The CyberWire Daily Briefing for 7.9.2014
The indirect road through security think tanks Deep Panda is taking to targets in Iraq (and elsewhere) is paved with Windows PowerShell, exploitation of which can be subtle and easily overlooked. The Chinese government dismisses allegations of its involvement in the campaign on the high-minded grounds of hacking's illegality, etc.
FireEye investigates disclosures of vulnerabilities in its security products NX, EX, AX, FX, and CM (and patches the same).
Passcape Software reports that a Windows Server DPAPI vulnerability could expose data to unauthorized decryption.
Adobe, Google, and Twitter patch quickly to fend off the Rosetta Flash attack (and other vendors are rapidly doing the same) but the risk remains a real one, so please take head of the fixes.
Microsoft's Patch Tuesday is called "light" ("OS administration teams will be busy, application administrators get the month off," summarized Help Net Security) but others are also patching this week, Adobe, Yahoo, WordPress, and FireEye among them.
As regulation tightens and exposure to litigation grows, corporate boards hustle to limit their cyber risk.
Stock analysts devote some attention to the cyber sector, offering an interesting perspective on how interested outsiders view the industry.
SIFMA's call for a government-industry cyber war council amounts to a plea for significantly enhanced cyber intelligence sharing and a more responsive active defense posture. But policy mavens receive it coolly, doubting that anything requiring "a meeting of eight undersecretaries" will achieve anything resembling responsiveness.
Microsoft, weary of its role as "the Internet's Dirty Harry," seeks partners in takedowns.
Notes.
Today's issue includes events affecting Australia, China, Germany, Greece, Iraq, Romania, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese hackers target US national security think tanks (ZDNet) China's Deep Panda group has switched its focus from US tech firms and southeast Asia to snoop on national security policy research organizations and non-profit think tanks related to Iraq and the Middle East
Advanced attack group Deep Panda uses PowerShell to breach think tanks (SC Margazine) An advanced nation-state attack group in China is spying on new victims, and making use of Windows PowerShell to infiltrate think tanks and leave little evidence of their exploits
UPDATE 1-China dismisses claims of links to hackers targeting Iraq experts (Reuters) China on Tuesday disputed claims by CrowdStrike, a U.S. security firm, that a group of hackers it calls "Deep Panda" is linked to unnamed Chinese government officials, saying the firm was merely seeking publicity
FireEye investigating recent vulnerability disclosures (CSO) Researcher says they were fired for disclosing vulnerabilities
DPAPI vulnerability allows intruders to decrypt personal data (Help Net Security) Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems
Google Drive Found Leaking Private Data — Another Warning About Shared Links (Collaborista) A disturbing privacy problem has been discovered in Google Drive which could have resulted in sensitive personal or corporate information stored on the cloud service being accessed by unauthorised parties
Popular websites vulnerable to Rosetta Flash attack, Google security researcher warns (Graham Cluley) Adobe has released a new version of Flash Player, and it's important that everyone with a vulnerable computer applies the update at the earliest opportunity
"Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. (Ars Technica) Google and Twitter already patched against potent "Rosetta Flash" attack
Amplification DDoS attacks: an evolving threat you can't afford to ignore (IT Security Guru) What's keeping you awake at night? If there is any single current trend in the cyber security world causing CSOs to lose sleep, it's likely to be the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks
Dispelling the myths behind DDoS attacks (Help Net Security) Distributed Denial of Service (DDoS) attacks are quickly becoming the preferred method for cyber attackers to wreak havoc on the internet. With a recent spate of attention grabbing headlines focused on the hacker's favorite tool, this article busts some myths about DDoS attacks
