale DDoS attacks. The new services complement Incapsula's award-winning Web DDoS and Security offering

FireEye Announces General Availability of Network Threat Prevention Platform With IPS (MarketWatch) FireEye, Inc. FEYE -0.38%, the leader in stopping today's advanced cyber attacks, today announced that it will offer the FireEye Network Threat Prevention Platform with IPS to customers worldwide starting June 2, 2014. Available as an add-on license to the FireEye Network Threat Prevention Platform (NX series), the new offering is designed to give customers a holistic view of multi-vector attacks that go well beyond conventional intrusion prevention system (IPS) tools

Webfwlog Firewall Log Analyzer v1.0 Released (ToolsWatch) Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also supports logs saved in a database using the ULOG or NFLOG targets of the linux netfilter project, or any other database logs mapped with a view to the ulogd schema. Versions 1 and 2 of ulogd database schemas are supported. Webfwlog is licensed under the GNU GPL

Biometric tool prevents fraud (Help Net Security) BioCatch launched its eCommerce fraud prevention solution. The new tool uses behavioral biometric analysis to detect suspicious behavior and authenticate repeat customers, while reducing customer friction associated with additional security verifications and checks

How Yik Yak Keeps Its Anonymity App From Ruining People's Lives (Wired) The dean of students said it was coming, and it arrived almost immediately

Technologies, Techniques, and Standards

Banks: How to Improve Threat Detection (BankInfoSecurity) Banking institutions need to develop "day-to-day situational awareness" of the latest threats, says Vikram Bhat, a threat researcher at Deloitte and Touche, which just released a report about cybersecurity issues and awareness

How we patch: by the numbers (Talk Tech to Me) We all know how important it is to keep current with security updates, a.k.a. patches — but how many organizations are really following best practices? As attackers get more sophisticated and researchers become more diligent, vulnerabilities in popular software — from operating system to end-user applications and even including security software — are discovered every day. To their credit, software vendors are working overtime to stay on top of the problem and issue patches to fix these flaws as quickly as possible

Crypto won't save you (CSO) Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. Having been part of the team that wrote the popular PGP encryption package, you'd expect that he'd put a lot of trust crypto

WordPress Security Checklist (Help Net Security) WordPress is not only easy to use, it also comes with many plugins and themes for you to choose from, making it extremely customizable. However, like all other popular platforms, it is also more prone to hacking

Operating in zero trust environments (ProSecurityZone) Dr Wieland Alge, Vice President and General Manager EMEA Barracuda Networks discusses zero trust environment infrastructures and the role of the CIO

How to Demand Your Right to Be Forgotten from Google (Softpedia) A couple of weeks ago, the European Court of Justice completely changed things for those who wanted to hide some piece of their past from Google searches

Google's "right to be forgotten" response is "disappointingly clever" (Ars Technica) You'll need a copy of your photo ID and a list of every URL you want taken down

Marketplace

Strategic security acquisitions: What makes sense? (Help Net Security) Thanks to a steady stream of high-profile data breaches, a rapidly shifting threat environment, and the recent indictment of 5 members of Chinese People's Liberation Army "Unit 61398" for state-sponsored espionage, security is top-of-mind, even in the boardroom

Proofpoint: Fundamentals Suggest Still More Downside (Seeking Alpha) Proofpoint Inc. (PFPT) a hot cloud-based network security play, is trading at a gravity-defying valuation on the back of strong adoption of the company's TAP (Targeted Attack Protection) solution, gaining share from legacy solutions and upselling in its existing customer base. Recently, the stock has corrected with the broader equity markets, but fundamentals suggest more downside from here

Cyber security fears drive Palo Alto (Financial Times) Shares of Palo Alto Networks, the cyber security software maker, surged after the company said fiscal third-quarter sales topped Wall Street expectations and it had settled an outstanding lawsuit with Juniper Networks

Business Buzz: Raytheon Benefits From the Government's Cyber Threats (InTheCapital) As lawmakers on Capitol Hill continue to struggle with an answer to the growing threats against America's cyber security, one of the largest government contractors is cashing in. Raytheon, the gigantic defense electronics and missile systems company, is expecting a surge in stock pricing

Cyber Attacks, Threats, and Vulnerabilities

FireEye: Malware Traffic to Ukraine, Russia Spiked During Peak of Conflict (Dark Reading) A FireEye researcher posits that a significant spike in malware traffic to Russia and the Ukraine at the height of the conflict between the two countries could be part of a trend — and could improve threat intelligence

