The CyberWire Daily Briefing for 6.18.2014
ISIS insurgents (who appear to have Syria, Lebanon, and Jordan queued up for attention once they re-establish their simulacrum of a caliphate in Iraq) are finding social media a two-edged weapon: as cyber conflict rises in parallel with the fighting, parties unknown are tweeting sensitive information about ISIS plans and operations.
Anonymous announces another action against the energy sector: oil companies in Saudi Arabia, Qatar, and the United Arab Emirates are named as targets.
Apparent Russian government hacking of recent Ukrainian elections came close to achieving their complete disruption. The Christian Science Monitor reports that experts see the episode as an unhappy foreshadowing of future election problems worldwide.
As the HM Government announces broader cyber-sharing with British industry, it also says government networks have been breached by foreign cyber espionage operations. (The espionage is unattributed, but the UK and China have been at cyber loggerheads for some time. These tensions aside, the two countries are said to be working toward closer cyber law enforcement collaboration.)
Several stories on malware evolution offer further insight into how the Internet (and especially its shadier, black-market precincts) can give cyber criminals a supple and responsive R&D capability.
Microsoft discloses and fixes a vulnerability in its Malware Protection Engine. The bug could expose users of several Microsoft products to denial-of-service attacks.
Advances in mobile device technology pose forensic analysts new technical and legal challenges.
Dark Reading looks at the cyber insurance market and discerns a big problem: no "evidence-based method" to assess cyber risk profiles.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Finland, India, Iraq, Ireland, Jordan, Lebanon, NATO, Portugal, Qatar, Russia, Saudi Arabia, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Someone Is Spilling ISIS's Secrets on Twitter (Daily Beast) The terror group may be on a rampage in Iraq. But ISIS is being threatened from inside, it seems. And no one is sure who's behind the tweets disclosing the group's intimate detail
Hackers Warn Of Cyber Attacks On Oil Companies In Saudi, UAE, Qatar (Gulf Business) The threat has been issued by Anonymous, a politically motivated group of hacktivists, according to Symantec
Ukraine election narrowly avoided 'wanton destruction' from hackers (Christian Science Monitor) A brazen three-pronged cyber-attack against last month's Ukrainian presidential elections has set the world on notice — and bears Russian fingerprints, some say
State-sponsored hackers breached UK government network, claims minister (Graham Cluley) Those pesky state-sponsored hackers under the control of foreign governments have been up to their old tricks again
Next Media websites 'attacked' (Hong Kong Standard) Democratic Party legislator, James To, on Wednesday called on the police to conduct a thorough investigation into a cyber attack on the pro-democracy Next Media Group. The group's Apple Daily websites in Hong Kong and Taiwan have been under attack since 3:30am
Asprox Malware Borrowing Stealth from APT Campaigns (Threatpost) Cybercriminals and advanced attackers are freely borrowing from one another's repertoires to great success
Ramdo Click Fraud is Resurgent, with Ties to Kelihos Botnet (Infosecurity Magazine) Takedown-resistant click-fraud spike is expected to continue
Android Ransomware Uses TOR (TrendLabs Security Intelligence Blog) The recent introduction of ransomware in the mobile threat landscape was followed by a new development: the usage of TOR to hide C&C communication
Android Root Access Vulnerability Affecting Most Devices (Threatpost) A recently disclosed vulnerability in version 3.14.5 of the Linux kernel is also present in most versions of Android and could give attackers the ability to acquire root access on affected devices
Apple iOS and Android security worries the same, yet different (FierceMobileIT) Take your pick: Apple iOS or Android. Either one is a risky proposition, but they expose users to different security threats
Template Document Exploit Found in Several Targeted Attacks (TrendLabs Threat Blog) The use of contextually-relevant emails is one of the most common social engineering tactics employed in targeted attacks. Emails still being the primary mode of business communications are often abused to deliver exploits to penetrate a network that consequently lead to other stages of a targeted attack cycle
