The CyberWire Daily Briefing for 6.20.2014
Heads up all who produce or trade in oil: Anonymous says it will resume #OpPetrol today. It may fizzle again, or perhaps not: the story is developing.
The lethal (in a business sense) attack on Code Spaces (see yesterday's issue for discussion and links) contains useful if discouraging lessons. The online collaboration platform was probably a target of opportunity, simply proving softer than other marks the criminals prospected. It's also worth reviewing your own security practices if you use a service like Amazon EC2. Note that the attack began with denial-of-service, followed by extortion, completed with data destruction triggered by the company's attempt to remediate compromise of its EC2 credentials. The DDoS itself didn't bring Code Space down — they could have handled DDoS.
DDoS incidents are on the rise (both Move and Ancestry.com sustained them this week) and they're increasingly being used in conjunction with other kinds of attack: observers compare them to smokescreens or misdirection.
Columbia University researchers crawl Google Play apps and find, disturbingly, thousands of authentication tokens in source code. Enterprises take note: the finding has implications for your BYOD policy.
Servers containing Supermicro motherboards are found broadcasting admin passwords in the clear.
More bad news on user security slackness: researchers at Carnegie Mellon, Penn State, and NIST find that many (most) subjects in an experiment were willing to download an unknown executable when offered a small payment (a dollar or less).
California and Missouri court decisions send diverse messages about banks' liability for customer data loss.
Notes.
Today's issue includes events affecting Brazil, Canada, China, Colombia, France, Germany, Israel, Italy, Kuwait, Qatar, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
#OpPetrol: Anonymous to attack major oil exporting countries on 20th June, 2014 (HackRead) The Anonymous hackers who initiated #OpPetrol in 2013 are back in news with same operation, this year on 20th June, 2014
DDoS Attack Puts Code Spaces Out of Business (PC) CodeSpaces.com closed its doors this week, following a 12-hour security breach that completely wiped its servers. Days after Feedly and Evernote were briefly forced offline by hackers demanding a ransom payment, a code-hosting service was run out of business by a similar scheme
Code Spaces Probably A 'Target of Opportunity' (Security Ledger) The spectacular collapse this week of Code Spaces, a cloud-based code repository, may have been the result of a an unspectacular "opportunistic" hack, rather than a targeted operation, according to one cloud security expert
Ancestry.com Hit by 3-Day DDoS Attack (PC) Ancestry.com became the latest target of a cyber attack, when the site was knocked offline for three days
Move says cyberattack caused realtor.com and Top Producer outages (Inman News) Access to realtor.com and Top Producer remains spotty. A "distributed denial of service attack" bombarded realtor.com and other websites operated by Move Inc. with "massive amounts of traffic," causing the extended outages experienced Wednesday, Move said in a statement
Hackers Using DDoS to Distract Infosec Staff (eSecurity Planet) Hackers are increasingly using DDoS attacks as a kind of 'smokescreen' that helps them carry out data breaches
Hackers Renege On Threat To Publish Domino's Customer Data (Dark Reading) Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data
Authentication Tokens Found in App Source Codes by the Thousands (Softpedia) Custom crawler PlayDrone was used by researchers to download and decompile over 880,000 free programs to find thousands of secret tokens that authenticate service to service communication embedded in the source code
Companies warned of major security flaw in Google Play apps (CSO) Many Android apps on Google Play contain authentication keys that can be easily taken to steal corporate and personal data
At least 32,000 servers broadcast admin passwords in the clear, advisory warns (Ars Technica) Exploiting bug in Supermicro hardware is as easy as connecting to port 49152. An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned
Yet Another BMC Vulnerability (And some added extras) (CARISIRT) After considering the matter for the past 6 months while continuing to work with Supermicro on the issues, I have decided to release the following to everyone. On 11/7/2013, after reading a couple articles on the problems in IPMI by Rapid7's HD Moore (linked at the end), I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152
