The CyberWire Daily Briefing 06.02.14

Summary

By The CyberWire Staff

Anonymous threatens to attack corporate sponsors of the World Cup, aiming, those who purport to speak for it, to protest the disparity between corporate largesse showered on the games and shortfalls in Brazilian social services. (Coincidentally and predictably, there's also a rising wave of fùtbol-related scam traffic. It's unfair to attribute all or even most scams to hacktivism, but crime tends to track activist concerns.) Brazil's Ministry of External Relations was also hit last week by phishing of unclear source and intent.

Recorded Future discerns the spoor of a familiar Iranian crew—Parastoo—in the intelligence campaign recently uncovered by iSight.

Security researchers continue to discuss the state of TrueCrypt—down, for whatever reason. Cyveillance warns of suspicious binaries on the new TrueCrypt site. The crowd-funded TrueCrypt audit continues, and ComputerWorld offers a useful beginner's guide to TrueCrypt alternative BitLocker.

MITRE researchers demonstrate that the Unified Extensible Firmware Interface's Secure Boot security mechanism could be bypassed to brick about half the machines using Secure Boot.

Adobe patches disclosure and denial-of-service bugs in tomcat. The All in One SEO Pack for WordPress is vulnerable and being exploited in the wild: users are advised to update the plugin.

Reports on the state of cyber security suggest again that attackers continue to operate inside defenders' decision loops, in part because of the black market's role as de facto crowdsourced R&D establishment.

NIST wants comments on its SHA-3 Standard.

US indictments of PLA officers spur calls for a cyberwar convention.

Snowden's recent interview earns him poor reviews.

Notes.

Today's issue includes events affecting Australia, Austria, Belgium, Brazil, Denmark, Finland, Germany, Iran, Japan, Luxembourg, Maldives, Netherlands, New Zealand, Norway, Romania, Saudi Arabia, Sweden, Switzerland, Ukraine, United Kingdom, United States.

Selected Reading

Cyber Trends

It wasn't just Edward Snowden: Cyber breaches reported by federal agencies spiked in 2013 (Washington Business Journal) Federal agencies reported nearly 50,000 cyber incidents in 2013 — a 32 percent jump from the year before. And yet, what they actually did about them, if anything, is a little harder to figure out

After Snowden, Global Espionage Increased Fivefold (Epoch Times) After former NSA contractor Edward Snowden stole and released documents about spying activities of the NSA, the world got a glimpse of the war on the wires. Yet, after the mask over global espionage was pulled off, intelligence agencies in China and Eastern Europe significantly increased their operations of spying and theft

The U.S. state of cybercrime takes another step back (ComputerWorld) When it comes to cybercrime, it seems no enterprise goes unscathed. There are more breaches happening, the associated costs are rising, and business leadership grows increasingly concerned that information security remains a challenge that is out of control. Those are the headline findings of the 2014 U.S. State of Cybercrime Survey, an annual survey by CSO Magazine with help from the U.S. Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PwC

Cybercrime in the US: The Black Hats Are Winning (Techzone360) Cybercrime is one of those things that everyone who's on the Internet for any length of time worries about at least a little bit. Is this site secure? Will my login data and passwords go flying around for anyone who wants access? Is the data in this cloud safe from outside intrusion? These are the questions that give some Internet users pause, and not without good reason. A new report offers some stark tidings for those who really are concerned about such things: the bad guys, so to speak, are outgunning the good guys on most every front

Panda Security: Malware Creation Breaks All Records in Q1 2014 (MSPMentor) PandaLabs found 80 percent of infections were caused by Trojans

Are Anti-Malware's Days Numbered? (eSecurity Planet) Anti-malware software can't spot all malicious code. Is isolating end-user tasks through virtualization a better approach to security?

Significant Percentage of Ex-employees Can Still Access Privileged Information (Infosecurity Magazine) Cavalier attitudes to password management, even for ex-employees, pave the way to a new era of data breaches

30 Percent of Millennials Would Snoop on Customer Data at Work (eSecurity Planet) A Courion survey also found that one in five U.K. employees say hackers do a 'worthwhile job' in exposing security flaws

Former DoD deputy CIO Carey sees future of cyber in identity, data (Federal News Radio) Rob Carey spent 31 years in federal technology, but his "wow" moment came toward the end of his tenure

Say hello to your vending machine — it might be watching you! (Naked Security) Think BIG. Think public. Think 'Internet of Things You Can't Get Away From'. Think smart vending machines!