Microsoft Warns of Denial-of-Service Bug in Malware Protection Engine (Threatpost) Microsoft today released a security advisory alerting users of a serious vulnerability in the antimalware engine present in a number of security products, including Windows Defender, Forefront and others
Sality Malware (Infosec Institute) During the last Christmas season, a phishing email with an executable named as greetings . exe was broadly sent, and when the email was executed, an image named 'xmas' was drawn on the screen. This has captured the eyes of many security analysts, as the firewall and other prevention measures were disabled. Upon thorough investigation, it was concluded that it was a Trojan classified as Sality.AM, and many files were dropped in the %WINDIR%/TEMP directory
Cyber-Attacked AT&T Users Urged to Watch Out For Financial Fraud (States Chronicles) Last May we reported that giant online retail platform eBay got hacked into and lost personal data belonging to over 145 million users. The news stroke like lightning, as it was one of the biggest, most astute security breaches we came to stumble upon this year. However, in either eBay's or Spotify's cyber attack cases the users weren't robbed of their financial data or highly sensitive personal information
AT&T breach highlights problems of delayed notification, third-party security (FierceITSecurity) AT&T waited more than a month to notify customers that their social security numbers and other sensitive data were stolen by hackers
Stop sneaky hackers from launching DMA attacks (InfoWorld) Traveling to cyber spying hotbeds? Then beware of hackers compromising your system via DMA attacks
Spamvertised 'June invoice' themed emails lead to malware (Webroot Threat Blog) Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet's infected population through the systematic and persistent rotation of popular brands
Hacker mines $620K in cryptocurrency under victims' noses (ComputerWorld) Hijacks network storage devices — and PCs — then puts them to work in the Dogecoin mines
SafetyFirst FTP server compromised exposing customer data (CSO) SafetyFirst is a driver training firm based in Parsippany, NJ. Today they made it known to customers in California that they suffered a data breach
Britain expected to face worst-ever cyber attack (Times of India) GoZeuS is designed to steal banking information from personal computers, while CryptoLocker encrypts user-created files such as business documents and photographs, only releasing them in return for a ransom of hundreds of pounds. The attack is expected on the night on June 17
DDoS attacks: Perfected by hacktivists, preferred by cybercriminals (FierceITSecurity) Once the primary tool of hacktivists bent on disrupting corporate and government websites, distributed denial of service attacks are today being embraced by cybercriminals bent on extortion and distracting firms to steal sensitive data. And not surprisingly, these types of attacks are on the rise
Security Patches, Mitigations, and Software Updates
Microsoft patches antimalware engine vulnerability (ZDNet) A denial of service bug in the engine's JavaScript interpreter could allow an attacker to turn off protection
Microsoft Security Advisory 2974294: Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service (Microsoft Security Tech Center) Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted
Microsoft Amps up Azure's Security Features (eSecurity Planet) Among the newest security features for Microsoft's Azure is the ability to authenticate users to software-as-a-service apps via Azure Active Directory
VMSA-2014-0006.2 updates OpenSSL libraries in VMWare (Internet Storm Center) An update was released today addressing the OpenSSL issues in VMWare products. Libraries have been updated to 0.9.8za and 1.0.1h to fix issues
Cyber Trends
Can digital forensics keep up with smartphone tech? (GCN) The explosive growth in both the use and capacity of smartphones has led to a sea change in digital forensics, creating technology challenges for the justice and law enforcement communities and raising legal questions that in some cases have gone to the Supreme Court