Simplocker ransomware: New variants spread by Android downloader apps (We Live Security) Since our initial discovery of Android/Simplocker we have observed several different variants. The differences between them are mostly in
Research Project Pays People to Download, Run Executables (Threatpost) It's been well documented that people will give up their computer passwords for a piece of chocolate. But what would they be willing to give up for a dollar — or even a penny? Plenty as it turns out
Uh-oh, Yo has major security flaws (Quartz) Yo, the mobile messaging app that quickly rose to popularity this week with a bewilderingly simple premise — the only message it can send is "yo" — has a lot more than that lurking beneath its surface
Slow internet? Maybe you have one of 120,000 vulnerable broadband routers (Sydney Morning Herald) Is your home internet running slow? Is your monthly internet bill larger than you expected? Perhaps your home broadband router is one of the 120,000 used by Australians that is vulnerable to a new type of scam being leveraged by criminals who use them to launch cyber attacks
American Express customers receiving new breach notifications (CSO) It's been a busy month for the American Express General Counsel's Office
7 Million+ Cards Likely to Have Been Stolen in P.F. Chang's Breach (Softpedia) The computation took into consideration the possibility that the company's restaurants had in fact been leaking credit card data for a period of nine months, since September 2013
Email Breaches Expose Over 37,000 People's Data at California Colleges (eSecurity Planet) Names, Social Security numbers and birthdates were exposed, along with a variety of other information
Prank URL Shortening Service is Good Security Basics Reminder (Infosec Island) Many of us use URL shortening services on a daily basis, especially when dealing with short form communication tools such as Twitter. Of course, it pays to be vigilant when presented with a shortening service link. While it's a useful tool to have, there have always been issues with regards to your possible final destination
One in five businesses are still using Windows XP despite the risks (BetaNews) Microsoft ended support for XP two months ago, yet consumers are still proving resistant to change, and many businesses are similarly reluctant to upgrade to a newer version of Windows
Cybercriminals Zero In on a Lucrative New Target: Hedge Funds (New York Times) They say crime follows opportunity. Computer security experts say hedge funds, with their vast pools of money and opaque nature, have become perfect targets for sophisticated cybercriminals. Over the past two years, experts say, hedge funds have fallen victim to targeted attacks. What makes them such ripe targets is that even as hedge funds expend millions in moving their trading operations online, they have not made the same investment in security
Security Patches, Mitigations, and Software Updates
Android 4.4.4 fixes OpenSSL connection hijacking flaw (ComputerWorld) A new version of Android for Nexus devices is primarily a security update that patches the bundled OpenSSL library
Is Microsoft withholding Windows 7 security patches? Probably not (NetworkWorld) Researchers say Windows 8 is getting fixes that Windows 7 is not getting, but the devil is in the details
And now a word from the people invading your privacy (Quartz) Last week, as we reported, Apple made a tiny technical change that could make it more difficult for marketers to spy on you. The company changed a setting that broadcasts an iPhone's Media Access Control (MAC) address to any Wi-Fi network within range. Businesses use this to identify a phone and figure out how many times its owner has been in a shop and for how long, or where in the shop she is browsing. The change is that in iOS 8, the iPhone's new operating system due out later this year, your Apple device will broadcast a random "fake" MAC address, which will make tracking somewhat more difficult, unless you actually connect it to a Wi-Fi network
Cyber Trends
Sophisticated malware, lack of threat intelligence: Key factors in growing number of successful attacks (BDaily) Check Point has today announced the findings of a survey showing that a combination of progressively more sophisticated malware and lack of intelligence about new security threats are key reasons for the growing number of successful malware attacks.
