The CyberWire Daily Briefing for 6.25.2014

Cyber Attacks, Threats, and Vulnerabilities

Analyzing the ISIS "Twitter Storm" (War on the Rocks) For the last eighteen months we've been closely monitoring the Syrian conflict. One of the ways we do this is through social media, using a range of tools to aid our work. For Twitter, we use Palantir's Torch platform — a data analysis and visualization program — and decided to use it to analyze Friday's ISIS #AllEyesOnISIS "twitter storm"

Jihadists in Iraq hijack World Cup hashtags (ComputerWeekly) The militant Islamic group ISIS, which is battling for control of several major cities in Iraq, is hijacking Twitter hashtags for the 2014 World Cup to spread its message

World Cup security well executed if you don't count the Wi-Fi (Naked Security) Without a doubt, the world is watching the World Cup and it has been going swimmingly from a security standpoint

Government of Punjab, Pakistan Website Hacked Against Police Brutality (HackRead) Pakistani hackers are furious over police brutality on their citizens. Last week it was the website of Pakistan Electric Power Company (Private) Limited (PEPCO) targeted against shooting bullets at protesters

International Federation of Journalists deplores cyber attack on pro-democracy news websites (International Federation of Journalists via the Imperial Valley News) The International Federation of Journalists (IFJ) condemns the massive cyber attack on a Hong Kong media group, which was clearly aimed at suppressing press freedom

European bank 'hit by sophisticated cyber-thefts' (BBC) A security firm has reported uncovering evidence of cyber-thieves robbing more than 190 customers of a European bank

The Luuuk banking fraud campaign: half a million euros stolen in a single week (Kaspersky Lab) The experts at Kaspersky Lab's Global Research and Analysis Team have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million Euros from accounts in the bank. The first signs of this campaign were discovered on 20 January this year when Kaspersky Lab's experts detected a C&C server on the net. The server's control panel indicated evidence of a Trojan program used to steal money from clients' bank accounts

Duo Security Researchers Uncover Bypass of PayPal's Two-Factor Authentication (Duo Blog) Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal's two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service — an API used by PayPal's official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves

Spyware subsidizes high-end Android phone (ZDNet) We're all used to crapware subsidizing Windows PCs. Now firmware-based spyware is subsidizing Android phones. Here's what to look for

How governments devise custom "implants" to bug smartphones (Ars Technica) Post provides rare glimpse inside Android-based "lawful intercept" app

Improperly anonymized taxi logs reveal drivers' identity, movements (Help Net Security) Software developer Vijay Pandurangan has demonstrated that sometimes data anonymizing efforts made by governments and businesses are worryingly inadequate, as he managed to easily deanonymize data detailing 173 million individual trips made by New York City taxi drivers

Risks of Not Understanding a One-Way Function (Schneier on Security) New York City officials anonymized license plate data by hashing the individual plate numbers with MD5. (I know, they shouldn't have used MD5, but ignore that for a moment.) Because they didn't attach long random strings to the plate numbers — i.e., salt — it was trivially easy to hash all valid license plate numbers and deanonymize all the data

Beware Flappy Bird clones carrying malware (USATODAY) Scratching the Flappy Bird itch could be dangerous, a report by computer security company McAfee finds. "Of the Flappy Bird clones we sampled, almost 80% contained malware," said Brian Kenyon, chief technical strategist at the Santa Clara, Calif.-based company

Cybercriminals exploit trusted app and service vulnerabilities (Help Net Security) The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware at the beginning of 2014

Atypical cloned banking app pops up on Google Play (Help Net Security) An unusual instance of a cloned banking app has been spotted on Google Play by Lookout researchers: the app steals only the users' ID, and leaves alone the password

Cross-Platform Mobile Threats: A Multi-Pronged Attack (TrendLabs Security Intelligence Blog) Cross-platform threats can be dangerous, both at home and in the office. These can 'jump' from one platform to another, or target all of them at the same time — potentially infecting a user's entire network, or even a company's network if left unchecked. The risk to critical data and system functionality, not to mention overall network security, can be catastrophic if not mitigated properly

KnowBe4 Alerts Users: CryptoLocker Threat Variant Goes Stand Alone (Insurance News Net) Even with the recent international law enforcement "Operation Tovar" shutting down Cryptolocker operations, it appears the number one ransomware Trojan is back in business. KnowBe4 reports a new strain of the infamous CryptoLocker has been found. The new Trojan does not rely on the 2048-bit RSA encryption and does not need any communication with a Command & Control server to work. It operates stand-alone, and the extensions of affected files are switched to .cryptolocker after encryption