Unhappy birthday to you — mobile malware turns 10 (Naked Security) It's 10 years since June 2004, when the first mobile malware appeared

Secunia Country Reports (Secunia) The Secunia Country Reports tell you how much vulnerable software is present on private PCs in your country, plus a few extra, interesting facts

Legislation, Policy and Regulation

The US is right to indict China's state hacker unit (New Scientist) The US is hoping to shock China into talks over its industrial cyber espionage programme, says a foreign relations expert

Why we need a cyberwar treaty (The Guardian) We must take the prospect of cyberwar seriously — and that means agreeing new international laws to define it

Q&A: Expert Wants Nuclear Plants Taken 'Off the Table' in Cyber-Warfare (National Journal) One U.S. cybersecurity expert is arguing that world nations should jointly pledge they will spare civil nuclear facilities from computer attacks for humanitarian reasons

PLA ready to make further contribution to peace (Xinhua via the China Daily) The People's Liberation Army (PLA) of China is ready to work with other militaries to make further contribution to regional and global peace and development, Wang Guanzhong, a senior PLA officer, said on Sunday

Security matrix prevents another Tiananmen (AP via the Miami Herald) A quarter century after the Tiananmen Square pro-democracy movement's suppression, China's communist authorities oversee a raft of measures for muzzling dissent and preventing protests. They range from the sophisticated — extensive monitoring of online debate and control over media — to the relatively simple — routine harassment of government critics and maintenance of a massive domestic security force. When visiting friends in China's capital, environmental activist Wu Lihong must slip away from his rural home before sunrise, before the police officers watching his home awaken. He rides a bus to an adjacent province and jumps aboard a train just minutes before departure to avoid being spotted

German spies want $400M to play catch-up with the NSA (Gigaom) Confidential documents from the BND, Germany's answer to the NSA and GCHQ, suggest the agency could soon get major funding to improve its online surveillance and hacking capabilities

House bill orders spy agency review (Boston Globe) Marathon attack prompted worry

Faux Transparency (Defense News) Sen. Kay Hagan, D-N.C., gaveled a Senate Armed Services Emerging Threats and Capabilities subcommittee markup into session at 5:04 p.m. on May 20. Twelve minutes later, the panel was done for the day

Newt Gingrich Says If Millennials Experience A 'Major Attack' They'll Love The NSA, But Most Are Old Enough To Remember 9/11 (Opposing Views) Conservative pundit Newt Gingrich told NBC News Sunday that if millennials ever experience a "major attack," they will change their tune about the National Security Agency

When Police Spy On Free Speech, Democracy Suffers (Cognoscenti) What does Boston Mayor Marty Walsh have in common with peace activists, environmentalists and the ACLU? All showed up in files created by the Boston Police Department's "Boston Regional Intelligence Center" (BRIC) database

Federal Agencies Need To Improve Cyber Incident Response Practices, Audit Finds (HSToday) Twenty-four major federal agencies have not consistently demonstrated that they are effectively responding to cyber incidents categorized as "a security breach of a computerized system and information," according to a new federal audit

Products, Services, and Solutions

A beginner's guide to BitLocker, Windows' built-in encryption tool (ComputerWorld) The creators of TrueCrypt shocked the computer security world this week when they seemingly ended development of the popular open source encryption tool. Even more surprising, the creators said TrueCrypt could be insecure and that Windows users should migrate to Microsoft's BitLocker. Conspiracy theories immediately began to swirl around the surprise announcement

Kaspersky Lab gets closer to video game that mirrors real-life hacks (CiOL) The game incidentally is said to remind of Stuxnet worm, which attacked industrial control systems at an Iranian nuclear facility

Could 'Watch Dogs' City Hacking Really Happen? (Tom's Guide via Yahoo! News) In the video game "Watch Dogs," player-character Aiden Pearce hacks a city's streetlights, drawbridges, ATMs and more — just by tapping on his smartphone

Free mobile privacy platform unveiled (Help Net Security) Boolean Tech announced ShieldMe, a secure and free mobile privacy platform that allows users to connect with other people without ever giving up their phone number

Is Facebook coming for your kids? (Naked Security) Facebook currently bans children under 13. Fat lot of good that does

Technologies, Techniques, and Standards

NIST requests comment on proposed SHA-3 cryptographic standard (Help Net Security) The National Institute of Standards and Technology (NIST) has requested public comments on its newly proposed SHA-3 Standard, which is designed to protect the integrity of electronic messages

Using nmap to scan for DDOS reflectors (Internet Storm Center) Before we get into this here is the standard disclaimer. Do not scan any devices that you do not have explicit permission to scan. If you do not own the devices I strongly recommend you get that permission in writing. Also, port scanning may cause instability or failure of some devices and/or applications. Just ask anyone who lost ILOs to heartbleed. So be careful!

