The CyberWire Daily Briefing for 6.19.2014
Cyber security analysts often predict catastrophic cyber attacks on businesses. On Tuesday one such catastrophe hit code-hosting and collaboration platform Code Spaces. The episode began with a denial-of-service attack, followed by an extortion demand. Code Spaces declined to pay, and — discovering that intruders had gained access to its Amazon EC2 control panel — changed EC2 passwords and began recovery operations. The attackers, who had created backup logins, began deleting data as soon as they noticed recovery operations underway. Within twelve hours they succeeded in destroying most of the company's data, backups, machine configurations, and offsite backups. Code Spaces announced yesterday that it would cease operations, and "concentrate on supporting our affected customers in exporting any remaining data they have left with us."
The Code Spaces hack is a disturbing example of how cyber extortion has advanced in sophistication and ferocity. Another disquieting report comes from BAE, which describes a 2013 attack on one of its clients: an unnamed (but "large") hedge fund, hit by a cyber attack that proved both technically advanced and constructed with a high level of business knowledge.
State-sponsored hacking continues. The Syrian Electronic Army reappears in its familiar mode: defacements of media websites who offense is insufficient enthusiasm for Syria's Assad regime.
Password-protected Zbot malware has been found in the wild. CryptoLocker's massive resurgence hasn't materialized, but a ransomware successor to CryptoLocker — CryptoWall — has become widely active.
The US Department of Homeland Security IG finds significant security flaws — mostly failures to patch — in USCIS RFID card production.
Notes.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Colombia, France, India, Indonesia, Ireland, Israel, Philippines, Portugal, Romania, Serbia, Syria, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Hacker Puts Hosting Service Code Spaces Out of Business (Threatpost) Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company's data and backups
Code Spaces forced to close its doors after security incident (CSO) Code Spaces, a Subversion and Git hosting provider, used by organizations for project management and development needs, has folded after an attacker compromised their internal systems
Code Spaces : Is Down! (Code Spaces) Dear Customers, On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers, this happens quite often and we normally overcome them in a way that is transparent to the Code Spaces community. On this occasion however the DDOS was just the start
Cybersecurity firm says large hedge fund attacked (CNBC) In an audacious and sophisticated attack, cybercriminals acting in late 2013 installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers, CNBC has learned
Syrian Electronic Army Hacks The Sun & Sunday Times Websites (International Business Times) The Syrian Electronic Army (SEA) has claimed responsibility for attacks on The Sunday Times and The Sun newspapers' websites, which saw web users briefly redirected to a message from the pro-Assad group
Cyberattackers brought down Apple Daily website with 40 million hits every second (South China Morning Post) A cyberattack on Apple Daily's website saw more than 40 million enquiries sent to the site per second during its peak, bringing the system down and blocking normal web users from accessing pages for several hours, the company revealed today
Android 'SMS Stealer' Malware Hidden in World Cup Themed Apps (HackRead) Be careful of any new World cup themed apps, lest you should be tricked into downloading a malicious app, says a recent report published by Trend Micro
Password protected Zbot malware in the wild (Help Net Security) Early this morning a small malware campaign started up claiming to be daily customer statements from Berkeley Futures Limited (real company, but messages are spoofed)
AVG Warns Popular Websites Still Suffering an OpenSSL Security Issue (MaximumPC) Even after applying a Heartbleed patch, many websites are still vulnerable
Malicious Google Play Clone Steals Banking Credentials (Dark Reading) Google, FireEye disrupt sneaky Android malware operation
A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware (FireEye) FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers. And this is certainly a high-volume business, with anywhere from a few hundred to ten thousand malicious emails sent daily — usually distributing between 50 and 500,000 emails per outbreak
Ragebooter: 'Legit' DDoS Service, or Fed Backdoor? (Krebs on Security) On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site "stress testing" services. Today, we'll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site's proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity
Slow rollout of SSL places users of LinkedIn at risk research says (CSO) LinkedIn was notified about the potential risks over a year ago. According to research, users of LinkedIn could be vulnerable to Man-in-the-Middle (MITM) attacks, leading to account and personal information compromise
Lessons in insecure SSL courtesy of Hoyts cinemas (Troy Hunt) Why do we bother with SSL? I mean what's the risk that we're trying to protect against by using certificate authorities and serving up traffic over HTTPS? Usually it's men (or possibly even women) in the middle or in other words, someone sitting somewhere between the client and the server and getting their hands on the data. Do we all agree with this? Yes? Good, then why on earth would you possibly say this?
