The CyberWire Daily Briefing for 6.3.2014
June 4 marks the twenty-fifth anniversary of the Tiananmen Square protests, with both hacktivists and Chinese security authorities expected to observe it in their diverse ways. Increased social media censorship is already reported in China.
In the Middle East, FireEye reports that the Molerat hacktivists are back. Possibly associated with the "Gaza Hackers Team," the Molerats have reopened campaigns against European and US government agencies with unsophisticated attacks (commonly known malware, no zero-days). FireEye hesitates to attribute control of the Molerats to any government.
The Syrian Electronic Army resumes its hacks against media outlets deemed insufficiently admiring of the Assad regime. CSO describes what it's like to be on the receiving end of the SEA's attentions. Like the Molerats, they're neither particularly skillful nor innovative, but they're a dangerous nuisance nonetheless.
Heartbleed remains a risk, but don't be taken in by Heartbleed-removal phishing.
TrueCrypt may be returning under new management.
An international police effort cripples the GOZeuS botnet and its CryptoLocker payloads, but authorities warn that Windows users in particular should expect a dangerous residual attack wave in about two weeks. The UK's NCA offers some useful advice on protection. FBI investigation has led to the indictment of Russian GOZeus mob boss Evgeniy Bogachev. (US readers will find his mug shot in post offices nationwide.) Information sharing with businesses contributed to the investigation.
A Fedsoop leader calls for formation of a US Federal cyber police agency, but it seems the country may already have one in the FBI's Pittsburgh office.
Today's issue includes events affecting Australia, China, European Union, Israel, Latvia, Macedonia, New Zealand, Palestinian Territories, Russia, Slovenia, Syria, Turkey, Ukraine, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Cyber Crackdown On June 4 Anniversary Forums (New Tang Dynasty Television) A social network meeting to commemorate the 25th Anniversary of June 4 Massacre experienced an unprecedented cyber attack. The Internet conference room was interfered and multiple backup conference rooms were also attacked. The web servers were down and the live broadcast websites were also down. The entire activities were seriously jeopardized. Organizers explain the meeting's theme as "Down the CCP" and believed the Communist regime conducted the attack
Middle East hackers target Europe and US (Financial Times) A group of Middle Eastern hackers has targeted European national governments and a major US financial institution in a recent cyber espionage campaign, according to research by FireEye, the US cyber security company
Molerats Cyber-Attack Activity Escalating (eWeek) New attacks reported by FireEye show China isn't the only part of the world targeting the U.S. with cyber-espionage
Inside an attack by the Syrian Electronic Army (CSO) The pro-Assad hacker's aren't all that special really, but don't think them harmless
'Two Weeks' To Prepare For Cyber Attack (Sky News) The rogue software can silently spy on users' bank account details and demand a ransom for regaining access to files
Protect yourself against new malware threat on Windows computers (GetSafeOnline) This page has been created to help you protect your computer, your finances, your identity and your family against a new global online threat. The threat is targeted at random private individuals and small businesses, so it is critical that you read this page and apply our advice immediately if you have a computer running any version of the Windows operating system — including Windows running as a virtual machine on an Apple Mac, any server running Windows and Windows embedded. This is not a case of isolated attacks, as over 15,000 computers in the UK alone are thought to have been already affected
Serious flaw in GnuTLS library endangers SSL clients and systems (IT World) A vulnerability patched in the GnuTLS library can potentially be exploited from malicious servers to execute malware on computers
