The CyberWire Daily Briefing for 4.25.2014
Anarcho-syndicalist hacktivists (particularly those of Anonymous) apparently struggle with limiting (or even thinking about, let alone anticipating) the collateral damage they do. Boston Children's Hospital suffered a denial-of-service attack over Easter weekend. (It didn't happen in this case, but hacktivists who pivot between systems are particularly likely to affect medical devices.)
Vulnerabilities are found in both NetSupport (a remote management app) and Viber (mobile messaging) that place information at risk of compromise.
Kaspersky finds the Android banking Trojan "FakeInst" in the US. FakeInst's vector poses as an app for downloading free pornographic videos (this shouts "risky" about as clearly as can be imagined).
Heartbleed continues to preoccupy administrators (and so can serve as misdirection for unrelated exploits). It also prompts widespread rethinking of open source development practices.
Apache's recent Struts zero-day patch is faulty, and a new one is expected by Monday.
To return to healthcare cyber security issues, Wired runs a good overview of what the risks are and why they persist: essentially, medical devices are networked to improve healthcare productivity. Why not, for example, enable care from a nursing station? Some vendors and users are reluctant to patch because they fear having to vet patched devices through the FDA. (But the FDA has had a cyber security exception in place since 2005.) The FBI warns healthcare providers that they need to up their cyber game, and the US Department of Health and Human Services puts financial teeth into medical privacy, extracting million dollar settlements for lost unencrypted laptops.
Notes.
Today's issue includes events affecting Brazil, Canada, France, India, Mexico, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Activism's slippery slope: Anonymous targets children's hospital (CSO) Supporters of the faceless collective known as Anonymous have taken up the cause of a young girl. However, the methods used to show support may have unintended consequences, which could impact patient care
NetSupport vulnerabilty allows information leakage (Help Net Security) NetSupport is an application that allows corporations to remotely manage and connect to PCs and servers from a central location, to provide desktop support
Here we go again: Viber mobile messenger app leaves user data unencrypted (Naked Security) Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen
Researchers spot SMS Trojan active in the US (Help Net Security) For the first time ever, Kaspersky Lab researchers have detected an active SMS Trojan in the United States. The malware in question is an SMS-sending Android Trojan dubbed "FakeInst", and was first spotted in February 2013 targeting Russian users
French orgs targeted with social engineering attacks (Help Net Security) Over the last year, Symantec researchers have been following and warning about exceptionally effective and sophisticated malware delivery / phishing campaigns that have been targeting mostly French organizations
Heartburn from Heartbleed forces wide-ranging rethink in open source world (CNet) Experts caution that the notorious security bug heralds "open season on open source" and will force changes in how open-source code gets vetted as secure
Heartbleed: Quick Turnaround in Open Source Reporting (Recorded Future) By now you've certainly heard of Heartbleed. This security flaw allows hackers to steal protected information without leaving a trace, which means just about everyone is vulnerable to a cyber attack. Between the Heartbleed Bug and the recent expiration of Windows XP support, security teams have had their hands full the past few weeks. It's clear information security is an ongoing process with no end in sight
We Heart It turns off Twitter sharing following spam (CSO) A social network for sharing image collections has turned off sharing on Twitter after a large spam run referenced the service
How bank hackers stole £1.25 million with a simple piece of computer hardware (Graham Cluley) On 4 April 2013, Darius Bolder, walked into the Swiss Cottage branch of Barclays bank in North London and — posing as an IT technician — managed to gain entry to the back office
DrDoS attacks to reach 800 Gbps in 2015 (Help Net Security) While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 Gbps during the next 12 to 18 months
Mobile bad bots running across most top mobile operators (Help Net Security) During 2013, Distil Networks fingerprinted and catalogued 2.2 billion bad bots, or 31 percent of the bad bots that exist in Distil's database of 7-billion bad bots
Covert Bitcoin miner found stashed in malicious Google Play apps (Ars Technica) Titles raise questions about Google's ability to police its own market
Why It's Insanely Easy to Hack Hospital Equipment (Wired) When Scott Erven was given free reign to roam through all of the medical equipment used at a large chain of Midwest health care facilities, he knew he would find security problems—but he wasn't prepared for just how bad it would be