Return of digital privacy will hurt online marketing (Waterloo Record) A cybersecurity expert predicts major disruptions for digital advertising and marketing as people gain more privacy in their online communications and transactions
Employees take too many risks with Wi-Fi security (Help Net Security) UK employees are potentially putting their companies at risk of cyber-attack when using mobile devices for work purposes while on holiday or on a short break, new research has found
The Implications of "Endpoint Protection: Attitudes and Opinions" (Bromium) Bromium has just published the results of "Endpoint Protection: Attitudes and Opinions," a survey of more than 300 information security professionals, focused on end user threats and security. The majority of the respondents believe
Despite high-profile breaches, firms failing to address third-party risks (FierceITSecurity) Companies are failing to address third-party security risks, despite some recent high-profile breaches that resulted from poor security at third-party vendors, such as the Target breach that exposed 40 million credit and debit card numbers and other information
SMBs still use Windows XP and face security risks (Help Net Security) Almost one in five small and medium businesses worldwide are currently exposed to major security risks as they are still using Windows XP after Microsoft ended support for the operating system, according to Bitdefender
Could you maintain security in event of IT failure? (Help Net Security) A study investigating the priorities for the UK and Ireland's top banks and insurance companies has revealed low confidence in the ability to remain secure in the event of an IT collapse, according to Fujitsu. Only a third (35%) of the 176 organizations surveyed said they were "very confident" that security could be maintained in the event of an outage
Businesses ill-equipped to handle data-theft hackers (FierceCIO:TechWatch) Hackers broke into the online systems of Dominos in the countries of France and Belgium, and attempted to blackmail the pizza chain into parting with €30,000 to prevent the public disclosure of the stolen passwords and customer data
Canadian Study Finds Nearly 60 Percent of Organizations Believe They Can't Stop Data Theft (MarketWatch) New Ponemon Institute survey suggests key cybersecurity deficits, disconnects and low attack visibility
India Third-Most Affected by Online Banking Malware: Report (NDTV) The use of Internet has improved the overall banking services in India, but, it has also led to a heightened activity by cybercriminals making the country the third-most affected globally by online malware, a report by cyber-security firm Trend Micro said
Infographic: Banking customers blissfully unaware of rise in cyberattacks (FierceITSecurity) Close to half of banks have experienced a cybersecurity attack in the last year, yet only 5 percent of customers were aware of those attacks, according to a survey of 150 U.S. bank managers by CDW
The Smartification of the Home, Part 1 (TrendLabs Threat Blog) Over the past few years, there has been proliferation of intelligent connected devices introduced into homes across the globe. These devices can range from the familiar — such as tablets, smart phones, and smart TVs — to the less familiar, such as utility meters, locks, smoke and carbon monoxide detectors, motion detectors and scales
Marketplace
The Problem With Cyber Insurance (Dark Reading) Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This has resulted in high premiums, low coverage, and broad exclusions
Security, data center vendors renew focus on stopping rising DDoS attacks (FierceITSecurity) Security and data center vendors are increasing their focus on preventing distributed denial of service attacks as those attacks proliferate, observes Jeff Wilson, principal analyst for security at Infonetics Research
Security Software Maker Cyber-Ark Plotting Possible 2014 U.S. IPO (Wall Street Journal) Company is seeking an initial, overall valuation of around $500 million to $1 billion
FINRA Reviews FireEye Trading Activity Ahead of Mandiant Acquisition (Wall Street Journal) The Financial Industry Regulatory Authority is reviewing trading in computer-security firm FireEye Inc. FEYE -0.34%'s shares ahead of its $1 billion January acquisition of Mandiant Corp., another cybersecurity company known for investigating high-profile data breaches