Russia, Kazakhstan, Belarus form Eurasian Economic Union (Washington Post) Russian President Vladimir Putin moved Thursday to further bolster his nation's ties to former Soviet republics, as Russia's relationships with the United States and Europe continue to fray over the conflict in Ukraine

Iran Is Using a Neocon to Hack Its Foes (Daily Beast) John Bolton, the former U.N. ambassador under George W. Bush, is playing an unexpectedly prominent role in an Iranian cyberspying campaign

Newscaster Threat Uses Social Media for Intelligence Gathering (eWeek) A new report alleges that Iran is using social media to hack Western organizations

How to avoid cyberspies on Facebook, LinkedIn (CSO) Educating employees on how to identify spies can derail cyberespionage campaigns

Israel, Iran wage cyber warfare in the battlefield of the future (Jerusalem Post) What may begin as an enemy intelligence-gathering mission could later turn into a virus that disrupts military operations

Apple iOS ransomware mystery deepens — "Oleg Pliss" pops up in LA (Naked Security) We still can't tell you how the "Oleg Pliss" hack works. That's the curious message that popped up on Apple iOS devices in Australia earlier this week

The mechanics of the iCloud "hack" and how iOS devices are being held to ransom (Troy Hunt) If you're an Aussie with an iPhone, there's a chance you've been woken up in the middle of the night by this

'Oleg Pliss' hack makes for a perfect teachable IT moment (Computerworld via CSO Salted Hash) Earlier this week, a number of iOS device owners woke up to discover that someone had locked them out of the iPhones, iPads, and iPod touches. The attack, primarily aimed at users in Australia and New Zealand (though there are now reports of users in North America and other countries being hit), demanded a ransom be paid to unlock each device. Ironically, the PayPal account referenced in the demand did not seem to even exist

TrueCrypt quits? Inexplicable (ZDNet) Nobody has a good explanation yet for what happened to the generally respected TrueCrypt project, which yesterday announced itself insecure and sent its users to Microsoft

Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above? (Ars Technica) A sampling of theories behind Wednesday's notice that TrueCrypt is unsafe to use

With Heartbleed as a wake up, what is a Man-in-the-Middle (MITM) attack? (The Next Web) You grab your coffee, connect to the coffee shop's Wi-Fi and begin working. You've done this a hundred times before. Nothing seems out of the ordinary, but someone is watching you. They're monitoring your Web activity, logging your bank credentials, home address, personal email and contacts — and you won't know it until it's too late

Misconfiguration to blame for most mobile security breaches (Help Net Security) Nearly 2.2 billion smartphones and tablets will be sold to end users in 2014 according to Gartner, Inc. While security incidents originating from mobile devices are rare, Gartner said that by 2017, 75 percent of mobile security breaches will be the result of mobile application misconfiguration

Monsanto Suffers Data Breach at Precision Planting Unit (Threatpost) Monsanto, the massive international agricultural conglomerate, has disclosed a data breach that involved the personal information of customers and employees of its Precision Planting subsidiary. The breach included names, addresses, possibly Social Security numbers and some financial account information

Avast and Simple Machines Spat Ends in Collaboration (CBR) Dispute over cyber attack prompted questions over third-party software. Simple Machines is now working with Avast to analyse the recent cyber attack that compromised the details of 400,000 forum users, following a public dispute between the two companies over the nature of the breach

Fake Australian Electric Bill Leads to Cryptolocker (Internet Storm Center) Our reader Mark sent us a link he recovered from a Phishing e-mail. We don't have the e-mail right now, but the web site delivering the malware is kind of interesting in itself. The e-mail claims to come from "Energy Australia", an actual Australian utility company

Office falls victim to cyber attack after eBay breach (ITV) Nationwide shoe shop Office has become the latest company to fall victim to a cyber attack, forcing the retailer to warn its customers to change their account passwords

San Diego State University Acknowledges Data Breach (eSecurity Planet) 1,050 students' names, Social Security numbers, birthdates and addresses were exposed

ProMedica Bay Park Hospital Admits Insider Breach (eSecurity Planet) 594 patients' names, birthdates, diagnoses, physicians' names and medications were accessed

ARY News Channel website hacked for Showing Blasphemous and Indian Content (HackRead) The official website of Pakistan's famous ARY News Channel website has been hacked and defaced by Pakistani hacker 'hasnain haxor' just few hours ago

Pakistani hacker hacks Taj Mahal Mausoleum and Agra Fort India Websites for Kashmir (HackRead) A Pakistani hacker going with the handle of "hasnain haxor" has hacked and defaced the official website of Taj Mahal mausoleum, the 7th wonder of the world and Agra Fort, a UNESCO World Heritage site located in Agra, Uttar Pradesh, India