Security Patches, Mitigations, and Software Updates
Apache Warns of Faulty Zero Day Patch for Struts (Threatpost) The Apache Software Foundation today released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question
Apple Patches iPhones, iPads, iMacs and MacBooks Against Critical Security Holes (Graham Cluley) If you are using Apple computers or iDevices, I recommend that you update your operating system as soon as possible — because on Tuesday the Cupertino-based firm published some critical security updates
Cyber Trends
FBI warns healthcare info security is 'too lax' (ITNews) The FBI has warned US healthcare providers their cybersecurity systems are lax compared to other sectors, making them vulnerable to attacks by hackers searching for customers' personal medical records and health insurance data
Hacker-Threat Sharing Has Companies Waiting Amid Breaches (Bloomberg) President Barack Obama's plan to protect the U.S. from hackers was supposed to let more companies access classified data on computer threats so banks, utilities and other targets would be able to boost their cybersecurity. Fourteen months later, it hasn't happened
Verizon Blockbuster Data Breach Report Is Bad News for Organizations (Huffington Post) Verizon has published a blockbuster report on Internet "data breaches" which has garnered major headlines because it fingers Eastern Europe (primarily Russia) as a greater source of attacks than those from East Asia, primarily China. Prepared with the cooperation of 50 companies in different parts of the world, the Verizon study classifies "data breaches" into different categories —but the two most important stand out visibly from all the others. These are "point of sale" attacks and "cyber espionage" attacks
Infographic: Most firms that suffer a major data loss close down within 24 months (FierceITSecurity) Close to three-quarters of businesses that suffer a major data loss close down within 24 months, according to an infographic put together by security firm Imprima
McAfee says online gambling fuelling cybercrime (IT Wire) Cybercrime is still on the rise and specialist hacking skills and cyber attacks are being paid for via untraceable payments through online gambling sites, according to a research paper released today by security firm McAfee
Kaspersky Warns of Surge in Bitcoin Cybercrime (eSecurity Planet) Cyber attacks targeting Bitcoin accounted for a total of 8.3 million incidents in 2013
India third-biggest threat frontier in cyber world, says Symantec report (Business Standard) Symantec's 'Internet Security Threat Report' says country ranks third in contribution to malicious cyber activities
Nine out of ten employees don't use password security on mobile devices (CSO) A new survey has sounded alarm bells for employers after it revealed only one in ten employees use a pin or password on their mobile devices
Data Security: Think Outside The Box (Dark Reading) What the public and private sector can learn from each other's data security priorities is an exercise in nuance that is well worth the effort. Here's why
CHDS Speaker: Hackers Critical to Defeating Cyber Threats (Targeted News Service Via TMCnet) The Naval Postgraduate School Center for Homeland Defense and Security issued the following news release: Hackers are potential resources that can aid in the fight against cyber-terror far better than government bureaucrats, says internationally known security researcher Robi Sen
Marketplace
Chinese government sticks with Windows XP over 'expensive' Windows 8 (V3) The Chinese government has said Windows 8 is too expensive to be used as a replacement to Windows XP and is instead looking to patch millions of machines running the ancient operating system despite support ending earlier this month
For crowdsourced security startup, a carrot and a hack (Fortune) Kleiner Perkins' latest bet on cybersecurity? Crowdsourced hacking and a new company called Synack
Why Integrata Security chose Maryland (MDBizNews) Integrata Security is a rising star in Maryland's cybersecurity community. Currently housed in the bwtech@UMBC Research and Technology Park, the startup has developed high-level threat detection and prevention for wireless networks through constant monitoring of all data and all channels
The Real Winner of the Afghan War Is This Shady Military Contractor (Daily Beast) The State Department paid out $4 billion to rebuild Afghanistan. Some $2.5 billion of that went to a single firm with a bad, bad past
Snowden disclosures hurt intelligence agencies' recruitment (SFGate) The Edward Snowden disclosures of National Security Agency surveillance certainly have awakened concerns in a portion of our country that feels strongly about the protection of civil liberties. Snowden's disclosures seem to have created a perception that the values of the intelligence community are not American values, that its activity is inconsistent with our ideals. The disclosures have also created a breach between U.S. technology firms (many of which reside here in Silicon Valley) and the U.S. intelligence community, which have enjoyed a close partnership since 9/11