Dangerous App Boasts a Million Downloads on Google Play (eSecurity Planet) The file management and optimization app is capable of sending SMS messages to premium rate numbers without the user's consent
Heartbleed Exploitable Over Enterprise Wireless Networks (Threatpost) Regardless that the fervor over the Heartbleed OpenSSL vulnerability has died down considerably, patching the bug should remain a top priority for enterprises because researchers continue to find new exploit vectors
SSL: Security's Best Friend Or Worst Enemy? (Dark Reading) A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed
Phishing campaign touts fake 'Heartbleed removal' tool (ComputerWorld) The program attached to the emails is actually a keylogger, according to Trend Micro
Beware the next circle of hell: Unpatchable systems (InfoWorld) Insecure by design and trusted by default, embedded systems present security concerns that could prove crippling
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises (Dark Reading) The average user has about 200 apps running on his smartphone — and they're not all safe, Mojave Networks study says
Linkin Park's Facebook page suffers hack attack (Hot for Security) The official Facebook page of rock band Linkin Park has been hacked, and its 62 million fans bombarded with spam messages containing coarse images and out-of-character links to third-party sites
Power Equipment Direct Acknowledges Data Breach (eSecurity Planet) Screenshots of checkout pages were stolen from the evening of May 4, 2014 until the morning of May 5, 2014
Stolen Laptop Exposes 46,771 Insurance Clients' Data (eSecurity Planet) The laptop contained 46,771 Union Labor Life benefit plan participants' names, addresses and Social Security numbers
Security Patches, Mitigations, and Software Updates
Apple announces OS X Yosemite (IT World) Apple on Monday announced that the next version of the Mac OS — dubbed OS X Yosemite, after the popular National Park in California — will be available as a free upgrade to the public this fall
Latin American + Caribbean Cyber Security Trends (Symantec) This report provides an overview of cybersecurity and cybercrime related developments in Latin America and the Caribbean in 2013. It assesses the major trends in the region in terms of the threats to the cyber domain and those who depend on it, from government institutions to private enterprises to individual users. It also takes stock of the advances made by government authorities to better address the challenges they face in an increasingly connected and ICT-dependent world
Enterprises need to reinstate the security perimeter eroded by mobility: Q&A with Martyn Wiltshire of SanDisk (FierceMobileIT) The mobility trend is driving major changes throughout the enterprises, especially within IT departments. They are being challenged to enable the worker productivity these devices promise, while ensuring that corporate networks and data remain secure
Cloud more secure that ever, but transparency needed: Verizon (ARN) Telecommunications vendor positions transparency as an enabler for security in the Cloud
CHART: The Dizzying Complexity Of Cyber Warfare (Business Insider) In January of 2013, the Pentagon's Defense Science Board released an alarming report about the military's vulnerability to an advanced cyber attack. "The cyber threat is serious," the report states in its opening pages, "and [the] United States cannot be confident that our critical Information Technology systems will work under attack from a sophisticated and well-resourced opponent"
Internet voting: A really bad idea whose time has come (ZDNet) Believe it or not, most states have some provisions for allowing people to vote over the Internet. The pressure is on to expand it, even though a secure online voting system is impossible using today's technology
Building Security's Brand for Better Buy-in (Security Magazine) In a wired world that is also full of risk, an enterprise's reputation can be destroyed in hours
Hacker Conference Will Invite Feds Back — in 2016 (Nextgov) The Defense Advanced Research Projects Agency is expected to announce on Tuesday a deal with DEF CON to hold the final round of DARPA's two-year Cyber Grand Challenge at the organization's 2016 Las Vegas conference.