Top 5 Email Retention Policy Best Practices (Infosec Institute) Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk to your company

10 Cyber Security Tips to Protect Your Company from Hackers (ClickSSL) Hacking is a growing problem for businesses, as demonstrated by recent headlines about data breaches that affected tens of millions of Target customers and now potentially 145 million eBay users. Hacking is an issue for consumers and companies of all sizes, not just big corporations

Marketplace

Exclusive: U.S. companies seek cyber experts for top jobs, board seats (Reuters) Some of the largest U.S. companies are looking to hire cybersecurity experts in newly elevated positions and bring technologists on to their boards, a sign that corporate America is increasingly worried about hacking threats

Cisco purchase of CIA-funded company may fuel distrust abroad (Network World) Few are talking about In-Q-Tel investment in ThreatGRID

Cyber security incubator officially opens its doors in Orléans (Orléans Online) Orleans is officially on the economic development map with the opening of a leading edge cyber security incubation centre on Thursday

FireEye Inc. (NASADAQ:FEYE) Expecting An Increase In Cyber Attacks (US Trade Voice) FireEye Inc. (NASADAQ:FEYE) CEO anticipates a further increase in the rate of cyber-attacks this year as the trend looks set to continue on the current five year rise pattern. The CEO has admitted that the company is tracking more than twenty groups in China that are responsible for perpetrating cyber-attacks against the US and a number of western world companies. FireEye has already had its fair share of success in the fight against the attacks in the US

AVG Technologies NV Stock Upgraded (AVG) (TheStreet) AVG Technologies (NYSE:AVG) has been upgraded by TheStreet Ratings from hold to buy. The company's strengths can be seen in multiple areas, such as its expanding profit margins, increase in stock price during the past year, largely solid financial position with reasonable debt levels by most measures and notable return on equity. We feel these strengths outweigh the fact that the company has had sub par growth in net income

Bear of the Day: KEYW (KEYW) (Zacks.com via Nasdaq) After reporting declining revenues and a loss of 8 cents per share in the first quarter, analysts revised their estimates significantly lower for The KEYW Holding Corporation ( KEYW ). This sent the stock to a Zacks Rank #5 (Strong Sell) stock

Lockheed develops tools to fight viruses (Orlando Sentinel via Stars and Stripes) Buoyed by tens of millions of defense dollars, Lockheed Martin Corp. has made Orlando ground zero for a "test range" to help the military develop antivirus technology to combat hacker attacks and cyber-terrorism

Fortinet and Palo Alto Networks co-found the industry's first cyber defense consortium (MarketWatch) Two leaders in security drive a coordinated industry effort against cybercrime and cyber criminals

KoolSpan, Inc. Named "Emerging Firm of the Year" By The Tech Council Of Maryland (PRWeb) KoolSpan, Inc., a company that has earned an industry-wide reputation for innovation in hardware-based mobile security applications receives honor from Maryland technology trade association, the Tech Council Of Maryland

Q&A: A Word With Security Expert John Pescatore (BizTech) With 35-plus years of computer, networking and cybersecurity experience, John Pescatore has forgotten more than most of us will ever know about IT security

Cloud provider FireHost's security chief brings lessons from the front lines (PCWorld) Jeff Schilling, who joined cloud hosting startup FireHost this week as chief security officer, knows a thing or two about cybersecurity

Fortinet ANZ hires ex-Check Point engineering boss (CRN) Gary Gardiner brings "wealth of technical knowledge"

Research and Development

University researchers test cyber-defense for nation's power grid (CSO) What if the smart grid has stupid security? Researchers are testing a distributed computing system that would help protect the power grid

Scientists Report Finding Reliable Way to Teleport Data (New York Times) Scientists in the Netherlands have moved a step closer to overriding one of Albert Einstein's most famous objections to the implications of quantum mechanics, which he described as "spooky action at a distance"

Security Patches, Mitigations, and Software Updates

Apache Patches DoS, Information Disclosure Bugs In Tomcat (Threatpost) Apache recently patched Tomcat, fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container

Serious security hole found in SEO plugin used by millions of WordPress users. Update now (Graham Cluley) Do you host your own WordPress website? Do you use the popular All in One SEO Pack plugin? If so, you need to update the plugin as soon as possible to the latest version

