The CyberWire Daily Briefing 06.04.14

Summary

By The CyberWire Staff

The Organisation for Security and Cooperation in Europe disclosed yesterday that it sustained a denial-of-service attack. Neither attribution nor motive yet, but tensions among former Soviet nations seem a likely contributing cause.

Anonymous (self-identified-but-masked) representative "Che Commodore" threatens some particular World Cup sponsors, among them Budweiser, Coca Cola, Emirates Airlines, and Adidas. Che Commodore claims the recent attack on a Brazilian foreign ministry website was a test run. That particular caper involved data theft by Trojan, but observers still anticipate a denial-of-service run against the World Cup's corporate sponsors.

Cryptographic library GnuTLS patches its recently discovered remote code execution and DDoS vulnerabilities.

Cyber criminals show increasing interest in attacking new retail brands and anyone's human resource departments. They're relatively soft targets with lots of attractive information available for theft. The criminal market also sees a rise in multi-purpose attack kits. Many exploits active in the wild, it's worth noting, are familiar ones, often long patched, but if they still work against the poorly defended, black-market forces make them an irresistible bargain to criminals.

US NSA Director Rogers suggests businesses should "own" the cyber security problem—it lies at the root of their ability to operate. He also thinks there should be more information shared between government and the private sector.

Legislation to enable such sharing is advancing in the US Senate. The recent indictment of the GOZeuS boss shows the possibilities of collaboration (see, for example, Damballa's lessons learned from sinkholing CryptoLocker) but many observers fear these are ephemeral successes.

Notes.

Today's issue includes events affecting Australia, Austria, Brazil, Canada, China, Germany, Ireland, Kazakhstan, New Zealand, Russia, Sweden, Ukraine, United Arab Emirates, United Kingdom, United States.

Selected Reading

Cyber Trends

Cyberspace 2025: Today's Decisions, Tomorrow's Terrain (Microsoft) In the year 2025, we will be more dependent on the Internet than ever before. What will be the forces that shape that world? Some of the answers may be surprising

Infographic: Same cybersecurity worries plague CIOs across the Pond (FierceITSecurity) Chief information officers at U.K. enterprises are facing similar IT security challenges to their counterparts in the United States

IT pros are hugely underestimating numbers in terms of bring-your-own-app (IT Pro Portal) New research has shown that IT professionals are significantly underestimating the number of employees using their own apps in the workplace, in what's known as BYOA or bring-your-own-app

A Peek Inside Enterprise BYOD App Security Policies (Dark Reading) IBM company Fiberlink shares data on how enterprises are pushing and securing mobile apps

Compliance: The Surprising Gift Of Windows XP (Dark Reading) The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure

One-third of Canadian firms had a 'substantial' cyber attack: Report (IT World Canada) How secure Canadian companies feel about their IT security is a source of constant debate: Surveys range from confident to apprehensive, and it often depends on whether there's been a recent large scale network intrusion

Legislation, Policy and Regulation

Government wanted greater surveillance of its citizens (9 News National) Australia "pleaded" with the US security agency to extend their partnership and subject Australian citizens to greater surveillance, a new book on whistleblower Edward Snowden claims

Senate Intel Committee Close to Cyber Bill Agreement (Defense News) Members of the Senate Intelligence Committee are just a few provisions away from reaching consensus on a sweeping new cybersecurity bill that would codify how private companies can report suspicious activity, a leading Senate Republican said on Tuesday

Companies Join 'Reset The Net' To Fight NSA (CIO Today) Big-name opponents of the National Security Agency's (NSA) mass surveillance techniques are joining forces for "Reset the Net," an Internet-wide protest against the U.S. spy agency to be held on June 5. The protest will include a large Thunderclap on Thursday, blanketing social media with an anti-surveillance message

NSA Chief To People In The U.S.: No, We're Not Taking Pictures Of You (Huffington Post) The U.S. National Security Agency is not routinely collecting visual images of people in the United States or mining photographs taken for U.S. drivers' licenses, the four-star U.S. Navy admiral who runs the spy agency said on Tuesday

Expert calls for network security protocol vetting (Xinhua) A Chinese computer expert called for more checking of network security protocols designed by foreign countries, in the wake of a recent Chinese policy to start security vetting IT products