U.S. Navy's Superior Supplier Incentive Program Being Extended to All Services For Acquisition (SIGNAL) Pentagon ranks its top 30 Defense Department suppliers
There is no shortage of the skills to tackle e-crime, only of employers who train — but what skills do they want and who will deliver the training? (ComputerWeekly) I recently agreed to help e-Skills engage financial services employers in reviewing their cyber security skills programmes, not just to find the gaps but also those willing to help fill them. So far I have found some good news and some bad news
Ocean Bank Selects Easy Solutions to Provide Layered Fraud Intelligence (Broadway World) Easy Solutions, the Total Fraud Protection company, today announced that Ocean Bank, the largest independent state chartered bank in the state of Florida, has selected its suite of fraud protection solutions to ensure robust electronic security for its customers
Admiral Normal Hayes (ret.) Joins SBG Technology Solutions to Grow National Security and Intelligence Capabilities (MarketWatch) SBG Technology Solutions, one of the fastest growing and leading engineering and information technology service providers in the United States, is thrilled to welcome Rear Admiral Norman Hayes to our SBG cadre of experts. Admiral Hayes will spearhead all efforts on intelligence and cyber security and serve as a principal advisor to our customers
Jim Messina Joins Vectra Networks Board Of Directors (Broadway World) Jim Messina Joins Vectra Networks Board Of Directors Vectra Networks, the leader of real-time detection of cyberattacks in-progress, today announced that Jim Messina has joined its board of directors
Products, Services, and Solutions
Gear to Block 'Juice Jacking' on Your Mobile (Krebs on Security) Ever since I learned about the threat of "juice-jacking" — the possibility that plugging your mobile device into a random power charging station using a USB cord could jeopardize the data on that device — I've been more mindful about bringing a proper power-outlet charging adapter on my travels. But in the few cases when I forgot or misplaced the adapter, I've found myself falling back on one of two devices I'll review today that are both designed to block USB charging cords from transmitting data
MS Research publishes JS crypto code for devs (The Register) Microsoft Research has published an under-development JavaScript crypto library, for exposure to developers and researchers interested in cloud and browser security
ThreatTrack Security Rolls Out ThreatSecure (Dark Reading) Venture-backed cybersecurity firm introduces ThreatSecure, a disruptive threat detection and remediation technology, and announces plans to expand into Silicon Valley
Votiro Incorporates Spear Phishing Protection (Newsfactor Business Report) Votiro, the provider of Secure Data Sanitization solutions for protecting organizations against zero-day and other ongoing cyber-threats, announced today that it has extended the usability of its free, cloud-based, sanitization service to include protection against spear phishing and other email-based attacks
Facebook turns user tracking 'bug' into data mining 'feature' for advertisers (ZDNet) Facebook announced changes to its privacy and advertising policies on its company blog, extending Facebook's ability to track users outside of Facebook. This counters 2011's position that [we] "do not track users across the web"
Encryptics Core Encryption Engine Validated by NIST to meet FIPS Cryptography-Based Standards (Broadway World) Encryptics, a provider of patented data privacy and protection services for businesses and government, announced today that its core encryption engine has been validated by the National Institute of Standards and Technology (NIST) under the Federal Information Processing Standards (FIPS)
AhnLab Introduces Its Anti-APT Security Solutions at CommunicAsia 2014 (Wall Street Journal) AhnLab, Inc., a leading provider of information security products and services for enterprise, military and government organizations, and Synetcom Philippines, Inc., AhnLab's strategic business partner, introduced AhnLab MDS, multi-layered security solutions against today's advanced security threats at the CommunicAsia 2014 (Booth Number BB5-08, Basement Level), held on June 17-20, 2014 at Marina Bay Sands, Singapore