How to defend against the latest Android kernel flaw (CSO) Experts say careful monitoring of app activity and hardware changes will protect against the flaw that affects nearly every popular Android device
What's next for ransomware? Cryptowall picks up where CryptoLocker left off (Naked Security) When an international law enforcement action earlier this month knocked out the Gameover botnet, one happy consequence was the takedown of the servers that the CryptoLocker ransomware needed in order to do its dirty work
SNMP: Spike in Brute-force Attempts Recently Observed (Cisco Blogs) Simple Network Monitoring Protocol (SNMP) has been widely deployed as an important network management tool for decades, is a key component of scalable network device management, and is configurable in nearly all network infrastructure devices sold today. As with any management protocol, if not configured securely, it can be leveraged as an opening for attackers to gain access to the network and begin reconnaissance of network infrastructure. In the worst case, if read-write community strings are weak or not properly protected, attackers could directly manipulate device configurations
Flaws Found in USCIS RFID Card Production System (Threatpost) The system that's used to produce RFID-enabled identification cards — including permanent resident IDs — by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system were missing six years worth of Java patches and an Oracle database server was missing nearly two dozen patches
P.F. Chang's Breach Likely Began in Sept. 2013 (Krebs on Security) The recently-announced credit card breach at P.F. Chang's Chinese Bistro appears to have gone on for at least nine months: New information indicates that the breach at the nationwide restaurant chain began on or around Sept. 18, 2013, and didn't end until June 11, one day after KrebsOnSecurity.com broke the news about the break-in
When Vulnerabilities are Exploited: the Timing of First Known Exploits for Remote Code Execution Vulnerabilities (Microsoft Security Blog) One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen? Trustworthy Computing's Security Science team published new data that helps put the timing of exploitation into perspective, in the recently released Microsoft Security Intelligence Report volume 16
It's Not Funny: Facebook Users Tricked into Bitcoin Mining (Hot for Security) Hundreds of Facebook users got infected with a new Trojan secretly using their systems to mine for Bitcoins, the virtual currency that spread a global money-making fever, Bitdefender warns. Since spotted last week, the malware has seen infections in countries such as Portugal, Belgium, India, Romania and Serbia
Personal data hacked from Ashmolean Museum website (Oxford Times) Personal data of nearly 8,000 people has been hacked from the Ashmolean Museum's website
Security Patches, Mitigations, and Software Updates
Google's Famous Security Guru Found An Embarrassing Hole In Microsoft's Products (Business Insider) On Tuesday, Microsoft warned that it was issuing an emergency patch to fix a dangerous flaw in its software
Cyber Trends
Shortage of cybersecurity professionals poses risk to national security (Phys.org) The nationwide shortage of cybersecurity professionals — particularly for positions within the federal government — creates risks for national and homeland security, according to a new study from the RAND Corporation
We're Aswarm In Denial Of Service Attacks And It's Getting Worse (Forbes) Denial of service cyberattacks get few props for their novelty in a field that prizes novelty. Lately, though, they've been making up in volume for what they lack in originality. A denial of service (DoS) attack, or DDoS if it's distributed as in originating from multiple computers, is an attempt to disrupt the operation of a Web site by flooding it with pointless requests that can clog or overwhelm network resources and eventually shut down a site Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model (FireEye) This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model
Data sharing key to fighting document fraud, says former cop (ComputerWeekly) A secure and effective way of sharing data on lost, stolen and fraudulent identity documents would go a long way to stamping out fraud, says consultant and former police officer Russ Middleton
Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model (FireEye) This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model
Marketplace
What Was Boring About Check Point Now Makes Stock a Buy (Bloomberg BusinessWeek) While cybersecurity stocks like FireEye Inc. (FEYE:US) and Imperva Inc. (IMPV:US) have crashed this year, Check Point Software Technologies Ltd. has weathered (CHKP:US) the selloff
Corero Network Announces Contract Win, Stock Up (RTT News) Corero Network Security Plc. (CNS.L), a provider of security solutions for defending against DDoS attacks and cyber threats, announced its largest First Line of Defense solution contract win. The order is valued at half a million dollars. The stock climbed over 11 percent