JackPOS — Another Credit Card Stealer (Fortinet Blogs) In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of malware, dubbed JackPOS, was detected early this year and between then and the time of writing, has had just one version, but with multiple variants

PlugX RAT With "Time Bomb" Abuses Dropbox for Command-and-Control Settings (TrendLabs Security Intelligence Blog) Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among others, are well-known and can be detected, threat actors still effectively use these tools in targeted attacks

Fewer NTP servers can be abused to amplify DDoS attacks, but threat remains (IDG via CSO) The number of NTP (Network Time Protocol) servers that can be abused to amplify DDoS attacks has decreased dramatically this year, but the threat remains

Hospital Networks Are Leaking Data, Leaving Critical Devices Vulnerable (Wired) Two researchers examining the security of hospital networks have found many of them leak valuable information to the internet, leaving critical systems and equipment vulnerable to hacking

Aviva's iPhones hit by Heartbleed hack (Cable) Insurance firm Aviva has fallen victim to a major cyber attack that targeted workers' iPhones

BBC News app hijacked? Bogus breaking news alerts posted (Graham Cluley) The popular BBC News smartphone app appears to have been hijacked, or at least its "Breaking News" feature, by mischief-makers who are popping up messages on users' devices…It's good to know that the app hasn't been compromised, and this is just the BBC goofing up in a fairly harmless way. Hopefully they will be more careful next time

Spam, talk about false advertising (Internet Storm Center) SPAM SPAM SPAM, It never fails to entertain. Like most of you I get my fair share of SPAM and like a number of you I will happily click links (not a recommendation) and follow the little yellow brick road to whatever malware or "sales" opportunity presents itself. This one was just a bit more random than others I've received lately

A peek inside the online romance scam. (Webroot Threat Blog) Online dating can be rough, and no matter how many safeguards are in place in the multiple legitimate dating websites out there, the scammers are getting around the blocks and still luring in potential victims. While the reports of these types of scams are out there (even with copy and paste examples of the e-mails used), people still fall for the scams every day. In this particular case, it was my profile on eHarmony that was targeted, and this is my recount of it

False Stoned virus detections in Bitcoin files are widespread (ZDNet) Some joker stuffed the virus signature into the return address for a Bitcoin transaction leading to Stoned virus detections when transactions are stored on-disk

State of Montana sends out 1.3 million data breach notifications (CSO) Notification letters from the State of Montana started to be sent out this week outlining that they had suffered a data breach which affects 1.3 million people

Security Patches, Mitigations, and Software Updates

VMSA-2014-0007 VMware product updates address security vulnerabilities in Apache Struts library (VMware Security Advisories) The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues

Cyber Trends

Who is ultimately responsible for data security in the cloud? (Help Net Security) A recent report following Infosecurity Europe 2014 suggested that 43 per cent of organisations had no enterprise visibility or control into whether employees were putting sensitive data into the cloud. Furthermore, a new survey has shown that almost half of firms say they already, or plan to, run their company from the cloud. Both of these findings clearly demonstrate just how integral the cloud is becoming to businesses

Private Companies Face Collapse From Cyber Attacks (SIGNAL) Firms that are not taking cybersecurity seriously enough could pay the ultimate price

Corporate Culture Key to Private Sector Cybersecurity (SIGNAL) Company leadership must play a greater role or else face departure after a cyber attack

The quantum cryptography arms race has begun (InfoWorld) Quantum computing may be taking its time to arrive, but when it does, encryption won't be the same again

Credit and debit card fraud eating away at consumer confidence in providers (TechWorld via CSO) Credit and debit card fraud is starting to erode confidence in providers, with many consumers using cards less often or abandoning them altogether after fraud incidents, a global survey of 6,100 consumers by ACI Worldwide has reported

Marketplace

Three Items Top Cyber Command's Industry Wish List (SIGNAL) Government technology alone will not address all of the command's challenges

Is privacy undermining trade in digital services? (ComputerWeekly) Since Edward Snowden lifted the lid on the US National Security Agency's (NSA) surveillance secrets there has been a lot of fretting about spies. It is not a new issue, but more people are now talking about keeping data in places beyond the legal reach of any foreign government

Microsoft and the future of cyber-security (The Nation) US giant sets out its strategy, commitment to keeping devices and users safe in a rapidly developing tech-driven world

Should We Trust Google With Our Smart Homes? (Wired) John Matherly operates what you might call the search engine for the Internet of Things. It's called Shodan, and it lets you probe the net for all sorts of online devices, from refrigerators and swimming-pool control panels to webcams — lots and lots of webcams