10 Ways To 'Fix' Cybersecurity (Forbes) Security reporter Byron Acohido and I asked ten cyber-experts to offer up their best ideas for stemming the threats we face when it comes to digital security. Note: Almost every one of them muttered something about there being no silver bullets
What Workplace Privacy Will Look Like In 10 Years (Dark Reading) New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing
Marketplace
A third of boards remain in the dark on cyber defence status (Information Age) 'Cyber resilience' increasingly overtaking 'cyber security' as companies' prevailing defensive objective
Cisco's Acquisition Of ThreatGRID Fine-Tunes Cyber Security Division (GuruFocus) Cisco acquires ThreatGRID, a NYC startup, for an undisclosed sum. ThreatGRID will join SourceFire, acquired last year, in Cisco's bid to expand its role in cyber security. ThreatGRID also helps Cisco realize its dream to offer the Internet of Everything to its clients. This acquisition positions Cisco well as a company to buy as its stock will increase in value
Cisco mum on future of ThreatGrid's partnership arrangements (NetworkWorld) Cisco is clear on integration of ThreatGRID into Cisco's AMP and Cisco security products
ForgeRock Raises $30M for Open-Source Identity-Relationship Tech (eWeek) ForgeRock's $30 million capital injection will help the company drive adoption of identity-relationship management technology
Target CISO takes over at a time of consumer anger with data breaches (FierceITSecurity) Target's new chief information security officer Brad Maiorino takes the reins of the retailer's IT security program at a time of growing consumer anger at retailers for data breaches
FireEye (FEYE) Taps Mandiant's McGee as Privacy Chief; Forms New Global Privacy Group (StreetInsider) FireEye, Inc. (Nasdaq: FEYE) announced the appointment of Shane McGee as chief privacy officer. McGee, previously general counsel and vice president of legal affairs at Mandiant, will assume responsibility for growing and governing a new global privacy program that will establish data protection standards and lead industry improvement initiatives
CSG Invotas Appoints Paul Dorey to Advisory Board (MarketWatch) CSG Invotas, the enterprise security business from CSG International (NASDAQ: CSGS), today announced the addition of Paul Dorey, Visiting Professor in the Department of Mathematics' Information Security Group at Royal Holloway College, University of London, to its advisory board
Products, Services, and Solutions
TrueCrypt mystery — forking weirder than before (Naked Security) Naked Security readers will be well aware of the great TrueCrypt mystery. TrueCrypt is, or was, a long-running software project that claimed to provide strong encryption software that you could use for free on Windows, Linux and OS X
Thales launches Critical 48, a new UK-based 24/7 Cyber Incident Response Service (IT News Online) Thales UK have announced the launch of Critical 48, a new cyber incident response service that delivers a low-risk, high-value response for the critical first 48 hours of a cyber-incident
SENGEX to Showcase Expanded Cyber Security Capabilities at AFCEA Cyber Symposium (PRWeb) Enhanced mobility and Intrusion Detection security solutions focused on protection from evolving risks
BitSight Security Ratings for Benchmarking Improves Security Performance Awareness for Executives & Boards (Digital Journal) BitSight Technologies, the standard in Security Ratings, today announced BitSight Security Ratings for Benchmarking. The first-of-its-kind solution enables anyone from C-level executives to board members to IT professionals to quantify their security performance, measure the success of their overall security program and benchmark that over time and against an industry, individual peers or competitors
Technologies, Techniques, and Standards
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream (Dark Reading) Free software automates the setup, management of honeypots for enterprises
Pen Testing Payment Terminals: a Step-by-Step How-to Guide (Blog: SANS Penetration Testing) There is plentitude of payment terminals out there and the design principles vary quite a bit. The ones I have run into in Finland appear to be tightly secured with no attack surface. At first glance, that is. These generally open only outbound connections and use SSL encryption to protect the traffic. Here, I explain why testing a simple, tightly secured payment terminal is not as simple as one might think
As iPhone thefts drop, Google and Microsoft plan kill switches on smartphones (ITWorld) After a year of pressure, U.S. law enforcement officials announce a major success in their phone anti-theft push