Mobile System 7 Moves to Maryland, Receives $400,000 Investment from State, County (Insurance News Net) The Maryland Venture Fund (MVF), the equity investment arm of the Maryland Department of Business and Economic Development (DBED), has invested $300,000 in Mobile System 7 following the cybersecurity firm's move to Bethesda from Virginia. The MVF led the financing round and was joined by the Montgomery County Department of Economic Development (DED), which invested $100,000, and private investment groups
Behavioral fraud detection firm BioCatch takes in $10M investment (Gigaom) The Israeli startup examines precisely how people use the banking and e-commerce sites it is protecting, in order to spot when something is out of the ordinary
[Disruptor 50:] #23. Shape Security (CNBC) Most measures to protect against cybersecurity threats today are reactive in nature. The threat has to be analyzed, identified as malicious and ultimately blocked. Shape Security is attempting to change that formula by allowing companies to be more proactive. Instead of a company's website scanning a near infinite amount of inbound traffic looking to block threats, as is the case with most existing solutions today, Shape's technology, based on the concept of polymorphism, continually transforms the underlying DNA of a website. This means that Shape can preserve the functionality of code while transforming how it is expressed, making it harder for bad guys to hack into a website
Iron Bow Recognized in the Top 50 on CRN's 2014 Solution Provider 500 List (Digital Journal) Iron Bow Technologies LLC, an information technology solutions provider, today announced it has been named to the 2014 Solution Provider 500 (SP500) list by The Channel Company's CRN
Cybersecurity Startups Pitch Investors at MACH37™ & CIT GAP Funds Cyber Showcase (Digital Journal) The MACH37™ Cyber Accelerator and CIT GAP Funds hosted investors yesterday at the Cyber Showcase. Twelve companies presented, including the MACH37™ Spring Cohort, plus six later stage companies from both the MACH37™ and CIT GAP Fund portfolios. Invited guests included investors representing top-tier venture capital firms, leading edge technology companies and angel groups from the east coast
NSA jitters are 'just a bummer' for cloud growth, HP says (PCWorld) Revelations about U.S. National Security Agency snooping have made some buyers outside the U.S. think twice about public clouds, placing a drag on one of the world's biggest technology trends, the head of Hewlett-Packard's enterprise group said
Stephen Pace Joins Raytheon As Cyber Portfolio Sales SVP (GovConExecutive) Stephen Pace, a former sales executive at network security firms Pwnie Express and Core Security, has joined Raytheon as senior vice president of global sales for the firm's cyber products business
Ret. Navy Intell Officer Norman Hayes Joins SBG Technology Solutions (GovConExecutive) Norman Hayes, a retired U.S. Navy intelligence officer, has joined SBG Technology Solutions as a principal advisor on intelligence, national security and cybersecurity
ForeScout Named Finalist in 'Best Deployments & Case Study' Category of 2014 Hot Companies and Best Products Awards (MarketWatch) Rollins College bolstered network monitoring and policy enforcement With ForeScout CounterACT
Products, Services, and Solutions
Remove Android ransomware for free (Help Net Security) avast! Ransomware Removal is a free app that eliminates Android ransomware and decrypts locked and ransomed files
Quttera improves website anti-malware monitoring services and adds new website security monitoring features (CentralJersey.com) In June 2014 Quttera has developed and implemented several new ground breaking enhancements to anti-malware monitoring solution adding more control and scalability to webmasters. Customers reporting improved experience in managing website security and collaboration both within the organization and between third parties
Tufin Orchestration Suite Wins SC Magazine 5 Star Award and 'Pick of the Litter' Rating (Broadway World) Tufin, the market-leading provider of Security Policy Orchestration solutions, today announced that the Tufin Orchestration Suite washonored bySC Magazinewith a five star (out of five stars) award and selected "Pick of the Litter" in the magazine's latest security policy automation roundup published onJune 2, 2014. The Tufin Orchestration Suite won perfect five star marks in all review categories
Cellebrite Introduces 'Find My iPhone' Status Detection; Solution to Save Mobile Retailers Millions in Trade-In Losses and Repair Failures (MarketWatch) Cellebrite sets the standard for innovation for mobile diagnostics and automated phone buyback with new security lock detection, patent-pending battery test and integrated mobile malware removal
Geospatial framework for cybersecurity (Help Net Security) Esri is joining forces with RedSeal in order to create a geospatial framework for cybersecurity. The goal is to fully integrate existing cybersecurity and IT data with other organizational functions
ThreatTrack Security sets new standard in advanced threat defense (GSN) Reston, VA-based ThreatTrack Security has announced the availability of ThreatSecure, a cybersecurity solution that integrates network-based defenses with endpoint security and delivers threat detection with closed-loop endpoint remediation