Academia

Defense Against the Dark Arts (of Cyberspace) (IEEE Spectrum) Universities are offering graduate degrees in cybersecurity

NSA Keeping Watch On FAU (Boca News Now) The NSA is watching FAU and the agency likes what it sees. According to the school, Florida Atlantic University has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense Research (CAE-R) for academic years 2014-19 by the National Security Agency (NSA) and the Department of Homeland Security (DHS)

Litigation, Investigation, and Enforcement

Gates highlights cybercrime threat not from Iran or Russia, but…France? (FierceGovernmentIT) While China-based cybercriminals pose the biggest threat to U.S. industry in terms of economic espionage, one of the nation's closest allies isn't far behind, according to Robert Gates, former secretary of the Defense Department

DOJ's recent charges against Chinese years in the making, says Carlin (FierceGovernmentIT) The Justice Department's recent charges against members of China's People's Liberation Army for economic espionage and stealing trade secrets from American companies were part of a years-long effort, says a senior DOJ official

China suggests US may have made up evidence for cyberattacks (Fox News) China suggested Thursday the U.S. fabricated evidence to back up accusations of cyberattacks of U.S. companies by Chinese military officers

China warns of reaction to U.S. cyber indictment (Xinhua via the Global Post) China said on Thursday that it would take further reaction to the U.S. allegation of cyber theft by Chinese military officers, according to circumstances

China Hacking Is Deep and Diverse, Experts Say (Wall Street Journal) China's Internet espionage capabilities are deeper and more widely dispersed than the U.S. indictment of five army officers last week suggests, former top government officials say, extending to a sprawling hacking-industrial complex that shields the Chinese government but also sometimes backfires on Beijing. Some of the most sophisticated intruders observed by U.S. officials and private-sector security firms work as hackers for hire and at makeshift defense contractors, not the government, and aren't among those named in

Indicting Chinese Military Officers Is A Huge Mistake (Dark Reading) Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures

Snowden complained about mass surveillance tactics to his NSA masters (Ars Technica) "NSA has now explained that they have found one email inquiry by Edward Snowden"

Edward J. Snowden email inquiry to the NSA Office of General Counsel (IC on the Record) NSA has now explained that they have found one email inquiry by Edward Snowden to the Office of General Counsel asking for an explanation of some material that was in a training course he had just completed. The e-mail did not raise allegations or concerns about wrongdoing or abuse, but posed a legal question that the Office of General Counsel addressed

UPDATE 1-Snowden: "no relationship" with Russian government (Reuters) Former U.S. National Security Agency contractor Edward Snowden told a U.S. television interviewer on Wednesday he was not under the control of Russia's government and had given Moscow no intelligence documents after nearly a year of asylum there

The next chapter in the Snowden leaks may unfold in a New York museum (Quartz) Over the past year, the secret US government documents that Edward Snowden disclosed have been cascading through the pages of newspapers and magazines around the world. But could the next chapter of the story play out in the halls of a museum?

Thieves Planted Malware to Hack ATMs (Krebs on Security) A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come

Homeland Security Sec. Johnson Admits Alleged Breach of Classified Docs 'Problematic' (Breitbart Big Governmet) Department of Homeland Security Sec. Jeh Johnson departed from his predecessor's dismissive stance about a potential breach of classified information to a man with ties to the Muslim Brotherhood, saying it's "problematic"

The legal tools for dealing with a cyber-attack (Lexology) Late last year, a group of information security experts gathered with government officials to hack into the deep intestinal computers of London's financial district. The purpose of the exercise, dubbed "Waking Shark II", was to test whether the UK's banks and stock exchanges — that is to say, the UK financial system — could withstand a major cyber-security attack

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

17th Annual New York State Cyber Security Conference and 9th Annual Symposium on Information Assurance (Albany, New York, USA, June 3 - 4, 2014) The 17th Annual New York State Cyber Security Conference (NYSCSC '14) and 9th Annual Symposium on Information Assurance (ASIA '14) is a two day event co-hosted by the New York State Office of Information Technology Services Enterprise Information Security Office, the University at Albany's School of Business and College of Computing and Information, and The NYS Forum, Inc. The Conference is held in Albany, New York on June 3 and 4 at the Empire State Plaza. The Conference features prominent industry security experts presenting the latest innovations in cyber security and includes peer networking and sessions on leading-edge security topics and issues.

What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, June 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.