The CyberWire Daily Briefing for 5.7.2014
Colombia's President Santos, reports say, has had his emails hacked. FARC, or at least FARC sympathizers, are suspected. Their apparent goal is intelligence on continuing peace negotiations between FARC and the government.
Indonesian cyber vandals deface sites belonging to Yemen's Ministry of Human Rights and several United Nations organizations. The motive seems nothing more than counting coup.
KnowBe4 reports a new strain of ransomware in the wild: CryptorBit (a.k.a. HowDecrypt). It appears to bypass group policy settings designed to fend off ransomware; it also installs a cryptocurrency miner on infected machines.
Apple acknowledges an iOS email attachment encryption flaw.
StubHub's ability to sell World Cup tickets bogs down as a denial-of-service attack shuts down its Brazilian operations.
DropBox issues a patch to close a security hole that has, researchers claim, been known since last November.
New reports detail financial sector cyber security trends. The Anti-Phishing Working Group says cyber criminals' optempo is up. Cybergangs now change targeted brands more quickly, looking for newly popular companies with weak defenses and vulnerable user bases.
Mergers and acquisitions lead industry news. FireEye is buying enterprise forensics shop nPulse Technologies, and Endgame makes its first acquisition, Onyxware, seen as a BYOD security play. IBM's predictive and preventive cyber security solutions continue to attract attention.
SHA-2's displacement of SHA-1 is moving faster, thanks to Heartbleed.
In the US, legislation to restrict electronic surveillance is moving through the House, prospects boosted by new support from leading NSA supporters. The bill would restrict telecommunications metadata mass collection.
Today's issue includes events affecting Argentina, Brazil, Canada, China, Colombia, Estonia, Georgia, India, Indonesia, Iran, Latvia, Moldova, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, Yemen, and and Zimbabwe..
Cyber Attacks, Threats, and Vulnerabilities
Colombian President Target of Cyber-Spy Operation, Emails Hacked (Hispanically Speaking News) Investigators discovered a clandestine cyber-espionage operation targeting the government's negotiations with leftist guerrillas, Colombia's attorney general said Tuesday, adding that the spies apparently intercepted President Juan Manuel Santos' e-mails
Yemen's Ministry of Human Rights and United Nations Domains Hacked by Indonesian Hackers (HackRead) A group of Indonesian hackers going with the handle of Gantengers Crew have hacked and defaced the official website of Yemen's Ministry of Human Rights, United Nations Development Programme (UNDP), United Nations and United Nations Volunteers. All websites were hacked about an hour ago, left with a deface page along with a message which doesn't explain why the
KnowBe4 Warns: Third Ransomware Strain Called CryptorBit Attacks (PRWeb) The crypto malware evolution moves on full speed ahead with new variant — adding a third cyber gang effort to rake in high stakes
Apple admits flaw in email attachment encryption on iPhones and iPads (Naked Security) Apple is under pressure to patch a security flaw in iOS 7, after researcher Andreas Kurtz published his discovery that email attachments are unencrypted on iPhones and iPads, and can be accessed by an attacker using "well-known techniques"
DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in the wild (Webroot Threat Blog) With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android's marketplace using a variety of TTPs (tactics, techniques and procedures). Largely relying on the ubiquitous for the cybercrime ecosystem, affiliate network based revenue sharing scheme, segmented cybercrime-friendly underground traffic exchanges, as well as mass and efficient compromise of legitimate Web sites, for the purpose of hijacking legitimate traffic, the market segment for Android malware continues flourishing
New DNS Spoofing Technique: Why we haven't covered it. (Internet Storm Center) The last couple of days, a lot of readers sent us links to articles proclaiming yet another new flaw in DNS. "Critical Vulnerability in BIND Software Puts DNS Protocol Security At Risk" claimed one article, going forward to state: "The students have found a way to compel DNS servers to connect with a specific server controlled by the attacker that could respond with a false IP address"
Sneaky Windows Folder Poisoning Attack Steals Access Rights (Dark Reading) Windows challenge-response authentication protocol could be abused by PC hackers to easily access wider corporate networks
Deactivated User Accounts Die Hard (Dark Reading) New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse
How Turning Off Geotagging On Your iPhone Could Save a Rhino's Life (Intego) Do you think fears about geotagged photographs are overblown? Well, maybe a tweet made today by my friend, Professor Alan Woodward of the University of Surrey, will change your opinion
Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest (Graham Cluley) Earlier today I reported how users of file sync and share services like Dropbox and Box.com could have their sensitive information exposed to Google advertisers
StubHub's World Cup ticket sales in Brazil interrupted by cyber attack (Los Angeles Times) StubHub, the online event tickets vendor owned by Ebay, suffered a large denial-of-service attack which led to the shutdown of its website in Brazil, just as it was poised to serve as a marketplace for tickets to the country's upcoming World Cup
DrawQuest Shut Down After Hackers Gain Access to Amazon Servers (Softpedia) DrawQuest — the free drawing community for iPhone, iPad and iPod touch — has been shut down. The decision comes after malicious hackers breached the Amazon servers used by the company
Malware Exposes Boomerang Tags Customers' Payment Card Data (eSecurity Planet) Customers' names, addresses, payment card numbers, expiration dates and security codes were exposed
The Non-Advanced Persistent Threat (Imperva) Advanced Persistent Threat (APT) is a name given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. The skill and scope required to instigate an attack of this magnitude and sophistication are believed to be beyond the reach of individual hackers. Therefore, APT is generally attributed to governments, hacktivists, and cyber criminals
Hacktivism: good or evil? (ComputerWeekly) Wikipedia is always a good source of definitions for technology-related issues. It defines hacktivism as "the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics". As with any technology, "hacking" and therefore hacktivism can be a force for good or evil
Security Patches, Mitigations, and Software Updates
Dropbox finally fixes security vulnerability (ComputerWeekly) Cloud-based file syncing and sharing service Dropbox has taken steps to fix a security vulnerability, but only after media attention to the issue
Ruby on Rails security update available (CSO) Ruby on Rails has released their newest version of their software
Report on Cyber Security in the Banking Sector (New York State Department of Financial Services) Cyber attacks against financial services institutions are becoming more frequent, more sophisticated, and more widespread. Although large-scale denial-of-services attacks against major financial institutions generate the most headlines, community and regional banks, credit unions, money transmitters, and third-party service providers (such as credit card and payment processors) have experienced attempted breaches in recent years
Security Trends In The Financial Services (CloudTweaks) Readers who subscribe to our newsletter will have already read Fridays news about Microsoft's latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries — financial services, healthcare, retail, and public sector
Cybergangs accelerating velocity of targeted brand development (Help Net Security) Cybercrime gangs are accelerating their substitution of targeted brands at an alarming new pace, according to a new APWG report
On security reports and weather forecasts (NetworkWorld) Do you need someone to tell you it's raining?
So what is the fuss about the 'Death of AV'? (Kaspersky Lab Business) So, you may have heard that antivirus has been pronounced dead — again
FireEye Enters Agreement to Acquire nPulse Technologies (MarketWatch) Combination creates industry's first solution to deliver enterprise forensics from the endpoint to the network, providing visibility across the entire attack life cycle and accelerating threat response and remediation
Endgame's First Acquisition Takes It Beyond Cyber Weapons (Bloomberg BusinessWeek) Endgame, once a secretive supplier of cyber weapons to yet more secretive government agencies, has made its first acquisition, aiming to help public- and private-sector clients better protect mobile devices used by employees
Do Proofpoint's Earnings Mean Anything for Cybersecurity? (Motley Fool) Proofpoint (NASDAQ: PFPT) shares soared after the cloud data protection software provider reported better-than-expected earnings. However, it's worth noting that shares of security stocks have been badly beaten, and had continued to trend lower prior to Proofpoint's report
Akamai's Solid Q1 Performance Offset By Near-Term Margin Concerns (Trefis) Akamai (NASDAQ:AKAM) recently announced a strong set of Q1 results, beating the high end of its guidance on both revenues and earnings. The company generated revenues of $454 million in the first quarter, about 23% higher than the prior-year quarter when adjusted for the ADS divestment and the recent acquisition of Prolexic
Google execs cozily in bed with the NSA before Snowden leak: report (Times LIVE) Email correspondence between Google executives and the National Security Agency (NSA) reveal that the tech giant had a closer relationship with the US government then they have been letting on
Dell Turns 30: Where To Next? (InformationWeek) Dell celebrates its 30th birthday while working to reinvent itself for the cloud era. What do you want most from Dell now?