Splunk Disappoints with Full Year Revenue Guidance; OmniVision Technologies Soars to New Yearly High (Baystreet) Splunk, Inc. (NASDAQ: SPLK) shares closed down 16.35% on about 19.3 million shares traded. The stock was a big decliner on the NASDAQ this past Friday and even hit a new yearly low of $41.05. The company revealed guidance for full-year revenue that was in line with analysts' expectation while investors waited for raised guiadance. Splunk's management expects fiscal 2015 revenue between $402 million and $410 million, just shy of an average $410.9 million estimated by analysts surveyed by Thomson Reuters
CSC opens Australian Security Operations Centre (ZDNet) CSC has announced the opening of a new Australian Security Operations Centre, with the Sydney-based centre one of only five such operations globally for the company
CACI nabs $41M contract to support Army SIGINT system (Washington Technology) CACI International has won a $41 million contract to provide lifecycle support for the Army's airborne signals intelligence location and dissemination system
MacAulay-Brown, Inc. Appoints Industry Veteran to Drive Strategic Business Initiatives Throughout the Department of Defense, Special Operations and Homeland Security (Globe News Wire) MacAulay-Brown, Inc. (MacB), a leading National Security company delivering advanced engineering services and product solutions to Defense, Intelligence, Special Operations Forces, Homeland Security and Federal agencies, announced today that Bill Callaghan has joined the company as Vice President of Business Development. Based out of Shalimar, Fla., Callaghan will report directly to Fred Norman, Senior Vice President and General Manager of MacB's Mission Systems Group
Products, Services, and Solutions
TrueCrypt Is Back, But Should It Be? (Forbes) Last week I wrote about the suspicious and abrupt announcement that TrueCrypt, a popular free open source encryption solution, was being abandoned and is considered "harmful and no longer secure". In the article I covered the potential motives for this including the technical challenges with producing full disk encryption on modern hardware and operating systems. Whilst at this time there is little to add in terms of the potential motives for this sudden announcement a variety of interesting things have happened to the project since — including announcements that mean TrueCrypt may not be as dead as we thought
TrueCrypt Cryptanalysis to Include Crowdsourcing Aspect (Threatpost) TrueCrypt may yet get forked, but it won't come at the hands of the Open Crypto Audit Project (OCAP), which has a working plan to move forward with a cryptanalysis of the open source encryption software
Open Crypt Audit Project considers taking over development of TrueCrypt (Help Net Security) The unexpected notice saying TrueCrypt isn't safe, which has apparently been posted last week by the developers of the software, took the security community by surprise and had opened the door for a lot of speculations
With Apple's blessing, a private search option arrives in Safari (Ars Technica) DuckDuckGo doesn't track users, says traffic rose 300 percent post-Snowden
Palo Alto and Fortinet Team Up on Cyber Threat-sharing (Infosecurity Magazine) Member organizations will be required to share at least 1,000 malware samples per day
FireEye Inc (NASDAQ:FEYE): Launches Network Threat Prevention Platform With IPS (US Trade Voice) FireEye Inc (NASDAQ:FEYE) has announced that it will launch the new Network Threat Prevention Platform with the new IPS features starting from June 2, 2014. FireEye is a leading name in the world of security applications that deals with the advanced cyber attacks. The new platform with IPS will be available as an add-on license to the NX series
Trend Micro and Broadcom Collaborate to Provide Home Gateway Security Solution (Wall Street Journal) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global pioneer in security software, announced today a joint collaboration with Broadcom Corporation in the development of an integrated security solution optimized to protect home security networks from cyber threats and improve network visibility without compromising performance
Softpedia Editor's Review for USB Flash Security (Softpedia) An intuitive and reliable software solution that can protect the documents on your USB flash drive with a password of your choosing
NAS, Swett & Crawford to offer "state-of-the-art" cyber coverage (Insurance Business) According to a global survey conducted by the Economist Intelligence Unit, 80% of business executives do not feel adequately prepared to handle a cyber attack, even though 77% of companies have been the victims of cyber crimes in the past two years