Confer and The MITRE Corporation Join Forces to Accelerate Threat Sharing and Operationalize Threat Intelligence (Broadway World) Confer, the first company to offer endpoint and server security via an open, threat-based, collaborative platform, and The MITRE Corporation, a not-for-profit organization that has worked closely with government to strengthen our nation's cyber defenses for more than four decades, today announced an agreement to help companies better protect themselves by sharing cyber threat information. As part of this initiative, MITRE's Collaborative Research Into Threats (CRITs) Platform has been released as a new, open source project. Additionally, Confer is releasing the Confer Threat Exchange, which interfaces with CRITs to allow companies to securely share and automatically apply threat intelligence within their own infrastructure
Does Facebook's Slingshot commit true imagicide? Or is it another Snapchat? (Naked Security) Slingshot is Facebook's "disappearing" image answer to Snapchat - the the app that got away
The best password managers for PCs, Macs, and mobile devices (InfoWorld via CSO) Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach , and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too
Breaking Into iCloud: No Password Required (Elcomsoft) With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups
Technologies, Techniques, and Standards
Risk of re-identification 'greatly exaggerated' (FierceBigData) So sayeth Information Technology and Innovation Foundation (ITIF) Senior Analyst Daniel Castro and co-author Ann Cavoukian, the Ontario information and privacy commissioner in a new whitepaper. They bemoan the lack of public trust in de-identification and affix the blame to media reports stating "a tendency on the part of commentators… to overstate the findings." So what's the deal here? Does de-identification work or not?
Data Security Decisions In A World Without TrueCrypt (Dark Reading) The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble
Five steps towards cyber breach preparation (Help Net Security) Earlier this week, Domino's Pizza became the latest victim of a breach and ransom demand. Recent DDoS attacks on Evernote and Feedly DDoS, along with the efforts of Cryptolocker and other tricks to extort hard cash from unsuspecting users, are rapidly gaining momentum and are becoming a serious threat to individuals and organisations of all sizes. These brazen attempts to make a quick profit will only be fuelled for as long as they remain successful
Heartbleed shows the need for password change automation (ZDNet) Passwords have all sorts of problems, but the one which is hardest to solve is when you need to change a lot of them quickly, as happened after Heartbleed
An Intelligent Approach to Fighting Cyber Attacks (ProSecurityZone) Since today's cyber attacks are moving faster than legislation's ability to keep up, companies in high-risk sectors are left following regulations that fight yesterday's war. As the government and organizations try to secure their information, federal agents alerted more than 3,000 companies last year that their computer systems had been hacked. The companies varied in size from small to large and represent what experts think is a small fraction of the total number. Analysts estimate the cost of these breaches is up to $100 billion annually for U.S. companies and consumers
Tech support scams and the wisdom of Solomon (Graham Cluley) Surprisingly enough, given the years I've put in documenting and offering advice on tech support scams, I don't spend a lot of time talking to the scammers, even though I've had many of those calls over the years
The NSA's big problem, explained by the NSA (The Week) Amongst the new trove of classified documents released by Der Speigel is a rather academic discussion, in the NSA's own foreign affairs journal, about the differences between American signals intelligence collection and German signals intelligence collection
Design and Innovation
Here's What Cyberspace Looks Like (Nextgov) Several federal agencies are in the early stages of mapping out a realm that has no geography, in hopes of preempting breaches and successfully hacking adversaries
Academia
CyberPatriot Designates Fairfax County Public Schools as a "Center of Excellence" (Digital Journal) The Air Force Association's CyberPatriot program has announced Fairfax County Public Schools (FCPS) of Northern Virginia as its fifth CyberPatriot Center of Excellence
Legislation, Policy, and Regulation
Cybersecurity Information Sharing Act of 2014 (113th Congress) A bill to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes
The senate is still trying to jam through its hugely controversial cybersecurity bill (BGR) The federal government refuses to let one of the most controversial Internet bills ever conceived die. CISPA, as it was known when it was introduced in 2011, made a temporary resurgence last year only to meet the same opposition that had blocked its passage two years before. But as Vice has discovered, the bill is back under consideration by the U.S. Senate under a slightly altered name