Risks of selling used smartphones (Help Net Security) AVAST Software easily retrieved personal data from used smartphones sold online, despite consumers deleting their data. From the used devices, researchers was able to recover more than 40,000 personal photos, emails, text messages, and — in some cases — the identities of the sellers
A new algorithm makes it possible to decipher passwords from videos taken by Google Glass or other video recording devices (ValueWalk) It turns out that it's no longer safe to type in passwords when using a connected device in public even if no one's looking over your shoulder. It was announced today that computer forensics experts at the University of Massachusetts in Lowell have discovered a method for stealing a password entered on a smartphone or tablet using video taken Google Glass or other video-capturing devices
Threat Spotlight: "A String of Paerls", Part 2, Deep Dive (Snort Vulnerability Research Team) In part one of our two part blog series on the "String of Paerls" threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables
PwnStar — Script for multi attack (for all your fake-AP needs!) (Kitploit) A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3
E-ZPass Spam leads to Location Aware Malware (Cybercrime and Doing Time) If you drive in a city with toll roads, you are familiar with the E-Z Pass System. If you are, you may have been tempted to click on an email that looked like this
Don't trust Facebook emails claiming unread messages will be deleted (Graham Cluley) At first glance, you might be tricked into believing that this is a legitimate email message from Facebook
Cyber attack hits guests at Houstonian Hotel (Houston Chronicle) At least 10,000 customers of the Houstonian Hotel, Club & Spa have been notified that the hotel's credit card processing system was breached for six months between last December and June 20
Mobile payment malware infections are on the rise, warns Cheetah Mobile (Help Net Security) Mobile payment malware infection rates are on the rise globally, warns the Cheetah Mobile June Security Report
Studies show a car's computer system vulnerable to hacking (Digital Journal) As you're driving down the highway suddenly your engine cuts out. Your steering fails and your tires start loosing air. Your breaks stop working and your airbags deploy. You're flown to the hospital after causing an eight car pile-up
This is How Hackers Are Stealing Your Data (FoxBusiness) The rate of small and higher-profile data breaches has been on the rise as the computer security community races to keep up with the 'bad guys.' Duo Security, a firm that specializes in so-called two-factor authentication, crafted a look at how cyber evildoers are sneaking into networks and stealing a wide variety of sensitive information
Security Patches, Mitigations, and Software Updates
Light Patch Tuesday fixes six issues, two critical (Help Net Security) Microsoft has released the patches and it is a relatively light month. Six issues in total, 2 Critical, 3 Important, 1 Moderate. OS administration teams will be busy, application administrators get the month off
Microsoft Security Bulletin Summary for July 2014 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for July 2014. With the release of the security bulletins for July 2014, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Microsoft rolls out July firmware updates for all Surface tablet models (ZDNet) Microsoft has made firmware updates available for all of its Surface models, including the recently released Surface Pro 3, as part of its July Patch Tuesday updates
Microsoft warns of pending support deadlines for Windows 7, Office 2010 SP1, Windows Server 2003, and more (ZDNet) Microsoft officials are beginning to sound the support warning bell for customers running a number of its popular products, including Windows 7, Windows Server 2008, Windows Server 2003, and more
Security Vulnerability Roll-Up Notice (FireEye Security Bulletin) FireEye has issued a set of FireEye Operating System (FEOS) updates for the following products: NX, EX, AX, FX, and CM. These updates contain a number of vulnerability fixes, some of which are listed in detail in this document. Many of these fixes have previously been communicated in product release notes. This bulletin denotes the first formal, separate FireEye security bulletin for this product family so that our customers and other interested parties can now track and maintain security vulnerability information. We intend to have future bulletins contain a comprehensive list of security fixes since the previous release. These releases underwent a set of external security reviews, and a targeted security redesign by FireEye development. These releases bring the listed products to the same security parity