Bitdefender, Point Service Mobiles sign distribution deal (Telecompaper) Antivirus software publisher Bitdefender has signed an agreement with French mobile phone and tablet repair chain Point Service Mobiles have signed a distribution agreement for Bitdefender Mobile Security for Android
Distil opens Raleigh office (Raleigh News Observer) The founders of Distil Networks, a small but fast-growing Internet security software firm based in Arlington, Va., have returned to their North Carolina roots by opening an office in the Triangle
Don't let hackers know Mandiant founder checks his email on an iPad. Oh. (The Register) Mandia prefers face-to-face natter to avoid piles of spyware booby-traps
AVG Appoints Ronan Dunne to Supervisory Board (MarketWatch) CEO of Telefonica UK (O2) joins AVG as Independent Director
DRC Vet Louis Chabot Joins ManTech as Cyber Group VP, Technical Architect (GovConWire) Louis Chabot, formerly a data scientist at Dynamics Research Corp., has joined ManTech International (NASDAQ: MANT) has vice president and technical architect for the mission, cyber and intelligence solutions group
Products, Services, and Solutions
IBM's New Cybersecurity Plan: Find Bad Guys Before They Steal (Wall Street Journal) Protecting a company from data theft traditionally involves setting up a secure perimeter. But with computer crime growing in recent years, International Business Machines has a new approach: spotting threats before the crown jewels are stolen
Varonis Unveils DatAnswers, Bringing Secure Enterprise Search of Human-Generated Data Files to Employees (Broadway World) Varonis Systems, Inc. (NASDAQ: VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, today introduced DatAnswers, bringing secure, user-friendly enterprise search of human-generated data such as presentations, spreadsheets and documents
AVG launches management platform for MSP channel (ARN) Managed Workplace intended to boost partner productivity and reduce cost in managing SMB customers
Fortinet Strengthens Cloud Security Offering: Supports VPN Access to Microsoft's Azure Cloud Platform (MarketWatch) Fortinet now provides industry's broadest secure access to cloud environments
5 SQL Server 2014 Security Enhancements (SQL Magazine) SQL Server 2014 continues the Microsoft commitment to excellence in security. According to the National Institute of Standards and Technology (NIST) public security board, SQL Server reportedly has the lowest number of security vulnerabilities across major database vendors
Splunk Introduces Hunk 6.1 (MarketWatch) Organizations around the world turning to Hunk for easier and faster analytics for Hadoop and NoSQL data stores
Snowden's Beloved Tails OS Reaches v1.0 Milestone (Linux Insider) The volunteers who developed Tails, the open source operating system used by whistleblower Edward Snowden, this week released v1.0
Into malware? Time to play in the Cuckoo Sandbox (CSO) Have a taste for tearing apart malware? Then you have probably played with Cuckoo Sandbox. If not, it is really time to take a poke at it
Cryptol Version 2 Released (I Programmer) An open source version of Cryptol has been released. The language is designed specifically for cryptography, and while this is the first public version, the language has been under development and in use for almost 15 years
CACI Digital Forensics Lab Receives American Society of Crime Laboratory Directors Accreditation (Wall Street Journal) CACI International Inc (NYSE:CACI) announced today that its CACI Digital Forensics Laboratory (CDFL), a full-service computer and audio forensics facility located in Alexandria, Va., has been accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB)-International. This independent and impartial accreditation demonstrates that CACI's lab, which is part of the capabilities the company offers in its Investigation & Litigation Support market, meets or exceeds established testing and calibration requirements as well as industry digital forensic standards
Technologies, Techniques, and Standards
SHA-2 takes off, thanks to Heartbleed (ZDNet) Industry and standards bodies had announced the transition from SHA-1 hashes to SHA-2 in certificates some time ago, but adoption was weak. Now Heartbleed has created an opportunity to jumpstart the transition
The attack that keeps on giving (SC Magazine) Once again the importance of sound key management has been brought into sharp focus. The Heartbleed bug found in OpenSSL, one of the most common means of encrypting data on the internet and internal networks, provides a way for attackers to potentially access private keys