Funding Amendment To Curtail Warrantless Surveillance Proposed In House (TechCrunch) A bipartisan group of Congress members have proposed an amendment to the Fiscal Year 2015 Department of Defense Appropriations Act aimed at reining in government surveillance. The amendment would ban the funding of government to either demand or request a "backdoor" into products built by technology companies. It would also ban the funding of searches of the data of US persons under the authority of Section 702 of the Foreign Intelligence Surveillance Act (FISA)
Biden tries to reassure Brazil on cyber-spying (Global Post) U.S. Vice President Joe Biden was received here Tuesday by Brazilian President Dilma Rousseff, the first high-level encounter between the two governments since revelations about Washington's extensive spying on the South American nation
Victoria Police defends security of outdated software (The Age) The force's computer network still used Windows XP, for which Microsoft stopped providing software updates in April. Victoria Police insists its IT systems are not vulnerable to security breaches, despite using an outdated software system no longer supported by Microsoft
France To Train Own Cadre of Cyber Defense Experts (Defense News) Unable to compete with private firms as it looks to hire cybersecurity experts, France's Ministry of Defense will set up a course to train its own experts to protect the French military
Indonesian Navy to establish naval cyber command (IHS Jane's Defence Weekly) The Indonesian Navy (Tentera Nasional Indonesia - Angkatan Laut: TNI-AL) is to establish a naval cyber command unit in anticipation of greater maritime threats in the digital domain, said the TNI-AL in an address delivered on 16 June during a TNI-AL-hosted event in Jakarta aimed at raising awareness of digital threats
Colombia, Israel exchange knowledge on cyber-security in Bogota seminar (Colombia Reports) The Colombian capital of Bogota is playing host to a two-day seminar between national and Israeli representatives assessing the threat of cyber-attack and exploring opportunities for cooperation between the two countries
Now China can censor journalists before they even start reporting a story (Quartz) Everybody knows Chinese reporters have it rough. There are 32 of them in jail, according to the Committee to Protect Journalists' most recent figures. But they've usually been arrested only for stories that are published, well after research has uncovered the dirty secrets. Now, thanks to new rules (link in Chinese) from the main media regulator, the government can pre-empt them
Northrop Grumman Calls for Robust Partnerships to Combat Growing Cyber Threat (MarketWatch) Company announces plans to extend US-based youth cyber education programme to UK
Litigation, Investigation, and Law Enforcement
IRS computer crash eats email evidence: Conspiracy or 'worst IT department ever'? (NetworkWorld) After the IRS claimed a computer crash ate email evidence, most techies seem to believe that no IT department could be that incompetent. Instead, the IRS claims are being dubbed preposterous, ludicrous, lies
Missing E-Mail Is the Least of the IRS's Problems (Bloomberg) Last Friday afternoon brought a disturbing news dump from the Internal Revenue Service: A big chunk of Lois Lerner's e-mail has disappeared. A hard drive crash, the agency says, permanently destroyed much of Lerner's e-mail in 2011, wiping out records from the previous two years
Data sharing deal with U.S. referred to EU's top court (Reuters) Ireland's High Court on Wednesday asked the European Court of Justice (ECJ) to review a European Union-U.S. data protection agreement in light of allegations that Facebook FB.O shared data from EU users with the U.S. National Security Agency
US Marshals Accidentally Replies All To Anonymous Bitcoin Auction Bidders In Email Fiasco (TechCrunch) In a magnificent show of technical ineptitude, today the U.S. Marshals revealed the identities of many anonymous bidders in its $18 million seized Silk Road Bitcoin auction by CC'ing them on an email thread. When one asked a question, the response was sent to 40 of the bidders, many whose names were attached or easily identifiable from their addresses, negating the whole point of the auction being anonymous. Smooth, government
FBI arrests alleged NullCrew hacker (Naked Security) Federal prosecutors have arrested and charged a Tennessee man for allegedly conspiring to attack a number of businesses and educational organisations since the middle of 2012
Hacker taunts arrested comrade after someone drops dime to FBI (Ars Technica) Timothy French, alleged member of NullCrew, arrested by Feds, thanks to helpful informant
Hacker Group Arrest in Colombia Points to Evolution of Cyber Crime (InSightCrime) Authorities in Colombia have dismantled a network of hackers accused of stealing over $5 million from electronic bank accounts, in a case that highlights the fast paced evolution of cyber crime and the potential profits it offers
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.