Procera Networks' NAVL Engine Selected by Connectem for Industry's First Virtual Evolved Packet Core Solution (Wall Street Journal) NAVL OEM embedded software engine provides Internet intelligence through deep packet inspection for vEPC product in a virtualized environment
Argus v3.0.6 — Real Time Auditing Network Activity (Kitploit) Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information
Lumension Launches Mobile Device Management on Endpoint Management and Security Suite (Digital Journal) Concern over risk brought by mobile devices continue to keep IT security pros up at night — 75 percent of respondents to the fifth annual State of the Endpoint study by the Ponemon Institute say it's now their top risk, an increase of 733 percent from 2010
Technologies, Techniques, and Standards
Following the framework: Government standards (SC Magazine) Guidelines and practices to help key organizations reduce their internet-based risk. Delivering an accessible roadmap to guide the array of the nation's most vital organizations through cyber crisis does sound like a pretty tall order. That may be the reason why the very tool that sets out to do that is meeting with such a mixed bag of praise and criticism
How the NSA Could Bug Your Powered-Off Phone, and How to Stop Them (Wired) Just because you turned off your phone doesn't mean the NSA isn't using it to spy on you
Why endpoint backup is critical (Help Net Security) Enterprises are at an increasing risk for data loss due to the growing amount of company data stored on endpoints—the laptops, smartphones, tablets and other devices which reside on the edge of the network
Threat intelligence versus risk: How much cybersecurity is enough? (TechTarget) Security officers who view threat intelligence and risk management as the cornerstone of their security programs may have advantages over peers who face constraints when it comes to taking advantage of the available data
Cyber event triggered process rethink, says US national lab CIO (CIO UK) Tech chief Mike Bartell also feels IT enablement paradigm particularly relevant for Oak Ridge National Laboratory
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1 (Malware Must Die!) If you are having an experience as a system administration in an ISP, IDC or etc internet portal, security issues is part of the job description; you'll deal with IDS alerts, IR cases, and some claims to follow in your watched network territory. In my day work, I am receiving the cases escalated to my mailboxes from sysadmins of various services for those cases. If you are a "sysadmin" maybe this post will be a fine reading to you
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2 (Malware Must Die!) As per explained in the first part, there were some IRC bots detected in the abused FTP sites reported, one of the bots called pbot(s), and in this part we will explain how the IRC Bot PHP Pbot evolved. In all of the cases 4, 5, 6 and 7 there are pbots found. I guess the IDS scanner can detect some significant strings to filter this contents of these bot's codes, good job
It's time to quarantine infected computers (Trend Micro CounterMeasures) Quarantine is a word derived from the the 17th century Venetian for 40 (quaranta). The purpose of quarantine is to separate and restrict the movement of otherwise healthy organisms who may have been exposed to disease, to see if they become ill. The 40 day period was designed to identify carriers of the Bubonic plague or Black Death, before they could go ashore and spread the contagion more widely. Desperate times call for desperate measures, nevertheless the concept was widely adopted and remains with us to this day
How The Math Of Biometric Authentication Adds Up (Dark Reading) Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one
What the NSA can (and can't) mine from intercepted photos (Ars Technica) While facial recognition is getting easier, obtaining the images isn't
Design and Innovation
Twitter's new typeface neglects the countries where it's growing the fastest (Quartz) When companies tweak their designs, it often seems like little more than changing the drapes—or, literally, moving a few pixels around. But sometimes small changes reorient the user experience or quietly herald a shift in corporate strategy. So what to make of Twitter's May 30 announcement that it was switching its main typeface from Neue Helvetica to Gotham?