New ThalesRaytheon System Monitors Air-Traffic Radar for Signs of Hacking (Defense News) In response to the growing range of cyber attacks on critical infrastructure, Thales and Raytheon have launched a product that alerts customers to disruptive hacking of air-traffic radars
secunet introduces policy framework for eID PKIs (Biometric Update) German IT security solutions provider secunet announced at Security Document World 2014 that it will introduce a policy framework for public key infrastructures with regard to electronic identity documents
ForgeRock Forms Identity Relationship Management Partner Ecosystem (Insurance News Net) ForgeRock said that it has launched the ForgeRock One Technology Partnership Program with nine new members
Microsoft launches a service to help predict the future (ITWorld) The Azure Machine Learning service will streamline the task of predictive analysis, Microsoft asserts
WISeKey Aligns Its Unique CyberSecurity Solutions With Microsoft CityNext (MarketWatch) WISeKey announced today its participation in Microsoft CityNext, a global initiative empowering cities, businesses and citizens to re-imagine their futures and cultivate vibrant communities
Malwarebytes Anti-Exploit offers lightweight protection from new threats (FierceCIOTechWatch) Malwarebytes launched a new Anti-Exploit tool designed to protect Windows users from being hacked based on known or new exploits. The tool does its work by specifically protecting popular targets including Microsoft Office, Adobe software products and Java
Blue Coat Systems offers JIE advanced malware protection (C4ISRNet) As the Defense Department moves toward the centralized network approach of the Joint Information Environment — and the joint regional security stacks that will help keep it secure — one industry partner is providing a crucial layer of protection that will help secure DoD networks worldwide
Successful Launch of Webroot for Gamer at E3 (Webroot Threat Blog) Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association
Technologies, Techniques, and Standards
Six ways to prevent a breach like the one at AT&T (CSO) Experts say there are many technologies available to keep business partners, employees and others away from data they should not see
TrueCrypt — a matter of assurance (Graham Cluley) Over a number of years, TrueCrypt gained a reputation and a sizeable following as a reliable and stable, tried and tested free full disk encryption solution
Error logging and tracking done right with Raygun.io (Troy Hunt) For some years now, one of the first things I've dropped into any new project has been ELMAH. Grab it from NuGet, provision yourself a SQL database table and watch magic happen as every unhandled error gets dumped into the DB and is reviewable via a handler which exposes the original stack trace amongst other info such as server variables and POST data. In theory, you also secure this. In practice, many people don't
Ransomware with a happy ending (Naked Security) Ransomware is certainly a hot topic these days. That's the sort of malware that locks up your computer, or scrambles your data, and demands a fee to get things back the way they were
7 Things Your Boss Needs to Know About Phishing (Cyveillance Blog) As an IT security professional, you spend your day protecting your organization and managing risk. You handle the day-to-day tasks that help keep the criminals out, like monitoring log files, updating antivirus software, managing firewalls, and responding to cyber security incidents. You deal with threat vectors like phishing every day, but can you explain to your boss (or your boss' boss) the seven things about phishing that he or she really needs to know?
Windows XP, slow to die :-( (Internet Storm Center) After traveling around the past few months in various countries it looks like getting rid of Windows XP is going to take quite a while. It is probably due to the fact that it has expired that I noticed it more than usual, but XP is certainly everywhere. You see it at airports on display boards, Point of Sale systems. In one overseas country the computers in customs as well as the railway displays and control systems and hospitals
Design and Innovation
Saving old software from extinction in the age of cloud computing (Ars Technica) Will cloud-dependent software leave anything behind for future historians?