Mozilla's Denelle Dixon-Thayer: Trading Away Your Privacy (Reason) Don't trust Facebook or Google with your personal information? You're not alone. A recent Reason-Rupe poll found that when it comes to their personal info, more Americans trust even the National Security Agency or the Internal Revenue Service over Google or Facebook. Mozilla's Vice President of Business and Legal Affairs, Denelle Dixon-Thayer, says "data hygiene" should be something every new or established tech company should be thinking about
Tech titan funding just a start in securing critical open-source projects (CSO) Security experts say a formal, enterprise-class product development structure is also needed
Google+ Is Walking Dead (TechCrunch) Today, Google's Vic Gundotra announced that he would be leaving the company after eight years. The first obvious question is where this leaves Google+, Gundotra's baby and primary project for the past several of those years
Report: Google to end forced G+ integration, drastically cut division resources (Ars Technica) Report says 1000-1200 employees will be moved from Google+ to other divisions
Products, Services, and Solutions
WatchGuard APT Blocker Offers Protection From Hidden Threats (ChannelBiz) Advanced-threat visibility has been added to WatchGuard's UTM and Next-Gen Firewall appliances
Review: Zscaler Secure Cloud Gateway (eSecurity Planet) Reviewer Matt Sarrel appreciates the technical support resources available for the Zscaler Secure Cloud Gateway
Storyful's Verification Tech Could Stop Fake News From Spreading On Facebook (TechCrunch) Twitter is the king of real time news, but people's eagerness to retweet juicy stories sometimes outweighs their willingness to verify the facts first, leading them to parrot misinformation. That's why the most intersting thing about Facebook's partnership with Storyful to create a Newswire isn't about refferal traffic or helping journalists find things to cover. It's that putting Storyful's news verification process in the spotlight could make the Internet more trustworthy
Cisco Announces OpenAppID — the Next Open Source 'Game Changer' in Cybersecurity (Cisco Blogs) One of the big lessons I learned during the early days, when I was first creating Snort®, was that the open source model was an incredibly strong way to build great software and attack difficult problems in a way that the user community rallied around. I still see this as one of the chief strengths of the open source development model and why it will be with us for the foreseeable future
AVG, Avira, Avast — Is a free download antivirus enough? (Gamer Headlines) Paying more usually gets your better things in life. This is not always the case when it comes to desktop security, given the fact that free antivirus apps are often on-par with premium versions that you have to spend considerably on. Naturally, there are always benefits for using the premium antivirus programs, but when talking strictly about security, a free antivirus that's free to download is often more than enough. Before deciding if you should spend any money on premium protection, it's important to establish what exactly you'd need from the antivirus to begin with
Technologies, Techniques, and Standards
How to Automatically Block Sites Vulnerable to Heartbleed (McAfee Blog Central) There's been a tremendous amount of activity over the past few weeks in response to the Heartbleed bug discovered in OpenSSL, an open source tool used by thousands of web sites to encrypt web traffic. The bug enables an attacker to obtain a random 64K chunk of memory which could contain sensitive information, such as a user ID or password. The result has been a mad scramble to fix the vulnerability by the many web site owners and security software vendors who rely on OpenSSL
Google Gmail Security Changes to Block NSA: What It Really Means for You (Decoded Science) Google changes its security settings for Gmail last month. The extra encryption will mean that nobody can read emails that are sent over various networks, and was an answer to the controversy surrounding the National Security Agency (NSA)
Academia
Parents win against cloud storage of US students' private information (Naked Security) People are a little touchy about data collection nowadays. They were most certainly touchy about inBloom, a non-profit that was offering to house and manage student data for public school districts across the US by extracting a dizzying array of information
High school students are all about computers but get little instruction in computer science (Washington Post) Their lives swirl in technology, but the nation's high school students spend little time studying the computer science that is the basis of it all. Few are taught to write lines of code, and few take classes that delve into the workings of the Internet or explain how to create an app