The State of Cryptography in 2014, Part 1: On Fragility and Heartbleed (TrendLabs Security Intelligence Blog) It seems like cryptography has been taking a knock recently. This is both good and bad, but is not actually true: cryptography is always under attack, and for that reason constantly evolves. That's bad, but it's good to realize that cryptography needs constant attention. The threat to cryptography can be very disruptive, as we most recently saw with Heartbleed, and more distantly with 'issues' in various algorithms like RC4, MD5, SHA1 and Dual_EC_DRBG (all of which should not be used any more, by the way)
IETF drops RSA key transport from SSL (The Inquirer) Adopts different vehicles for Transport Layer Security
Cyber Counterintelligence: from Theory to Practice (Tripwire: the State of Security) In the previous article, Cyber Intelligence Collection Operations, the types of collection and the types of data that could be obtained were discussed. At the end of the discussion I pointed out that analysts must be critical of the data they evaluate as at any time it could be compromised
Embedding positive security behaviors is essential (Help Net Security) Organizations have spent millions over recent decades on information security awareness activities. The rationale behind this approach was to take their biggest asset — people — and change their behaviors, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do
Password management done right (Help Net Security) David Sancho, senior threat researcher with Trend Micro, has recently written a short but good post in which he pointed out the reasons why despite their inherent insecurity, passwords are here to stay
Don't let the latest zero-day fool you (InfoWorld) The Internet Explorer exploit patched by Microsoft last week was serious stuff, but, if you're prioritizing holes to plug, browser vulnerabilities shouldn't be first on the list
Design and Innovation
What Google's King of Crazy Ideas Wants to Take On Next (Wired) As head of Google X, the search giant's so-called "moonshot factory," Astro Teller gets to think about big, hairy world issues for a living. He's the driving force behind Google's self-driving cars. He's leading the way on glucose-monitoring contact lenses for diabetics. He has tried — and failed — to bring us jet packs that are actually safe. And yes, for better or worse, he brought us Google Glass
Research and Development
Is that Twitter account a bot? Researchers make app to find out (CSO) The app looks at public Twitter data to identify phony accounts
Sorry State of IT Education: Readers Propose Fixes (InformationWeek) How should IT education be salvaged? In part 2 of this series, we share readers' ideas about what colleges, employers, and employees themselves must do
Legislation, Policy, and Regulation
How Putin Is Reinventing Warfare (Foreign Policy) Though some deride Russia for backward thinking, Putin's strategy in Ukraine betrays a nuanced understanding of 21st century geopolitics
House panel voting to end NSA bulk phone metadata program (Ars Technica) Proposal would require NSA to get approval from FISC to access records from telcos. A House panel is expected to vote on a proposal Wednesday ending the National Security Agency's bulk telephone metadata collection program
Hard-Hitting NSA Reform Bill Starts Moving Through Congress (Daily Caller) The most significant National Security Agency legislative overhaul, the USA Freedom Act, saw fresh movement toward a vote in Congress Monday after more than six months of delay since it was introduced last year
Key NSA Defender: Congress 'A Lot Closer' On Surveillance Reform (Foreign Policy) In a dramatic change of tone, Rep. Mike Rogers, the chairman of the House Intelligence Committee, praised a bill in the House Judiciary Committee that would sharply curb the National Security Agency's surveillance powers. His remarks suggest that the powerful lawmaker may be more willing to vote for tougher reforms than previously anticipated
DNI Announces the Release of Additional Documents Related to Collection Activities Authorized by President George W. Bush Shortly After the Attacks of Sept. 11 (IC on the Record) Yesterday the Director of National Intelligence released additional documents related to the intelligence-gathering activities authorized by President George W. Bush shortly after the attacks of Sept. 11 and subsequently transitioned to authority of the Foreign Intelligence Surveillance Act