Identity theft consequences and tips to stay secure (Help Net Security) In this interview, Tom Feige, CEO of idRADAR, shares alarming identity theft stories, explains the consequences of getting your identity stolen, offers advice to organizations that want to prevent their employees from becoming victims of identity theft, and more
Authorization model for home automation (Help Net Security) Smartphones promise to play an important role in the management and control of Home Automation (HA) solutions. When things and devices have either no or a constrained user interface (UI), the phone's display becomes more and more relevant to managing devices. Additionally, new capabilities for biometric authentication to the phone such as Apple's Touch ID will help secure these management features
Technology key to secure document future, says UK Home Office (ComputerWeekly) Physical security is just as important as digital security in documents such as passports, according to Frank Smith, strategy co-ordinator for the Home Office biometric programme
If you lose your key staff, are you prepared to maintain security? (CSO) Leaders need to assess and prepare for the security impact of key people leaving the organization while making it better for those who stay
Do you have what it takes to Detect and Respond to Targeted Attacks? (Trend Micro Simply Security ) With the topic of targeted attacks and advanced threats capturing so much attention as of late, you could be forgiven for some initial scepticism on yet another article on the subject. However, despite the justifiable attention to the topic, the truth is that targeted attacks are a major yet relatively unmanaged threat to your data and intellectual property. Before you develop a list of options to the problem, it is crucial to consider the nature of the problem from the eyes of your adversary… that being the attacker
Design and Innovation
Hackers reverse-engineer NSA spy kit using off-the-shelf parts (The Register) Expect a busy DEFCON with lots of new pwnage products
This Tool Boosts Your Privacy by Opening Your Wi-Fi to Strangers (Wired) In an age of surveillance anxiety, the notion of leaving your Wi-Fi network open and unprotected seems dangerously naive. But one group of activists says it can help you open up your wireless internet and not only maintain your privacy, but actually increase it in the process
Academia
Girls Who Code kicks off summer immersion program (SC Magazine) A nonprofit focused on equipping young women for opportunities in tech-related fields has launched its 2014 Summer Immersion Program. Started by the organization, Girls Who Code, the program expects to reach 380 high-school girls in classes throughout New York, Boston, Miami, Seattle and the San Francisco Bay Area
High School Students Attend Boot Camp to Fight Cyber Crime (Times of San Diego) Some of San Diego's most computer-savvy high school students are learning how to hack a network in order to prepare themselves for a career in cyber security
Cybersecurity center earns DHS, NSA designation (Phys.org) Kansas State University's cybersecurity center is receiving national recognition for its dedication to cutting-edge research
Number of STEM College Degrees and Jobs on the Rise (SIGNAL) Here's a little good news for students who not only are college-bound, but who want to or plan to study in the fields of science, technology, engineering and mathematics, or STEM, according to a government watchdog report
Legislation, Policy, and Regulation
Indian officials see cyber threats from Wassenaar arrangement (Economic Times ) An inter-ministerial panel has expressed apprehension about changes in the list of software items that a group of 41 nations like the US and the UK can export to non-member countries like India
China ardently denies cyperspying accusations (EET India) This is first of a three-part series examining the fallout on industry from China's alleged cyber spying. Today we review history: piecing together the evidence of proof that spying and how costly industrial espionage is. Science writer Kevin Fogarty takes an in-depth look for EE Times. Despite years of accusations and mounting
GCHQ promotes collaborative action (SC Magazine) The IA14 Conference in London on Monday concluded with GCHQ director, Sir Iain Lobban, giving an insight into how GCHQ sees its role protecting and supporting UK citizens, industry and the economy
Former UK security minister calls for tighter surveillance law (ComputerWeekly) Former UK security minister Pauline Neville-Jones has called for the law governing mass internet surveillance to be tightened up
Private bill would increase oversight of Canada's electronic spy service (Canadian Press via the Times Colonist) A private member's bill sponsored by the Liberal defence critic would bolster oversight of Canada's electronic eavesdropping agency by transferring some ministerial powers to the courts