RedOwl Analytics raises $4.6M; Kevin Plank among investors (Baltimore Business Journal) Baltimore cyber security firm RedOwl Analytics has closed on a nearly $5 million funding round, with investors including Under Armour Inc. CEO Kevin Plank

CyberArk Files Registration Statement for Proposed Initial Public Offering (MarketWatch) CyberArk, a global leader and pioneer of a new layer of IT security solutions, today announced that it has publicly filed a registration statement on Form F-1 with the U.S. Securities and Exchange Commission (SEC) relating to a proposed initial public offering of its ordinary shares. The number of shares to be offered and the price range for the proposed offering have not yet been determined. CyberArk has applied to list its ordinary shares on the Nasdaq Global Select Market under the ticker symbol "CYBR"

Barnes & Noble is splitting into two companies: one for Nooks and one for books (The Verge) Company plans to spin-off its flagging hardware business after recent Samsung partnership

Akamai Positioned in the "Challengers" Quadrant of the Magic Quadrant for Web Application Firewalls (Wall Street Journal) Akamai® Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today announced the company has been positioned by Gartner, Inc. in the "Challengers" quadrant of the Magic Quadrant for Web Application Firewalls

New UK cybersecurity training scheme prepares for hackers (C/NET) Government and business are under constant cyber attack and must learn to "take the hit," says the director of a new cybersecurity training programme

The Ramp with 5 Levels: Top 50 Information Security Interview Questions (Infosec Institute) Let's face it, Information Security has about a bazillion possible questions at any given interview across a wide variety of possible topics. On top of that, InfoSec means a lot of different things to a lot of different people

Symantec Cyber Connection (SC3) Program Overview (Digital Journal) Symantec today announced the launch of a first-of-its-kind program, the Symantec Cyber Career Connection (SC3), to address the global workforce gap in cybersecurity and provide new career opportunities for young adults who may not be college-bound

Sen. Landrieu secures $15.8 for Bossier's Cyber Innovation Center (ArkLaTex) The Chair of the Senate Homeland Security Appropriations Subcommittee, U.S. Sen. Mary Landrieu announced Tuesday that she has included $757 million for cybersecurity programs including $15.8 million for the Cyber Innovation Center in Bossier City

Pwnie Express Appoints Edwin Marin as Vice President of Product Management and Engineering (PRWeb) Marin brings over 20 years of proven enterprise SaaS, security and networking experience to company

Products, Services, and Solutions

Darktrace Announces New, Self-Learning Cyber Intelligence Platform (Digital Journal) Enterprise immune system addresses insider and external threats. Darktrace, founded by world-class machine learning specialists and operational government intelligence experts, today announced the launch of its self-learning Darktrace Cyber Intelligence Platform version 2. Darktrace gives customers the ability to detect anomalies in real time that go undetected by existing security tools, thanks to its ground-breaking Enterprise Immune System technology that learns 'self' and what is normal and abnormal activity within an organization

Fasoo Announces New Partnership with Neocol to Enhance IBM ECM Security (PRWeb) Neocol adds Fasoo Enterprise Digital Rights Management (EDRM) solutions to help its Enterprise Content Management (ECM) customers mitigate risk

Arxan Launches Customized Assessment to Identify Mobile App Exposures at Gartner Security & Risk Management Summit (MarketWatch) Enterprises can now receive a comprehensive, complimentary report within 48 hours

Agiliance Introduces First NIST Cybersecurity Framework Security Checklist and Best Practices Content Pack (MarketWatch) Packaged intelligence in RiskVision platform automates organizational assessments and continuous management of cyber security risks

Privilege Management Provides Defense Against Land-and-Expand Cyber Attacks (MarketWatch) Lieberman Software explains how advanced persistent threats (APTs) are almost impossible to stop, but damage can be limited with privilege management and secure network design

OPSWAT Releases GEARS Application for Device Security and Advanced Threat Detection (Digital Journal) OPSWAT today announced the official release of the GEARS application. This free software helps users identify if their computer is at risk or compromised by providing greater visibility into the status of installed security applications and alerting them to potential advanced threats. The release of this new application extends the capabilities of the GEARS cloud-based network security management platform to individual users and computers

Tufin's Authoritative Solution For Automated Network Segmentation Management Fortifies Security And Drives Business Agility (Insurance News Net) Tufin®, the market-leading provider of Security Policy Orchestration solutions, today announced a new version of its award winning Tufin Orchestration Suite. This new version extends Tufin's Unified Security Policy™ into SecureChange®, its Network Change Automation platform, bringing best of breed management, visibility and automation to enterprise network security policies