China ramps up Google blocking ahead of Tiananmen Square anniversary (Ars Technica) "This is by far the biggest attack on Google that's ever taken place in China"

The only thing China isn't censoring about the Tiananmen anniversary is this astonishing essay (Quartz) China's internet censorship of news and terms related to the Tiananmen Square military crackdown that happened 25 years ago today has been so heavy-handed this year that Google's search engine is completely shut down in China, many foreign news outlets are blocked and even the candle emoticon has been erased from social media

Products, Services, and Solutions

TrueCrypt "must not die" (Graham Cluley) A new TrueCrypt? We're not really any closer to finding out the real reason why the TrueCrypt project was abruptly shut down last week, but at least some on the internet aren't prepared to see the open source encryption tool disappear without a fight

Bitcoin's decentralization allows companies to crowdsource security testing (FierceITSecurity) Decentralization is an old idea, but its recent inclusion as a key tenet for virtual currencies, such as Bitcoin, has changed the way people think about their businesses

WatchGuard claims first with wired and wireless security (CRN) Manage entire network in real time. WatchGuard Technologies has announced what it claims is an industry first in providing true wired and wireless network security integration through a single appliance

AirPatrol Corporation Delivers Location-Based Mobile Device Security for Good Technology Customers (Wall Street Journal) ZoneDefense for Good will allow organizations to dynamically change mobile device security policies based on device owner and location

Splunk Launches Open Data Analytics for Regulations.gov to Answer President Obama's Call to Harness the Power of Open Data (Wall Street Journal) Splunk Inc. (NASDAQ: SPLK), the leading software platform for real-time operational intelligence, today announced eRegulations Insights, a Splunk4Good project utilizing federal open data to collect and analyze data on public comments submitted through Regulations.gov, the portal for Federal rulemaking. eRegulations Insights was developed in response to President Obama's Open Government Initiative and his call for technology leaders to help harness the power of open data. eRegulations Insights is a set of online public dashboards and visualizations designed to help decipher the tone of public response to regulations and legislative proposals, recognize issues of concern within public responses and identify primary influencers who are mobilizing public engagement around proposals

John Wright: Unisys Unveils Data Collection Tool for Law Enforcement, Intell Agencies (ExecutiveBiz) Unisys has introduced a new data collection tool for police authorities and public safety agencies to perform investigations and gather intelligence. The Unisys Law Enforcement Application Framework is designed to help users log criminal investigation-related evidence and intelligence data, Unisys said Tuesday

Chandra McMahon: Lockheed Met NSA Criteria for Incident Response Accreditation (ExecutiveBiz) Lockheed Martin has been certified by the National Security Agency to offer incident management services designed to help government agencies respond to attacks at the network layer

Samsung Talks Tizen, 'OS Of Everything' (InformationWeek) The Internet of Things has become a tech industry obsession and Samsung wants Tizen to run the show

Sqrrl Releases Sqrrl Enterprise 1.4 and New Test Drive VM (Digital Journal) Sqrrl, the software company that develops the most flexible, secure, and scalable NoSQL database platform for building real-time Big Data applications, is announcing the availability Sqrrl Enterprise 1.4 and a new Test Drive Virtual Machine (VM)

Verdasys to Showcase Advanced Data Protection for Endpoints at The Evanta Atlanta CISO Executive Summit in Atlanta, GA (Insurance News Net) Verdasys, the leading provider of advanced data protection for endpoints for Global 2000 and mid-sized companies, will showcase its Digital Guardian solution at The Evanta Atlanta CISO Executive Summit June 4 at The Renaissance Atlanta Waverly Hotel in Atlanta, GA. Attendees can learn how Digital Guardian works to prevent malicious data theft from both

Varonis DatAnywhere Raises the Stakes in Private Cloud File Sharing With New Safeguards, Enhancements, Free Downloads (Wall Street Journal) Varonis Systems, Inc. (NASDAQ: VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, today announced general availability (GA) for DatAnywhere 1.8, once again raising the functionality and security bar in the rapidly growing cloud-style file sharing and collaboration market