House backs limits on NSA spying (AP via Fox News) House libertarians and liberals banded together for a surprise win in their fight against the secretive National Security Agency, securing support for new curbs on government spying a year after leaker Edward Snowden's disclosures about the bulk collection of millions of Americans' phone records
House Votes To Cut Key Pursestrings For NSA Surveillance (Wired) The House of Representatives may have only passed a puny attempt to reform the NSA's surveillance activities last month. But on Thursday evening it swung back with a surprising attack on a key element of the agency's spying programs: their funding
U.S. government's civil war over civil liberties (Salon) The State Department is now touting itself as a proponent of Internet privacy. It's not as ridiculous as it sounds
Senators fear plan will muzzle whistleblowers (The Hill) A bipartisan pair of senators fear that new Obama administration intelligence policies could crack down too hard on whistleblowers
Unto the Breach (Slate) The FCC chairman shouldn't make government regulation of cybersecurity seem like a last resort
Pentagon cyber unit wants to 'get inside the bad guy's head' (Washington Post) After several years of planning, the Pentagon's Cyber Command is finally beginning to conduct operations such as tracking adversaries overseas to detect attacks against critical computer networks in the United States, according to a senior defense official
Army aware, but wary of cyber warfare challenges (Fort Leavenworth Lamp) Army senior leaders posit that communications technology is being developed and put into use inside the Army before its vulnerability to cyber-attacks has been fully evaluated
Litigation, Investigation, and Law Enforcement
Bank Not Liable for Customer's $440,000 Cybertheft (CIO) A Missouri escrow firm that lost $440,000 in a 2010 cyberheist cannot hold its bank responsible for the loss an appeals court said this week affirming a lower court's previous ruling on the issue
Oil Co. Wins $350,000 Cyberheist Settlement (Krebs on Security) A California oil company that sued its bank after being robbed of $350,000 in a 2011 cyberheist has won a settlement that effectively reimbursed the firm for the stolen funds
FCC issues largest fine in history to company selling signal jammers (The Verge) The Federal Communications Commission is laying down its largest fine ever against a Chinese retailer that's allegedly been selling hundreds of models of illegal signal jammers over at least the past two years. The online retailer, CTS Technology, is being given a fine of $34.9 million, the maximum that the FCC can issue in this instance
Colombia peace talks spying suspect receiving death threats: Attorney (Colombia Reports) A former campaign worker of ex-presidential candidate Oscar Ivan Zuluaga, accused of spying on ongoing peace talks with rebel group FARC, is receiving death threats, the suspect's attorney told local media on Tuesday
Cops hid use of phone tracking tech in court documents at feds' request (Ars Technica) ACLU uncovers e-mails regarding Stingray devices borrowed from US Marshals Service
Google and Microsoft want to kill your phone if it's stolen. Do you feel safer? (Naked Security) The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems
Google forced to e-forget a company worldwide (Naked Security) Likely inspired by Europeans winning the right to be forgotten in Google search results last month, a Canadian court has ruled that Google has to remove search results for a Canadian company's competitor, not just in Canada but around the world
Federal judge dismisses lawsuit alleging JBLM "spy" violated Olympia protesters' civil rights (The Olympian) A federal judge in Tacoma has dismissed a federal civil rights lawsuit alleging that former Joint Base Lewis-McChord employee John Towery violated the civil rights of Olympia anti-war protesters when he infiltrated the group under an assumed name in 2007 and reported on their activities to his superiors
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Detroit SecureWorld (Detroit, Michigan, USA, Sep 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
St. Louis SecureWorld (, Jan 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Indianapolis SecureWorld (Indianapolis, Indiana, USA, Oct 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute, will deliver the opening keynote. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Denver SecureWorld (Denver, Colorado, USA, Oct 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Dallas SecureWorld (Dallas, Texas, USA, Oct 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Seattle SecureWorld (Seattle, Washington, USA, Nov 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.