WatchGuard Brings Advanced Persistent Threat Protection (APT) to the Masses (Enterprise Working Planet) Seattle-based WatchGuard Technologies has deployed a new operating system for its family of security appliances and Next Generation Firewalls (NGFW). Fireware OS 11.9 incorporates advanced security technologies, such as an APT (Advanced Persistent Threat) protection service, as well as improved application security controls

CSC brings three enhanced offerings under Cloud Cybersecurity Services (Infotech Lead) CSC has announced its three enhanced cloud cyber security services — Cloud Endpoint Protection (CEP), Cloud Managed Vulnerability Assessments (CVMA), Cloud Security Incident and Event Monitoring (CSIEM), which offer to protect CSC cloud from constant threats

CyberSponse, Inc. Announces CyberSponse IR360° — Tier 4–Compliant Cybersecurity Incident Response Platform (Dark Reading) Workflow automation, command and control gives corporate incident response teams the power to manage risk, protect valuable assets, and reduce costs & risk associated with enterprise security operations

Battling The Bot Nation (Dark Reading) Online fraudsters and cyber criminals — and even corporate competitors — rely heavily on bots, and an emerging startup aims to quickly spot bots in action

Technologies, Techniques, and Standards

FDA issues social media guidance (FierceMobileHealthCare) Two new draft federal guidance documents published by the U.S. Food and Drug Administration focus on regulation of medical products and electronic digital platforms and correcting information regarding such devices and prescription drugs via Internet communication platforms

Will perimeter firewalls give way to 'RASP'? (NetworkWorld) Gartner analysts debate value of perimeter firewalls vs. "Runtime Application Self-Protection"

Extending Debuggers (Infosec Institute) Sometimes we come across situations when we are in need of doing something inside our debuggers or to extend the functionality of them. For such things, debuggers usually provide an API interface to extend or provide extra functionality for the debugger

Hackers show how to protect your iPhone (CNN Money) Here's one way to make your iPhone hacker-proof: Ask hackers for advice

Six Steps Small Businesses Can Take to Assure Bank Account Security (Kaspersky Lab) If cybercriminals were lions, small business would be a herd of antelope. Rarely are they individually targeted; the lioness simply takes down the weakest one. So, it's all about survival of the fittest: follow a few safety rules that the rest of the herd doesn't know, and your business could remain breach-free for another year

Former NSA director advocates for thin client cloud security model (TechTarget) More than a year after Edward Snowden leaked confidential information about the breadth of the National Security Agency's domestic intelligence-gathering, the former head of the NSA staunchly defended the agency's actions while advocating for enterprises to adopt the computing paradigm that helps keep the NSA's systems secure

Stronger Keys and Faster Security with ECC (SYS-CON Media) Anyone who has been involved with security knows there is a balance to providing both security and privacy and performance at the same time. Security is often blamed for performance woes, particularly when cryptography is involved

To Pay or Not to Pay — That's the Ransomware Question (TechNewsWorld) "The key is to remove power from the extortionists, and you do that by backing up your system regularly," said Kenneth Bechtel, a malware research analyst with Tenable Network Security. "This basic best practice is cheap and easy, thanks to removable hard drives. With backups, there's no need to pay the ransom to get your data back or interact with extortionists in any way"

Kenneth van Wyk: If you want developers to give a hoot about security, take a lesson from the squirrels (ComputerWorld) The problem with all too many software developers, from a security professional's point of view, is they lack a healthy sense of mistrust

Research and Development

hitchBOT — Privacy invading hitchhiking robot or fun social experiment? (Naked Security) Would you trade your password for a candy bar? The candy may be delicious but the potential harm surely isn't

Academia

Why cyber security is a safe choice for a postgrad degree (The Guardian) Graduates who know how to protect data from online attacks are in high demand

Mary Ann Hopkins: Parsons-BHEF Team Aims to Help DC Region Build Cyber Workforce (ExecutiveBiz) Parsons is collaborating with the Business-Higher Education Forum to create a Greater Washington Cyber Network of cybersecurity professionals from academia, industry and government from Maryland, Northern Virginia and Washington, D.C.