Adobe issues security fix for Flash Player (ZDNet) New versions of Adobe Flash Player fix three critical vulnerabilities
Yahoo Fixes Trio of Bugs in Mail, Messenger, Flickr (Threatpost) Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers inject malicious script and cause session hijacking, phishing, among other nefarious tricks
WordPress 3.8.2 Security Release (WordPress.org) WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately
Cyber Trends
Corporate Boards Race to Shore Up Cybersecurity (Wall Street Journal) After a series of high-profile data breaches and warnings, corporate boards are waking to cyberthreats, grappling with security issues they once relegated to technology experts. Computer hacking is on the agenda these days when Kellogg Co.'s directors meet, alongside more conventional topics like cereal trends and the company's reliance on Wal-Mart Stores Inc. Kellogg's management is especially worried that cyberattackers
Board of Directors Will Have a Profound Impact on Cybersecurity (ESG-Global) High demand will drive new intelligence, services, tools, and executive cybersecurity skill sets
Security leaders face identity challenge (Computerworld via CSO) Information security today is seriously big business. While cybercriminals are making hay on the black market with stolen identities and records, cybersecurity breaches are also clearly costing companies much more than before
Cyber Security Breaches Can Go Undetected, IT Governance's Cyber Watch Boardroom Survey Finds (EIN) 36% of respondents who took part in the Boardroom Cyber Watch survey believe that their company could have suffered an undetected cyber attack in the past year
64% of companies expect cyber attacks (Help Net Security) Nearly two-thirds (64%) of UK IT decision-makers said they expect their organization to be the target of a cyber attack within the next 12 months. And nearly one in three (32%) of those surveyed confirm their business was hit by a cyber attack during the past year, according to Bit9 + Carbon Black
Cyber Protector Plans Supplies 4 Key Points that Shed Light on Data Breaches, Cyber Security Insurance (Insurance News Net) According to Ponemon Institute's research report Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, data breaches cost millions of dollars; the average cost per record lost is an expensive $188. Cyber security is of the utmost importance for virtually every business as rules and regulations pertaining to safeguarding consumer data grow more severe. In fact, 47 states have enacted data breach legislation, most of which include hefty fees for the unwary
5 reasons why software bugs still plague us (InfoWorld) With the time and expense spent locking down code, most popular programs should be bulletproof — yet hackers find a way
Is it possible to create bug-free software? (CSO) Can the world be rid of software bugs and vulnerabilities that are open to exploitation?
Over half of Romanian SMEs still run Windows XP and are exposed to security risks (study) (ACT Media) Over half of the Small and Medium-Sized Enterprises of Romania which still run Windows XP operating system on their computers expose themselves to significant security risks month by month, Bitdefender specialists draw the attention in a recently published study
Marketplace
Global cloud services market to reach $555 billion by 2020 (Help Net Security) The global cloud services market is expected to grow at a CAGR of 17.6% from 2014 to 2020, reaching a market size of $555 billion in 2020, according to Allied Market Research
Which Security Stock Looks Secure in a Speculative Industry? (Motley Fool) As cyber attacks remain a growing threat, the reasons to own enterprise security stocks may seem clear. Companies like FireEye (NASDAQ: FEYE ) , Proofpoint (NASDAQ: PFPT ) , and Palo Alto Networks (NYSE: PANW ) have been Wall Street favorites, with the latter recently catching a bullish upgrade as the top-in-class investment. Albeit, should you be so bullish?