Academia
Being a CISO at a higher education institution (Help Net Security) In this interview, Matt Santill, CISO of Broward College, talks about the requirements and peculiarities of his job, the technologies the college uses to make its network safe, and offers advice for CISOs working in other educational institutions
High-schoolers try college life in USF summer program (Tampa Tribune) She was missing an end-of-the-school-year party thrown by her friends at King High School, but their attempts to rub it in wouldn't rile Mallika Bhatta
The Next Big Thing You Missed: A Social Network That Could Truly Reform Our Schools (Wired) The federal government has spent 12 years trying to impose reform on primary and secondary schools from above, using things like financial incentives and standardized tests. Edmodo is working from the other direction, hoping to improve our schools from the bottom
Legislation, Policy, and Regulation
UK forges close cyber ties with China despite 'endemic espionage' (The Guardian) UK's National Crime Agency has met at least twice with Chinese authorities recently in efforts to battle cybercrime
U.S., NATO Exploring Collective Cyber Defense (USNI News) Top American and NATO military leaders could begin exploring the ramifications of an Article 5 response by the alliance to a cyber attack, according to a top Pentagon cyber official
Cybersecurity a key bilateral issue for White House, and not just with China (FCW) The Justice Department's indictment last month of five Chinese military officers for alleged cyber-espionage sent a shockwave through Sino-American relations, surprising some cybersecurity experts and leaving all to divine Washington's next move on the issue
Cyber agenda considers security impact of declassifying IP (Government Computing) The declassification of government-designed intellectual property for potential commercial use and assistance for small and medium-sized enterprises (SMEs) to mitigate security risks in providing public services will be among the key focuses at an information assurance event that concludes today
U.S. senators push ahead with cyber security legislation (Reuters via Business Insurance) The U.S. Senate Intelligence Committee is expected to consider a bill next week aimed at encouraging companies to exchange information on hacking attempts and cyber security threats with the government, senators said on Tuesday as they released a draft of the legislation
Senators: No 'watered down' NSA reform (The Hill) Three senators are doubling down on their call for a sweeping end to the National Security Agency's "dragnet surveillance"
Snowden Leaks Cost Nation's Cyber Security Efforts, Former NSA Official Says (Wall Street Journal) A former deputy National Security Agency director said intelligence secrets leaked by Edward Snowden last June derailed legislative attempts to encourage the public and private sectors to share information about vulnerabilities in cyberspace, and said the government must do more to encourage such collaboration
Silicon Valley Is Key to Limiting NSA Surveilance (East Bay Express) Pulitzer Prize winner Glenn Greenwald says tech giants have a role to play in lobbying to push for restrictions on the power of the National Security Agency
Agencies work to close mobile security, connectivity gaps (GCN) The right mix of technology and policies will help agencies strike a balance between government-issued and personal devices as they attempt to give a mobile workforce secure access to data from anywhere, anytime and any device
Texas Ethics Opinion Strips IT Professionals of CIO, CTO Titles (Law Technology News) The Texas State Bar's Professional Ethics Committee forbids non-lawyers to have titles with 'principal' or 'officer'
Litigation, Investigation, and Law Enforcement
Judge orders release of NSA surveillance court rulings (SFGate) A federal judge in Oakland, citing "intense public interest and concern" about government surveillance, has ordered the Obama administration to turn over secret court rulings about National Security Agency activities so she can decide whether to make them public
Last stand? Microsoft fights a U.S. warrant for the future of the cloud (InfoWorld) Microsoft and other tech giants are battling the U.S. government over the right to see email stored on foreign servers
Court: Terror suspect can't get NSA evidence gathered against him (Ars Technica) "The investigation did not violate FISA," writes appeals court
Judge allows US Marshals' seizure of stingray records, dimisses lawsuit (Ars Technica) What began as request for info on cell tracking records turns into surreal tale
Google hit with new EU complaint over alleged abusive app store behavior (FierceMobileIT) Portuguese app store firm Aptoide hit Google with a European Union (EU) complaint alleging abusive practices by the search giant
Is a Facebook death threat a true threat? Supreme Court to decide (Naked Security) In 2010, the wife of a US man from Pennsylvania, Anthony D. Elonis, took their two kids and left him
Nokia Paid Millions to Symbian Blackmailer After Bungled Cop Op (Infosecurity Magazine) Finnish firm was victim of extortion after encryption key found its way into the wrong hands, police admit
20-years-old Alleged "NullCrew" Hacker Arrested by the FBI (HackerNews) The FBI officers have arrested a 20-year-old Tennessee man and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on five organizations in 2013, including two universities and three companies in the US and Canada, federal law enforcement officials announced today
ACLU Sues After Illinois Mayor Has Cops Raid Guy Parodying Him on Twitter (Wired) Countless parody Twitter accounts have been created over the years — British Petroleum, Mark Zuckerberg, the NSA, the Queen of England and even God
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Hacktivity 2014 (Budapest, Hungary, Oct 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.