Apple just took another step towards obscuring the way the web works (Quartz) At Apple's Worldwide Developer Conference today the company rolled out a new look for its web browser, Safari. Apple executives didn't point it out, but sharp-eyed observers have noticed one significant change to the interface. The address bar truncates URLs to the domain-name level
Research and Development
Automating Cybersecurity (New York Times) If only computers themselves were smart enough to fight off malevolent hackers
Cyber Security Research Alliance Workshop Pursuing 'Roots of Trust' Research Focus to Protect Cyber Physical Systems (Broadway World) Cyber Security Research Alliance Workshop Pursuing 'Roots of Trust' Research Focus to Protect Cyber Physical Systems The Cyber Security Research Alliance (CSRA) today announced that it will prioritize research in "Roots of Trust" for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure. With this affirmation of the CSRA's research direction, additional industry participation in CSRA is now sought, to bring industry perspectives and insights to the early stages of research, and later to leverage industry strengths for the transition from research to practice
ISU cyber-security program earns national recognition (Des Moines Register) Iowa State University has been recognized as one of the nation's top cyber-security programs
Legislation, Policy, and Regulation
White House security strategy maintains pressure for congressional action on cyber (Inside Cybersecurity) The White House's upcoming National Security Strategy, which is not expected to offer much on cybersecurity, could serve to underscore the administration's stance on the need for congressional action to achieve national cybersecurity objectives
Agencies Seek Better DHS Incident Response Aid (GovInfoSecurity) GAO report: agencies provide pros, cons on DHS assistance
DISA searches for fit with evolving Cyber Command (Federal Times) As the Defense Department continues to build up its cyber forces, including with the hiring of some 6,000 cyber professionals in the coming months, officials are starting to piece together exactly where the Defense Information Systems Agency will fit in
Operationalizing Cyber is New Commander's Biggest Challenge ( American Forces Press Service) U.S. Cyber Command's greatest challenge is to operationalize cyberspace to turn the electro-digital network of networks into a command-and-control environment where warriors can see the adversary and whose operations defense leaders can integrate into options for commanders and policymakers, the new director of the National Security Agency and commander of U.S. Cyber Command said here last week
Military Evaluates Future Cyberforce (SIGNAL) The National Guard is receiving special attention, as experts determine how to optimize its resources
Don't let US freedoms tumble in balancing privacy, security (Youngstown Vindicator) Ever since the devastating 9/11 terrorist attacks on America, maintaining a proper balance between personal privacy and national security often has required the dexterity, tenacity and agility of a skillful high-wire artist
Is it finally time for federal cybersecurity law enforcement? (Fedscoop) Greetings to all my fellow techies. This week CNN reported that with the year not yet half over, 47 percent of all Americans have had their personal information stolen online. These thefts come from many of the high-profile attacks, like what happened with Target, Adobe, Snapchat, Neiman Marcus, Michaels, AOL and eBay, but not any of the smaller, likely unreported breaches that happen every day
Free DHS Cyber Assessments (ISS Source) Cyber attacks are growing and most people cannot deny that, but for the small- to medium-sized manufacturers, the idea of taking on a cyber security program can be daunting. That is why the Department of Homeland Security's (DHS) Office of Cybersecurity & Communications (CS&C) will conduct complimentary and voluntary assessments to evaluate operational resilience and cyber security capabilities within critical infrastructure sectors, as well as state, local, tribal, and territorial governments
12,000 Europeans ask Google to forget them (Naked Security) On the first day that Google unenthusiastically provided a form to allow Europeans to ask that their pasts be e-forgotten, 12,000 made the request, according to Agence-France Presse
Litigation, Investigation, and Law Enforcement
U.S. v Evgeniy Mikhailovich Bogachev et al and Disruption of Gameover Zeus and Cryptolocker (US Department of Justice) Due to public interest in this case, the Department of Justice is releasing documents that may not be in an accessible format. If you have a disability and the format of any material on the site interferes with your ability to access some information, please email the Department of Justice webmaster at email@example.com or contact Office of Public Affairs at 202.514.2007. To enable us to respond in a manner that will be of most help to you, please indicate the nature of the accessibility problem, your preferred format (electronic format (ASCII, etc.), standard print, large print, etc.), the web address of the requested material, and your full contact information so we can reach you if questions arise while fulfilling your request
International action against Gameover Zeus botnet and CyptoLocker ransomware (Help Net Security) On Friday, 30 May 2014, law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces in a coordinated action led by the FBI which ensured the disruption of the Gameover Zeus botnet and the seizure of computer servers crucial to the malicious software known as CryptoLocker