Can Akamai Continue Its Wild Growth? (Motley Fool) Akamai Technologies (NASDAQ: AKAM ) has tied its future to one of the biggest imaginable growth industries, Internet traffic, and as a result, it's seen remarkable growth for the past several quarters that's exceeding even management's expectations. It's also partnering with powerhouses such as Cisco (NASDAQ: CSCO ) and Qualcomm (NASDAQ: QCOM ), and it's expanding successfully into cybersecurity
RedOwl plans to double workforce (Baltimore Sun) Baltimore cyber security firm RedOwl Analytics plans to double its workforce to 50 people within the next few years as it tries to make Federal Hill Maryland's new technology hub, company CEO Guy Filippelli said Tuesday
A Few Reasons Why Splunk, Inc. Should Continue Getting Better (Motley Fool) Although data analytics player Splunk (NASDAQ: SPLK ) got off to a weak start in 2014, it is making a comeback after reporting strong first-quarter results at the end of May
PeerNova Announces Investment by Cyber-Security pioneer and FireEye's founder Ashar Aziz (MarketWatch) Security expert and successful entrepreneur Mr. Ashar Aziz makes a pre-series A investment in PeerNova
Burned By Snowden, Former NSA Official Now Helps Finance Industry Avoid 'Insider Threats' (Huffington Post) As the highest-ranking civilian employee of the National Security Agency, Chris Inglis was just as surprised as anyone else last year by the leaks from Edward Snowden, a contractor with a top-secret security clearance
Exabeam Initiates Sales Push with Hiring of Former Imperva SVP of Worldwide Sales Ralph Pisani (Broadway World) Fresh off its recent $10 million series A funding round, Exabeam, a big data security analytics company, announced today the hiring of Ralph Pisani as executive vice president of field operations. Former senior vice president of worldwide sales at Imperva, Pisani brings nearly 20 years of experience in sales, sales management, and channel and business development to drive Exabeam's field operations, business development and client services
Malcovery Security Continues to Hit Major Milestones (Digital Journal) Malcovery Security announced today that it achieved several major milestones in delivering email-based threat intelligence, underscoring its unique analytics and patented technology capabilities in light of the unprecedented surge in phishing attack campaigns, as reported in June 2014, by the Anti-Phishing Working Group (APWG)
BCS Exams in Offing for Cyber Security Challenge UK (Infosecurity Magazine) Winners will get a chance to compete in the Masterclass final against the Flag Day Associates
Products, Services, and Solutions
iboss launches 7.0 security platform, updates network protection for the enterprise (ZDNet) iboss Network Security has updated its enterprise security platform to offer better network protection against cybercriminals.
Perion Partners with CYREN to Enhance Browsing Safety for Its App Users (Wall Street Journal) Perion Codefuel, a division of Perion Network Ltd. (NASDAQ: PERI) (TASE: PERI), a leading provider of software monetization solutions, and CYREN, a leading provider of cloud-based security solutions, announced today that they entered into a strategic cooperation and intend to leverage CYREN's online security services in order to help extend Perion Codefuel's suite of browsing and security applications
GFI MailEssentials gets new AV engine and anti-spam capabilities (Help Net Security) GFI Software released GFI MailEssentials 2014 R2, adding major enhancements to the company's email security solution
CrowdStrike Accredited by NSA for Cyber Incident Response Services (Broadway World) CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today it is one of seven companies accredited by the National Security Agency (NSA) under its National Security Cyber Assistance Program
Technologies, Techniques, and Standards
Multifactor authentication key to cloud security success (TechTarget) The collapse of source code-hosting provider Code Spaces in the wake of an attack on its Amazon Web Services' control panel has sparked industry debate around what the organization should have been doing to protect itself. While the Code Spaces incident was a security failure on several fronts, experts say the biggest lesson from the attack is that multifactor authentication is a must when dealing with the cloud
Learn from Target's mistake, report attacks early — Check Point (BNamericas) While corporate Latin America is rapidly adopting IT security systems, the region is lagging more developed nations in terms of legal obligations to report attacks, Ricardo Panez, Latin American regional director for Check Point Software, told BNamericas
Cloud security threats, tips and best practices (Help Net Security) In this interview, Gray Hall, CEO at Alert Logic, illustrates today's top cloud security threats, tackles privacy and surveillance issues, and offers security best practices organizations should implement when moving to the cloud