Northrop Grumman's Woodland Hills Facility Selects Winners in Seventh Annual Engineering Scholars Competition (Wall Street Journal) Northrop Grumman Corporation's (NYSE: NOC) Woodland Hills facility has announced the two winners of its seventh annual Engineering Scholars program, which will provide $20,000 in college scholarships to high school seniors in the greater San Fernando Valley area interested in studying engineering, computer science, physics or math

Legislation, Policy, and Regulation

Russian Bureaucracy's Race to Police the Web (Global Voices) Russia's lawmakers and police are in a race to take control over the Internet. For more than two years, the parliament has spewed out legislation that imposes new restrictions on Internet use. Now, engorged by these new laws, Russia's authorities can legally shut down, lock up, or block off just about anything happening online. The Kremlin has been careful to avoid targeting Russia's e-business sector, but political expression on the Web has become increasingly unsafe

May calls for data access changes (Belfast Telegraph) At least 20 cases have been dropped by the National Crime Agency (NCA) in six months as a result of missing communications data — including 13 threat-to-life scenarios involving children, the Home Secretary has revealed

Editorial: Finally Dealing with the NSA, Congress finds its spine (Seattle Times) To pass overdue reforms of the National Security Administration's spy powers, Congress is regrowing its oversight spine

Summary of Homeland Security bill approved by approps subcommittee this morning (Insurance News Net) The U.S. Senate Appropriations Subcommittee on Department of Homeland Security today approved fiscal year 2015 funding legislation that totals $47.2 billion, $643 million above the fiscal year 2014 enacted level. Of this total, $45.65 billion is for discretionary programs, including $213 million for Coast Guard overseas contingency operations and $6.4 billion for the Federal Emergency Management Agency (FEMA) Disaster Relief Fund. After excluding these two adjustments, the net discretionary appropriation for the Department of Homeland Security (DHS) is $39 billion. Even with this modest increase, discretionary appropriations for DHS have declined by 8.3 percent since fiscal year 2010

Agency heads hash out critical infrastructure protection roles (Federal Times) Top cybersecurity leaders in government are now hashing out how various cybersecurity-related agencies will handle the mission to protect critical infrastructure from cyber attacks

DHS Focuses on Physical Damage Via Cyber Attacks (SIGNAL) What is happening in cyberspace is secondary to its effects elsewhere for homeland security

NSA's Rogers: JIE crucial to cyber defense (FCW) The Defense Department's move to a Joint Information Environment cannot come soon enough for National Security Agency Director Adm. Michael Rogers, who said June 24 that the department-wide IT platform will provide DOD the network visibility it needs to repel cyberattacks

NSA Director Michael Rogers is encouraging employees to leave the agency (and hopefully return some day) (Baltimore Business Journal) National Security Agency chief Adm. Michael S. Rogers has been on the job for only about 90 days, but he has big plans for bolstering the agency's workforce of the future

Why Americans, like Europeans, should be able to scrub their online search results (Quartz) Based on the uproar from American internet and legal experts, I had assumed a privacy ruling by the European Union Court of Justice in May was an assault on free speech and our right to information. I also assumed it would mostly be sex offenders or hucksters who would ask to have a search term delinked from something they don't like on the web

Litigation, Investigation, and Law Enforcement

Microsoft's Top Lawyer Slams Secret Surveillance Court (Wall Street Journal) The U.S.'s secret surveillance court is unaccountable to the public and not "inclined to promote justice," Microsoft's top lawyer said Wednesday

Former News of the World editor Andy Coulson found guilty of phone-hacking (Deutsche Welle) A former editor of a now defunct British tabloid has been found guilty of phone hacking. The trial was triggered by revelations that the paper had for years been hacking phones for news stories

Cupid Media data breach shown no love by Privacy Commissioner (ComputerWorld) Investigation found that 254,000 user details were stolen, company breached Privacy Act

The 'Fly' Has Been Swatted (Krebs on Security) A Ukrainian man who claimed responsibility for organizing a campaign to send heroin to my home last summer has been arrested in Italy on suspicion of trafficking in stolen credit card accounts, among other things

$800,000 Penalty for Paper Records Breach (Healthcare InfoSecurity) An $800,000 HIPAA settlement between the Department of Health and Human Services and an Indiana community health system for an incident involving paper records dumping is the latest reminder that patient information needs to be safeguarded regardless of whether it's electronic or paper-based

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.

DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

Interop New York (New York, New York, USA, Sep 29 - Oct 3, 2014) Interop is the leading independent technology conference and expo series designed to inform and inspire the world's IT community. Through in-depth educational programs, real-world demos, Interop showcases the most powerful innovations and solutions the industry has to offer and provides the forum for the world's largest celebration of IT professionals.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Israel HLS 2014 (Tel Aviv, Israel, Nov 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.

SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.

Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.