Technologies, Techniques, and Standards

What We Learned from Sinkholing CryptoLocker — Ushering in an Era of Cyber Public Health (Damballa: The Day Before Zero) The Department of Justice's announcement on June 2 about the takedown of the notorious CryptoLocker Ransomware and Gameover Zeus botnet highlights the security community at its best — sharing intelligence and resources for the greater public good. Operations of this magnitude are unimaginably complex

Cleaning Up After GOZeus Takedown (Dark Reading) Public-private effort shows signs of improvement, but these types of actions are fleeting

Wickr: Putting the "non" in anonymity (Freedom to Tinker) Following the revelations of wide-scale surveillance by US intelligence agencies and their allies, a myriad of services offering end-to-end encrypted communications have cropped up to take advantage of the increasing demand for privacy from surveillance. When coupled with anonymity, end-to-end encryption can prevent a central service provider from obtaining any information about its users or their communications. However, maintaining anonymity is difficult while simultaneously offering a straightforward way for users to find each other

With So Many Older Bugs Around, Why Bother With Zero-Days? (PCMagazine) Don't obsess over zero-day vulnerabilities and the highly sophisticated, targeted attacks. Attackers are more likely to exploit older, known flaws in Web applications, so focus on basic patching and security hygiene instead

10 online attacks we could have easily prevented (ZDNet) Ten attacks on corporations and individuals by hackers and governments, and all of them could have been prevented if people had followed best practices

Voice prints: the future of contact centre security (TechRadar) Running through our personal details on the phone every time we need to make a transaction can be tiresome

Attack Analysis with a Fast Graph (Cisco Blogs) Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent

Another Program To Check For Software That Needs Updating (Gizmo's Freeware) A few days ago I wrote in this column about Secunia PSI, a free utility that helps to advise you which of the programs on your PC needs updating. A couple of you suggested that SUMo (Software Update Monitor) as a program which does a similar job, so I have been taking a look at it

An Introduction to RSA Netwitness Investigator (Internet Storm Center) In many cases using Wireshark to do a network forensics is a very difficult task especially if you need to extract files from a pcap file. Using tools such as RSA Netwitness Investigator can make network forensics much easier. RSA Netwitness Investigator is available as freeware

Why Are Password Crackers "Bad"? (TrendLabs Security Intelligence Blog) Every now and then, we get questions about password crackers. Usually, these questions are something like, why do you detect these password crackers? They're not malicious! Well, now is as as good a time as any to address the topic

Network Security, Build To Fail (Forbes) Early in my information security career I worked as a network security staffer for a large financial institution. While I was there I learned very quickly that a failure would cost a great deal of money for every second the systems were offline. When the Internet banking site went down, as it did on occasion, we would spring into action no matter the time of day and work like people possessed until the systems were back online. I found it strange that this was necessary in the first place. Why were there not redundant systems as part of the design? Why was the site not able to scale under load? This was back before distributed denial of service (DDoS) was in vogue

Marketplace

Cyber Chief Says Businesses Must 'Own' Cybersecurity Threats (American Forces Press Service) Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions, DOD's top cybersecurity expert told a forum of businesspeople today

This Is Why Target Corporation (NYSE:TGT) Fears For Its Wallet (Wall Street PR) In the recent months, Target Corporation (NYSE:TGT) has come to known for the massive data breach that impacted its system during the holiday shopping season. However, more than a negative reputation that the cyber-attack has brought to Target, the company is also worried of possible claims from affected customers

Good Technology Buys Fixmo's US, Sentinel Integrity Services Assets (GovConWire) Good Technology has moved to grow its public sector business by acquiring certain assets of Fixmo such as Fixmo U.S. and the Sentinel Integrity Services business

Microsoft Claims WeChat Shuts Down Xiaobing Accounts (China Topics) Global software giant Microsoft Corp claimed its artificial intelligence chatting robot, Xiaobing, has been blocked by WeChat without prior notice, a move described by the American company as a "brutal murder"

Microsoft predicts huge tech skills shortage by 2025 (V3) Microsoft has released a report that warns a rapidly growing shortage of technology-savvy graduates is putting the world's cyber security in danger

Proofpoint Upgraded to "Buy" at Sterne Agee (PFPT) (InterCooler) Sterne Agee upgraded shares of Proofpoint (NASDAQ:PFPT) from a neutral rating to a buy rating in a report issued on Monday