Defense in Depth for Advanced Threat Protection (Infosec Island) Over the last few years, the threat landscape has shifted. Threat actors have evolved from individual hackers to well-funded professionals, often with ties to organized crime or foreign governments. These threat actors have established a network to exchange information and create tools for launching increasingly sophisticated cyber attacks. This new wave of attacks is often targeted, aiming to gain access to digital assets of high financial value to the attacker, such as source code, design plans, customer data, or credit card data
Fighting Advanced Persistent Threats with Emulation (eSecurity Planet) A layered approach to security is the key to fighting advanced persistent threats (APTs)
Google's Android security chief: Don't bother with anti-virus. Is he serious? (Naked Security) Just before the recent Google I/O developer conference, Google's chief security engineer for Android, Adrian Ludwig, told journalists that most users shouldn't bother with anti-virus
How not to tell your customers how much you care about their security (Naked Security) We've written several times before about "what not to do" when sending important emails to your customers
Defensive tactics against sophisticated cyberspies (CSO) Fine-tuning security systems based on data collected on known cyberspies can protect targeted organizations
6 Tips for Using Big Data to Hunt Cyberthreats (Dark Reading) You need to be smart about harnessing big data to defend against today's security threats, data breaches, and attacks
Who owns your typo? (Internet Storm Center) Here's one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way
Who inherits your IP address? (Internet Storm Center) Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didn't want (or have the funds) to build them on-site
Design and Innovation
Isis Flees Brand Tainted By Terror (InformationWeek) There's no such thing as bad publicity, unless the publicity is really bad. Just ask the mobile payments service formerly known as Isis
Research and Development
The US military runs studies on Twitter, Facebook and Reddit to learn how to counter propaganda (TheNextWeb) In light of Facebook's disconcerting emotion experiment, The Guardian has published an in-depth look at the US military's own research efforts to understand and influence social media. DARPA, the Department of Defense's tech research arm, has sponsored numerous studies across the most popular services, including Twitter, Facebook, Pinterest, Kickstarter and Reddit
Academia
Cal Poly Pomona to host CyberGirtz Summit on Saturday (Daily Bulletin) Cal Poly Pomona's College of Business Administration's Center for Information Assurance will host CyberGirtz Summit on Saturday in an effort to encourage girls to pursue cybersecurity and other high-tech careers
Legislation, Policy, and Regulation
Currency, maritime disputes at stake in U.S.-China talks (Reuters via Yahoo! News) The United States pressed China to implement structural reforms in its exchange rate and to modify its "aggressive behavior" in disputed waters during a preliminary round of bilateral talks on Tuesday, senior U.S. officials said
Sifma: Terrorist Attack Could Temporarily Drain Account Balances (Financial Advisor) Wall Street's biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document
Cyber War Council Idea Wins Few Backers (GovInfoSecurity) An idea to create a cyber war council, reportedly proposed by a financial services industry trade group, has not received an enthusiastic reception from cybersecurity experts, some of whom question its viability to defend against crippling cyberattacks
US Senate Intelligence Committee approves cybersecurity bill (TechWorld) The bill has been criticized by civil liberties and privacy groups because of its potential privacy implications
Eugene Robinson: The NSA's misguided mission (Washington Post via the San Jose Mercury News) Even those who believe the National Security Agency's vacuum-cleaner surveillance of electronic communications does not trample privacy rights should be troubled by this practical implication: If you try to know everything, you end up knowing nothing
Senate should demand electric grid reliability and security (The Hill) With a Senate vote on two nominees for commissioners of the Federal Energy Regulatory Commission (FERC) pending, there is unprecedented attention on this obscure regulator of interstate pipelines and electricity transmission. In 2005, Congress granted FERC additional authority to regulate electric grid reliability and security, but too often FERC has accommodated industry rather than enforce strict standards