Cyber Attacks, Threats, and Vulnerabilities

Brazilian government hit by cyberattack (ZDNet) Internal communications platform has been targeted by hackers

Hacker group threatens cyber-attack on World Cup sponsors : source (Reuters via the Chicago Tribune) The hacker group Anonymous is preparing a cyber-attack on corporate sponsors of the World Cup in Brazil to protest the lavish spending on the soccer games in a country struggling to provide basic services, said a hacker with knowledge of the plan on Friday

World Cup Malware, Scams Highlighted by Trend Micro (eWeek) Trend Micro researchers suggested using security software that can detect malicious links and to take care when being tempted by unknown websites

Iranian Hacker Network Linked to Familiar Group? (Recorded Future) News of an Iranian hacker network targeting US government officials made waves yesterday after being uncovered by iSIGHT Partners. Buried deep in Reuters' report is a password used by the group: parastoo

Poor security measures at fault for cyber attack, say government IT experts (Minivan News) IT experts have suggested that the scale of yesterday's attack on government sites was due to poor security mechanisms

PayPal Phishing Scam Evolves into Sophistication (Infosecurity Magazine) A PayPal phish evolves before researchers' eyes

GameOver Zeus P2P Malware (US-CERT) GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet

It's 'Game Over' for Zeus and CryptoLocker (McAfee Blog Central) Under Operation Tovar, global law enforcement—in conjunction with the private sector and McAfee—has launched an action to dismantle the Gameover Zeus and CryptoLocker infrastructure. Disrupting the criminal infrastructure by taking control of the domains that form part of the communications network provides a rare window for owners of infected systems to remove the malware and take back control of their digital lives

Is TrueCrypt No More? (Cyveillance) Late Wednesday night (and as has now been reported by Brian Krebs and others), Cyveillance analysts noticed that the TrueCrypt website was replaced with a forward to a new site hosted by Sourceforge, a major open source project hosting site. The site is now recommending that people stop using TrueCrypt, a popular disk encryption service, and start using BitLocker from Microsoft instead. The site also provides a new binary with an incremented version number "7.2", versus the old "7.1a," which it says to use only to migrate from TrueCrypt

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead (The Register) Plus other alternatives and theories behind disk-crypto util's demise

The Mystery Of The TrueCrypt Encryption Software Shutdown (Dark Reading) Developers of the open-source software call it quits, saying software "may contain unfixed security issues"

TrueCrypt security audit presses on, despite developers jumping ship (Ars Technica) Thorough cryptanalysis will search for backdoors and crippling weaknesses

New Heartbleed Attack Vectors Impact Enterprise Wireless, Android Devices (SecurityWeek) While most organizations have patched the Heartbleed bug in their OpenSSL installations, a security expert has uncovered new vectors for exploiting the vulnerability, which can impact enterprise wireless networks, Android devices, and other connected devices

Adobe Flash Player Critical Vulnerability Targeting Japanese Web users (HackRead) Symantec has come up with a discovery about Adobe Flash Player Buffer Overflow Vulnerability (CVE 2014-0515). Symantec monitored CVE 2014-0515 vulnerability trend and found that attackers are targeting Japan internet users on a huge scale. This vulnerability was being used in watering hole attacks against organizations and industries. However, Adobe had released a patch for

Ransomware Now Uses Windows PowerShell (TrendLabs Security Intelligence Blog) We highlighted in our quarterly threat roundup how various ransomware variants and other similar threats like CryptoLocker that now perform additional routines such as using different languages in their warning and stealing funds from cryptocurrency wallets. The addition of mobile ransomware highlights how these threats are continuously improved over time

New attack methods can 'brick' systems, defeat Secure Boot, researchers say (IDG News Service via CSO) The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher

Spammers adapt to filtering technologies by staying below radar (CSO) Anti-Spam technologies, for the most part, catch a majority of the spam that hits your inbox, or at the least it flags it as potentially unwanted. However, each day, spam of some kind — including junk messages that are sometimes overtly malicious, will bypass these filters

State server hacked via software security glitch (AP via the Miami Herald) Hackers broke into a Montana health department computer server through software in need of a security upgrade after a Chinese-language website last year identified the department's server as vulnerable, state officials said Friday

Monsanto hacked, client and staff records exposed — but by who, and why? (Graham Cluley) If you work for Monsanto, or your organisation is a customer of the agriculture and biotech giant, then there's some bad news