CSG Invotas Chosen as 2014 Pipeline Innovation Winner (Wall Street Journal) CSG Invotas, the enterprise security business from CSG International (NASDAQ: CSGS), today announced that is has been selected as the 2014 Pipeline Innovation Award winner in the "Security and Assurance" category

(ISC)²® Announces Recipients of 11th Annual U.S. Government Information Security Leadership Awards (Insurance News Net) (ISC)²® ("ISC-squared"), the largest not-for-profit membership body of certified information and software security professionals with over 100,000 members worldwide, today announced the recipients of its annual U.S. Government Information Security Leadership Awards (GISLA) program during a gathering of federal information security executives at the GISLA Gala in Arlington, Virginia

Security Patches, Mitigations, and Software Updates

GnuTLS Patches Critical Remote Code Execution Bug (Threatpost) Open source cryptographic library GnuTLS recently patched a remote code execution and denial of service vulnerability

Google Releases End-to-End Encryption Extension (Threatpost) Google has released an early version of a Chrome extension that provides end-to-end encryption for data leaving the browser. The extension will allow users to encrypt emails from their webmail accounts. The move by Google is another step in the process of making Web communications more secure and resistant to surveillance. The End-to-End extension is

What Do the New Features in OS X Yosemite and iOS 8 Mean For Privacy and Security? (Fortinet Blog) Today Apple announced at their annual Worldwide Developer's Conference (WWDC) their latest versions of their OS X desktop and iOS mobile operating systems. With this announcement came a long list of new features and technologies that as a whole work towards providing a more seamless experience for users of both their mobile and desktop products

Cyber Attacks, Threats, and Vulnerabilities

OSCE website 'hacked' (The Local Austria) The Vienna-based Organisation for Security and Cooperation in Europe said Wednesday its website had been hacked, according to an AFP report

World Cup 2014: 'Hacktivist' group Anonymous plan cyber-attack on sponsors including Coca-Cola, Budweiser and Emirates Airlines (Belfast Telegraph) Anonymous have announced they are preparing to launch a cyber-attack on the World Cup's corporate sponsors during the tournament that starts in two weeks

Warning Over 'Hollywood-Style' Cyber Attack (In-Cumbria) Cumbrian businesses are being told to act now or face potentially losing thousands of pounds, data, and personal information to cyber criminals

Move over Heartbleed — here comes another SSL/TLS bug (Naked Security) Here's a question. Which widely used open source SSL/TLS cryptographic library just recently fixed a critical bug caused by a buffer overflow? I'll give you a clue

The Human Side of Heartbleed (Schneier on Security) The announcement on April 7 was alarming. A new Internet vulnerability called Heartbleed could allow hackers to steal your logins and passwords. It affected a piece of security software that is used on half a million websites worldwide. Fixing it would be hard: It would strain our security infrastructure and the patience of users everywhere

Hackers Aim Phishing Attacks At New Retail Brands (Investor's Business Daily) As big companies like eBay and Target bolster their defenses following attacks from hackers, experts say that cybercriminals are also targeting other e-commerce and retail firms that could be vulnerable to phishing attacks intended to steal credit-card and other personal data

Criminals seeking more buyers with all-in-one malware (CSO) Researchers discover malware built to steal data from Web forms in browsers and payment card numbers from electronic cash registers

Report Examines How Attackers Mask Threat Activity (SecurityWeek) Network security firm Palo Alto Networks has released the latest version of its Application Usage and Threat Report, which sheds light on how attackers are exploiting commonly-used business applications to bypass security controls

Researcher automates discovery of Facebook users' hidden friends (Help Net Security) Putting a friend on Facebook on your "private" list does not guarantee you that anyone else won't be able to spot the relationship, says researcher Shay Priel, managing partner and CTO at CyberInt

HR a Hot Target for Cybercriminals (eSecurity Planet) Hackers see HR as an easy — and valuable — target. Educating HR staff is a key defense

Montana Health Department Acknowledges Data Breach (eSecurity Planet) Names, addresses, birthdates, Social Security numbers, clinical information and dates of service were exposed