Rogers: Cybersecurity is the 'ultimate team sport' (Federal Times) Thank you very much for taking the time from your very busy days to focus on a topic that I think is of critical importance to us as a nation: this idea of how do we maintain security in a cyber arena in a world where cyber continues to grow in importance and, at the same time, the level of vulnerability that is present within our cyber systems has probably never been greater. So that's quite a challenge for anybody
Air Force general named Cyber Command deputy chief (Defense Systems) Air Force Maj. Gen. James K. "Kevin" McLaughlin, commander of Air Forces Cyber, has been nominated for promotion to lieutenant general and assignment as deputy commander of the U.S. Cyber Command, Defense Secretary Chuck Hagel announced today
Florida Law Aims To Tighten Data Security (InformationWeek) Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information
China says it will punish journalists just for talking about "state secrets" (Quartz) Like most governments, China is paranoid about its state secrets being exposed by pesky journalists. And like most governments, it has rules in place that make it difficult for reporters to publish such secrets, or for politicians to leak them. China has decided those rules aren't strict enough, and is now broadening them so that journalists can be punished just for talking about or collecting secrets
Litigation, Investigation, and Law Enforcement
After Arrest of Accused Hacker, Russia Accuses U.S. of Kidnapping (New York Times) On the web, he was known by his hacker handle, "Track2," a nod to his skill in stealing so-called track data from hundreds of thousands of credit cards and selling it for millions of dollars in the digital underground
Here's Exactly Why the TSA Is Worried About Your Phone (TIME) Though the TSA recently outlined new security measures on U.S.-bound flights, the agency's decision to target cell phones raises several questions about the policy's specificity and effectiveness
Electronic Frontier Foundation Sues NSA, Director of National Intelligence (Dark Reading) EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act
Snowden is Not a 'Civil Liberties Violator' — But One Prominent National Security State Apologist Thinks So (The Dissenter) Over at Lawfare blog, which is a bastion on the Internet for United States national security establishment thinking, editor-in-chief Benjamin Wittes is pushing this argument that National Security Agency whistleblower Edward Snowden is to blame for a massive civil liberties violation. That violation involves providing 160,000 emails collected by the NSA to the Washington Post for the purpose of publishing a major piece of journalism that would be in the public interest
Spying Case Left Obama in Dark, U.S. Officials Say (New York Times) When President Obama placed a call to Chancellor Angela Merkel of Germany last Thursday, he had a busy agenda: to consult with a close ally and to mobilize wavering Europeans to put more pressure on Russia to end its covert incursions in Ukraine
Spy Case Threatens To Sour German-U.S. Ties Anew (Newsfactor) An emerging scandal over a possible U.S. informant in the German intelligence service is threatening to spark a fresh rift between the U.S. and one of its closest allies, after earlier reports that the National Security Agency spied on Germans. Germany's president says that if the allegations are true, that kind of spying on allies must stop
Facebook Helps Shut Down Crypto-Currency Mining Botnet (Softpedia) A botnet operated by Greek cybercriminals to mine for Litecoin digital currency has been disabled in a common effort that involved Facebook, law enforcement agencies from Greece and cyber-security groups
Microsoft, No-IP, And The Need For Clarity (Dark Reading) The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up
Microsoft vs No-IP: The Unintended Consequences of Doing the Right Thing (WindowsITPro) On July 3, the four day standoff between Microsoft Digital Crimes Unit and No-IP ended. Per a blog post update from No-IP's Natalie Goguen, the 23 domains that Microsoft has legally absconded were back under No-IP's control
Weary of takedowns, Microsoft looks for partners in crime fighting (IT World) Microsoft has grown weary of its role as the Internet's Dirty Harry and, increasingly, is looking for partners to share the load of fighting cyber crime
Australian police using tower dumps to slurp mass phone data (Naked Security) You know how Google's legally stewing in its WiFi-sniffing, data-slurping Street View sins, right?
Amazon.com seller asks judge to unmask "negative" reviewers (Ars Technica) At stake: Anonymous commenting versus countering unfair business tactics
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.
INSCOM Cyber Day (Fort Belvoir, Virginia, USA, Jul 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber) is collocated with INSCOM. This event will provide industry vendors the opportunity to showcase the latest cyber products and demos to the Fort Belvoir INSCOM community in a one-day tradeshow.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.