American Express notified 76,608 California residents after #AnonymousUkraine data dumps (Office of Inadequate Security) From AmEx's (AXP) notification to the California Attorney General's Office: "Hacktivist group 'Anonymous Ukraine' has published card data to internet. Several postings have been made"

Hacktivist group "Anonymous Ukraine" has published card data to internet (AmEx via California Attorney General's Office) AXP was informed by law enforcement that several large files containing personal information were posted on internet sites by claimed members of "Anonymous", a worldwide hacking collective. The source(s) of the posted data is/are not currently known. The posted records contained varying data elements, but AXP has identified, and is providing notice via mail to, 58,522 California residents whose names and corresponding AXP account numbers were involved

Academia

National Security Agency Program Fills Critical Cyber Skills Gaps (SIGNAL) The first graduates are emerging from centers of excellence for cyber operations that teach the in-depth computer science and engineering skills necessary to conduct network operations. The program better prepares graduates to defend networks and should reduce the on-the-job

Clark State interns get hands-on try at cyber security (Springfield News-Sun) Jobs in cyber security are expected to grow 37 percent by 2022 as computer networks come under what one local AT&T manager called "24/7, 365" attacks from hackers

IT security discounts available for UK education sector (ProSecurityZone) Educational institutions in the UK can benefit from the Education Discount Policy being offered on IT security products by Cyberoam

Litigation, Investigation, and Enforcement

NSA, Snowden clash over 2013 internal email release (Reuters via the Chicago Tribune) An email exchange released on Thursday shows Edward Snowden questioned the U.S. National Security Agency's legal training programs, but provides no evidence the former contractor complained internally about vast NSA surveillance programs that he later leaked to the media

After Edward Snowden interview, many doubts from former NSA chief (CBS News) Michael Hayden, the former director of both the CIA and National Security Agency (NSA) said that Edward Snowden, the former government contractor who leaked a massive number of secret documents to the media didn't have "the ring of total truth" in a recent interview he gave to NBC News

Snowden's Damage: More Trust Than Verify from Gov't (Bloomberg) So what damage did the world's most infamous/famous/glamorous cyber geek cause the U.S. military-intelligence establishment?

Edward Snowden, traitor (Daily News) The know-it-all Millennial arrogated to himself the right to determine what secrets, if any, our government should be allowed to keep

Snowden's explanation still doesn't make him hero (Baltimore Sun via the Clarion Ledger) Accused National Security Agency leaker Edward Snowden was handed a golden opportunity to justify himself Wednesday when he was asked by NBC's Brian Williams whether the American public should view his unauthorized release of thousands of classified U.S. government documents to the media as a principled act of civil disobedience or as a betrayal of his country — and he blew it

Edward Snowden, Moscow's Accidental Tourist (Town Hall) National Security Agency leaker Edward Snowden has found the court of public opinion to be far more receptive than a court of law. He conducts the occasional interview with seemingly sympathetic journalists. NBC News aired one such interview with anchorman Brian Williams on Wednesday night. "Do you see yourself as a patriot?" Williams asked

Silk Road Reduced Violence in the Drug Trade, Study Argues (Wired) The dark web may have a silver lining, according to a pair of academics: A new class of geekier, less violent drug dealers

Alleged 'BlackShades' co-creator pleads not guilty (SC Magazine) A 24-year-old Swedish man who is the alleged co-creator of the infamous BlackShades remote administration tool (RAT) has plead not guilty in a federal court in Manhattan

Bush Family Hacker "Guccifer" Pleads Guilty (SecurityWeek) A Romanian national accused of hacking into the online accounts of several public figures, has pleaded guilty to the charges brought against him

Pirate Bay co-founder Peter Sunde arrested in Sweden (Ars Technica) Sunde was convicted of aiding copyright fraud and had been evading prison since 2012

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

17th Annual New York State Cyber Security Conference and 9th Annual Symposium on Information Assurance (Albany, New York, USA, June 3 - 4, 2014) The 17th Annual New York State Cyber Security Conference (NYSCSC '14) and 9th Annual Symposium on Information Assurance (ASIA '14) is a two day event co-hosted by the New York State Office of Information Technology Services Enterprise Information Security Office, the University at Albany's School of Business and College of Computing and Information, and The NYS Forum, Inc. The Conference is held in Albany, New York on June 3 and 4 at the Empire State Plaza. The Conference features prominent industry security experts presenting the latest innovations in cyber security and includes peer networking and sessions on leading-edge security topics and issues.

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, June 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.