Stolen Computer Equipment Exposes Mental Health Data (eSecurity Planet) Clients' names, birthdates, treatment records, and health and clinical histories may have been exposed

Academia

Northrop Grumman Names 24 Maryland Winners in 12th Annual Engineering Scholars Competition (Wall Street Journal) Northrop Grumman Corporation (NYSE: NOC) has announced the 24 winners of its 12th annual Engineering Scholars program, which will provide $240,000 in college scholarships to high school seniors across Maryland interested in studying engineering, computer science, physics or math

Litigation, Investigation, and Enforcement

Cyber security row is likely to have fallout (China Daily USA) Despite feeling hugely embarrassed by revelations made by former National Security Agency contractor Edward Snowden, two former US national security advisors said the indictment of five PLA officers for alleged cyber theft of US corporate secrets have negatively impacted the Sino-US military relations

Mounties join crack down on Russian cyber crime (CSO) The Mounties took part in a criminal take down this week that saw a couple of servers seized in Montreal. These systems were being used by criminals, apparently located in Russia, who were running a malware network that was fleecing victims of millions of dollars. A number that has been kicked around in this case is $100 million although it isn't clear if this is an accurate number or something mired in hyperbole

To Catch a Cyberthief (Slate) How the FBI foiled the dangerous malwares GameOver Zeus and Cryptolocker

Cyber Wars: Fed and Private Sector Take on Hackers (Bloomberg) CrowdStrike General Counsel Steven Chabinsky and Second Front Systems Founder and CEO Peter Dixon discuss Project Tovar and protecting against cyber criminals. They speak with Trish Regan on Bloomberg Television's "Street Smart"

Top prosecutor probes US spying on Merkel (The Local Germany) Germany's top prosecutor said on Wednesday he had opened an investigation over alleged snooping by the US National Security Agency (NSA) on Chancellor Angela Merkel's mobile phone

NSA chief Michael Rogers: Edward Snowden 'probably not' a foreign spy (The Guardian) New NSA director plays down speculation that 'our gentleman in Moscow' was working for a foreign intelligence agency

Idaho Judge Asks Supreme Court to End NSA's Phone Surveillance (Wall Street Journal) A federal judge in Idaho urged the U.S. Supreme Court on Tuesday to rule against the National Security Agency's surveillance program of telephone records while saying his own hands are tied by legal precedent. Judge B. Lynn Winmill, chief judge of the U.S. District Court in Idaho, dismissed a suit challenging the NSA's controversial program on Tuesday. But, in an eight-page memorandum, he said the Supreme Court should take up

U.S. Marshals Seize Cops' Spying Records to Keep Them From the ACLU (Wired) A routine request in Florida for records detailing the use of a surveillance tool known as stingray turned extraordinary Tuesday when the U.S. Marshals Service seized the documents before local police could release them

Dow Jones asks court to unseal long-completed digital surveillance cases (Ars Technica) Tens of thousands of electronic surveillance orders are sealed from public view

Six years jail for Swedish child porn kingpin (The Local Sweden) A 62-year-old man in Gothenburg has been sentenced to six years in prison for sharing millions of child abuse pictures online in what has been described as Sweden's biggest ever child porn ring bust

Design and Innovation

Swede plots end of cash with palm payments (The Local Sweden) Fed up with waiting in line to pay for groceries, an entrepreneurial young Swede has invented a palm payment method which is catching on. He tells The Local why his creation may spell the end for cash and even debit cards

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.

17th Annual New York State Cyber Security Conference and 9th Annual Symposium on Information Assurance (Albany, New York, USA, June 3 - 4, 2014) The 17th Annual New York State Cyber Security Conference (NYSCSC '14) and 9th Annual Symposium on Information Assurance (ASIA '14) is a two day event co-hosted by the New York State Office of Information Technology Services Enterprise Information Security Office, the University at Albany's School of Business and College of Computing and Information, and The NYS Forum, Inc. The Conference is held in Albany, New York on June 3 and 4 at the Empire State Plaza. The Conference features prominent industry security experts presenting the latest innovations in cyber security and includes peer networking and sessions on leading-edge security topics and issues.

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center. The theme of this year's Cyber Security Summit is "Effective Governance through Risk Management".

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, June 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.