Hands on fun at HacKid 2014 (Help Net Security) Last weekend, families and tech industry leaders descended on The Tech Museum of innovation in San Jose, California, for HacKid 2014. We had a great turnout for the event — reaching capacity through advanced ticket sales with over 200 attendees, including parents with children ages 5-17. We were thrilled to again see such great cultural and gender diversity across presenters and participants, with nearly 50% of attendees and 40% of our presenters represented by females
U.S. super leaker Snowden appointed 'rector' of Glasgow University (Examiner) The former National Security Agency (NSA) contractor, Edward Snowden, who is hailed as a whistleblower by supporters and a traitor by opponents, was officially named the student rector of Scotland's University of Glasgow on Wednesday, a position that requires his representing students on the university's governing committee, according to European news outlets
Legislation, Policy, and Regulation
Brazilian president signs internet civil rights law (The Register) Marco Civil bill enshines 'net neutrality', 'privacy' as law
Putin calls Internet 'CIA project' that must be controlled (Washington Times) Russian President Vladimir Putin charged Thursday that the Internet is a project developed and ran by the CIA, and that Russia will continue to fight to squelch dissent online
In Mexico, Hagel Focuses on Crime, Cyber and Natural Disasters (DefenseOne) There's the pivot to Asia, the growing threat of terrorism in the Middle East and North Africa, the continuing conflict in Ukraine, serious budget cuts at home. And then there's Canada and Mexico
If You Have a 'Secret' Clearance, Prepare for Greater Scrutiny (National Defense) The Pentagon is wrapping up an eight-month effort to overhaul security policies to deal with "insider" threats. The focus is on trying to prevent a repeat of the Sept. 16 Washington Navy Yard shooting when a contractor employee with a secret clearance killed 12 coworkers
Lawmakers petition for open NSA debate (CBS News) Once the full House starts debating legislation to reform the National Security Agency, any member of the House should be able to offer amendments, one Democratic congressman insists
Litigation, Investigation, and Law Enforcement
Stolen laptops lead to important HIPAA settlements (FierceITSecurity) Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices
Defence argues FBI probe of a 9-11 defendant's legal team member has 'staggering' implications (AP via the Nanaimo Daily News) The defence team for five people facing trial before a war crimes tribunal stemming from the Sept. 11, 2001 terror attacks claimed the implications of the FBI's questioning of one of its members are "staggering" and called on the court to probe the incident aggressively, according to a motion unsealed on Wednesday
U.S. Secret Service Has 171 Cybercrimes Under Investigation (Wall Street Journal) The U.S. Secret Service has prevented about $12 billion in losses from cybercrime and arrested more than 4,900 people since it initiated its computer crime investigations 30 years ago, the agency's deputy director said Tuesday
Investigating Cyber Crime At The Local Level (WNIJ) Victims of internet crimes don't always know where to turn for help. If there's money involved, they might call their bank. They can also reach out to federal authorities. But trying to navigate the proper channels can be confusing. Local police can sometimes serve as a first response, even if the perpetrator is thousands of miles away
Feds argue for warrantless phone search to avoid suspects kill-switching evidence (Naked Security) We carry wallets, purses, address books, and briefcases. If police in the US arrest us, they've long had the authority to search this type of wearable, portable stuff
Low-level federal judges balking at law enforcement requests for electronic evidence (Washington Post) Judges at the lowest levels of the federal judiciary are balking at sweeping requests by law enforcement officials for cellphone and other sensitive personal data, declaring the demands overly broad and at odds with basic constitutional rights
Millions in Tax Refunds Obtained Through Massive Identity Theft Conspiracy (WESA) Federal investigators in Western Pennsylvania have uncovered a national identity theft scheme that has been in operation for nearly a decade. Thieves used stolen IDs to open bank accounts, obtain credit cards and file fake tax returns that caused the IRS to pay millions in fraudulent funds
Miami Resident Gets 81 Months in Prison for Identity Theft, Tax Fraud (eSecurity Planet) Brandon James used at least 121 stolen identities to file fraudulent tax returns seeking more than $862,000 in refunds
Five Charged in Identity Theft Scheme with Thousands of Victims (FierceITSecurity) Five individuals from around the United States have been indicted by a federal grand jury in Erie on charges of conspiracy to commit wire fraud and aggravated identity theft, United States Attorney David J. Hickton announced today
'Acid House King' jailed for sophisticated cyber attack on UK banks (Telegraph) The organiser of the infamous 'Sunrise' parties, Tony Colston-Hayter, is jailed for five and a half years for masterminding a sophisticated cyber theft of £1.5m from bank accounts