McCain: Young People Angry about NSA Spying Have Forgotten 9/11 (HackRead) Sen. John McCain is known for his soft corner for the NSA and its surveillance project but his recent claim may upset many
White House Big Data Report Earns Praise, Skepticism (InformationWeek) Tech experts say the administration is wise to call for statutory protections for data in the cloud. But some advocacy groups say overregulation will have a chilling effect on innovation
Director of the National Security Agency: Who Is Michael Rogers? (AllGov) Admiral Michael S. Rogers took over April 2, 2014, as director of the National Security Agency (NSA) and head of the U.S. Cyber Command. In that role, Rogers will direct communications and data gathering and decoding. Rogers took charge of the agency as it was trying to recover from allegations of spying on Americans and foreign officials and the Edward Snowden revelations
Sending cyber sense down the Navy chain of command (FCW) Vice Adm. Jan E. Tighe, commander of U.S. Fleet Cyber Command, says the Navy brass has a good handle on the need for cyber defense, but the lower ranks need to be brought up to speed. The U.S. Navy is undergoing a "cultural shift" toward seeing computer networks for the battlefields they are, but some of that education has yet to trickle down to the rank and file, its top cyber commander said May 6
Former Unisys CIO Kevin Kern Joins ICE as CIO (ExecutiveGov) Kevin Kern, formerly senior vice president and chief information officer at Unisys, has been named CIO for the Department of Homeland Security's Immigration and Customs Enforcement agency
Litigation, Investigation, and Law Enforcement
Rep. Lamar Smith Seeks 'Full, Thorough' Review of Healthcare.gov Security (ExecutiveGov) Some lawmakers have called on the Government Accountability Office to review Healthcare.gov's security features with the goal of ensuring identifiable information is not at risk of being hacked or stolen
In his words: How a whitehat hacked a university and became an FBI target (Ars Technica) David Helkowski set out to be a whistle-blower; he now faces the feds and unemployment
Examiner Editorial: Obama's chief science adviser must explain secret emails (Washington Examiner) White House Office of Science and Technology Policy Director John Holdren or somebody on his staff would have been well-advised to heed Sir Walter Scott's poetic warning: "What a tangled web we weave when first we practice to deceive." As a result, the Competitive Enterprise Institute filed suit in a federal court Monday claiming Holdren violated federal law and regulation by doing something he specifically advised employees not to do. That something was using a private email account to conduct official government business
For a complete running list of events, please visit the Event Tracker.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base. This is the only yearly event officially sponsored by AFCEA at Kirtland AFB. The goal of this expo is to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
US Secret Service Cybersecurity Awareness Day (Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to the agency. In addition, this event will be widely attended by the majority of personnel at the USSS HQ building. Attendance is expected to be over 300 for the event.
SANS Security West (, Jan 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.
Eurocrypt 2014 (, Jan 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.
Cyber Security for National Defense Symposium (, Jan 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations can come together for actionable discussions and debate. The symposium will focus on increasing the security and resiliency of the Nation's critical networks, operating freely in the Cyber Domain, and the protection of infrastructure in support of national defense and homeland Security.
CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations and Governments to a complex threat environment including hacktivists to trans-national crime organizations and advanced persistent threats. Join experts from government, industry and academia in discussing how we are making our future more secure.
Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.
INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.