FBI, EuroPol And NCA Hijack Botnet And What You Should Do (Forbes) I love it when life is made hard for cyber criminals, but the truth is it doesn't happen very often . You would think writing malicious code is hard, but it often isn't. You would think that users follow simple security best practice and that attackers have to come up with new high end attacks, but they often do not. It is therefore a good day when law enforcement or the legitimate Internet user community get one up on the cyber criminals. Today is such a day
Has CryptoLocker been cracked? Is Gameover over? (Naked Security) Gameover, also known as Gameover Zeus, is one of the most notorious botnets of recent times, used to grab covert control of innocent users' computers and to "borrow" them to carry out cybercrime on a giant scale
Evgeniy Bogachev: The shaven-headed hacker who likes to go boating around the Black Sea (Graham Cluley) Have you seen this man? If so, the FBI would love to know his whereabouts
Russian Evgeniy Bogachev sought over cybercrime botnet (BBC News) The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide
Pittsburgh FBI agents help to nab Russian-based cybercrime schemes (Pittsburgh Tribune-Review) FBI cyber agents in Pittsburgh helped bring down two Russian-based cybercrime schemes that infected more than a half-million computers around the world and stole more than $100 million in the United States alone
Businesses can do more in battle against Gameover Zeus-like botnets (CSO) More cooperation and sharing information with law enforcement can be more effective in battling botnets than spending more money on technology, experts say
No public action on China cyber spy case despite attorney general's pledge (AP via the Fort Frances Times) In the two weeks since the Obama administration, with fanfare, accused five Chinese military officers of hacking into American companies to steal trade secrets, they have yet to be placed on Interpol's public listing of international fugitives, and there is no evidence that China would even entertain a formal request by the U.S. to extradite them
What Are Today's Top Cyber Crime Threats? (Bloomberg TV) Tom Kellerman, chief cybersecurity officer at Trend Micro, and Gene West, an instructor at the FBI National Academy, discuss combating cyber crime with Trish Regan on Bloomberg Television's "Street Smart"
Former NSA head: Snowden has done irreparable harm to national security (Washington Post) Former National Security Agency director Michael Hayden, speaking on CBS's "Face the Nation," insisted that Edward Snowden has harmed national security by disclosing previously classified NSA data-collection programs to The Washington Post and other news media outlets
U.S. Destroyed Key Spy Records, EFF Claims (Courthouse News Service) The government violated court orders to preserve records showing that the National Security Agency illegally spied on ordinary Americans, a digital watchdog group says
Federal Information Security Management Act Audit for Fiscal Year 2013 (US Department of Veterans Affairs) Attached is our report on the performance audit we conducted to evaluate the Department of Veterans Affairs' (VA) compliance with the Federal Information Security Management Act of 2002 (FISMA) for the federal fiscal year ending September 30, 2013 in accordance with guidelines issued by the United States Office of Management and Budget (OMB) and applicable National Institute for Standards and Technology (NIST) information security guidelines
Reported Paris Hilton hacker cops to new intrusions targeting police (Ars Technica) Two-year hacking spree ransacked e-mail account belonging to chief of police
Hospital Employee Pleads Guilty to Identity Theft (eSecurity Planet) Detrius Elliott stole the identities of at least 78 hospital patients' financial guarantors
Alleged robber caught after trying to befriend his victim on Facebook (Naked Security) An alleged robber who police say bashed a woman on the head before robbing her was caught after he tried to befriend her on Facebook the next day
For a complete running list of events, please visit the Event Tracker.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
17th Annual New York State Cyber Security Conference and 9th Annual Symposium on Information Assurance (Albany, New York, USA, Jun 3 - 4, 2014) The 17th Annual New York State Cyber Security Conference (NYSCSC '14) and 9th Annual Symposium on Information Assurance (ASIA '14) is a two day event co-hosted by the New York State Office of Information Technology Services Enterprise Information Security Office, the University at Albany's School of Business and College of Computing and Information, and The NYS Forum, Inc. The Conference is held in Albany, New York on June 3 and 4 at the Empire State Plaza. The Conference features prominent industry security experts presenting the latest innovations in cyber security and includes peer networking and sessions on leading-edge security topics and issues.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
Cyber Security Summit (Huntsville, Alabama, USA, Jun 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".
AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, Jun 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, Jun 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.