Putney man jailed for £1.25m cyber attack (Your Local Guardian) A 25-year-old man has been jailed for his role in a sophisticated cyber attack stealing more than £1.25m
Silk Road vendor pleading guilty to selling massive amounts of illicit drugs (Ars Technica) "SuperTrips" sold everything from cocaine and ecstasy to LSD and marijuana
Department of Homeland Security secretary puts ex-watchdog on leave (AP via Northwest Herald) The secretary of the Department of Homeland Security put the agency's former internal watchdog on administrative leave Thursday following the release of a Senate report that concluded he was too cozy with senior agency officials and improperly rewrote, delayed or classified some critical reports to accommodate President Barack Obama's political appointees
Privacy watchdog awaits report on data loss in own office (Montreal Gazette) The federal privacy commissioner will receive on Friday the findings of an internal investigation into an embarrassing loss of sensitive information of approximately 800 current and former federal employees
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
US News STEM Solutions: National Leadership Conference (, Jan 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is an outcome-focused forum for the entire network of experts, advocates and change-makers who are proactively working to fill jobs now and advance the future of the STEM workforce. More than a broad-based discussion of the issues, this year's conference will zero in on tangible results, real successes and collaborative strategies that are already moving the needle. If you have a vested interest in the development of the STEM pipeline, make your voice heard where it will have the most impact.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
United States Cyber Crime Conference 2014 (, Jan 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders. All aspects of computer crime will be covered, including intrusion investigations, cyber crime law, digital forensics, information assurance, along with research and development, and testing of digital forensic tools.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
Cyber COMSEC and IT Day at Fort Huachuca (, Jan 1, 1970) This one-day vendor expo is a unique opportunity to demonstrate your products and services to military and civilian personnel at Fort Huachuca. Exhibitors will have a casual atmosphere to share ideas, concerns and build relationships with the men and women of Fort Huachuca.
cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending against recognized or suspicious malware. Yet increasingly, advanced malware is customized to evade detection and remediation; and even those that are caught can have deeper and more dangerous capabilities. In order to truly understand the malware's capabilities and to assess its success in gaining access to an enterprise, cyber security professionals should reverse engineer the binary to expose its secrets. But organizations may forgo reverse engineering and rely on industry solutions to characterize and defend against the threat. Reverse engineering is done by exception and within the constraints of budget, time, and available professional talent, if it is done at all. However, reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight.
Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base. This is the only yearly event officially sponsored by AFCEA at Kirtland AFB. The goal of this expo is to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to the agency. In addition, this event will be widely attended by the majority of personnel at the USSS HQ building. Attendance is expected to be over 300 for the event.
SANS Security West (, Jan 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.
HackMiami 2014 (Miami Beach, Florida, USA, May 9 - 11, 2014) The HackMiami 2014 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threat landscape.
Eurocrypt 2014 (, Jan 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations and Governments to a complex threat environment including hacktivists to trans-national crime organizations and advanced persistent threats. Join experts from government, industry and academia in discussing how we are making our future more secure.
GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.
Cyber Security for National Defense Symposium (, Jan 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations can come together for actionable discussions and debate. The symposium will focus on increasing the security and resiliency of the Nation's critical networks, operating freely in the Cyber Domain, and the protection of infrastructure in support of national defense and homeland Security.
FOSE Conference (Washington, DC, USA, May 13 - 15, 2014) Spend 1 day or 3 days at the FOSE conference and leave with actionable information, covering a broad spectrum of trending topics including: Cybersecurity, Cloud and Virtualization, Mobile Government, Big Data and Business Intelligence, Project Management, Procurement and Acquisition and more. (free-of-charge for government personnel).
INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.