The CyberWire Daily Briefing 05.14.14

Summary

By The CyberWire Staff

Chinese cyber-rioting against Vietnamese targets coincides with China's assertive deployment of drill rigs in disputed waters.

Fresh allegations surface that Russia hacked Belgian Foreign Ministry networks. The goal seems to have been intelligence on international reaction to Russian ambitions in Ukraine. Radware warns that other nations' networks should expect to be targeted, with the United Kingdom, France, Germany, and the United States of particular interest to Russian intelligence services. Russian information operations—marketing in battledress—directed toward the Near Abroad intensify.

Iran seems satisfied with its influence on the Syrian civil war, and also increases its cyber optempo. FireEye reports on "Operation Saffron Rose," in which apparent hacktivism evolved into a practically overt Iranian government cyber campaign.

Anonymous Tunisia continues to count coup against Israeli sites. In other respects Anonymous isn't doing so well these days: the collective is riven by a dispute over missing funds and allegations of mismanagement. The funds and mismanagement aren't large, but who would have thought a disinterested anarchist collective had any of either?

Many patches have been announced at mid-week. Beyond Microsoft's, users will also find fixes and upgrades to Adobe, Google Chrome, Linux, BlackBerry, and AVG software.

Breaking Defense reports on the difficulties widespread participation in cyberspace poses to armies (specifically the US Army, but all conventional armies are affected). Force protection and counterintelligence become difficult; asymmetric threats evolve more rapidly.

Damballa says North American businesses get, on the average, 10,000 security alerts daily. This is obviously too much to process: it's glare, not light.

Notes.

Today's issue includes events affecting Australia, Belgium, Canada, China, France, Germany, India, Israel, Japan, Philippines, Russia, South Africa, Tunisia, Ukraine, United Kingdom, United States and Vietnam.

Selected Reading

Cyber Trends

Cyber Space and its Militarization (DataQuest) Globally, cyber security is seen as a critical element of the national security apparatus by nations. The reasons are proliferation of advance and sophisticated cyber attacks, cyber threats with political and social effects, increase in cyber espionages, developments of cyber weapons and its usage for military purposes, attacks against nations by non-state actors, cyber terrorists, hackers etc

Army Grapples With Cyber Age Battles In Megacities (Breaking Defense) High-tech warfare at knife-fight ranges: that's the ugly future of urban combat. If you thought Baghdad was bad, with its roughly six million people, imagine a "megacity" of 10 or 20 million, where the slums have more inhabitants than some countries. Imagine a city of the very near future where suspicious locals post every US military movement on Twitter with digital photos and GPS-precise coordinates. Imagine roadside bombs that fly because the bad guys downloaded blueprints for a kamikaze mini-drone and built it with their 3-D printer

Average US business fields 10,000 security alerts per day, Damballa analysis finds (CSO) The average North American enterprise fields around 10,000 alerts each day from its security systems, far more than their IT teams can possibly process, a Damballa analysis of Q1 2014 traffic has found

Who watches the watchers? Big Data goes unchecked (Politico) The National Security Agency might be tracking your phone calls. But private industry is prying far more deeply into your life

Trend Micro's Q1 Security Roundup Reveals Cybercriminals' Advanced Methods for Executing Attacks on Wide Variety of Targets (Broadway World) Cybercriminals continuously discover more ways to successfully target new outlets for financial theft as revealed in Trend Micro Incorporated's (TYO: 4704; TSE: 4704) first quarter security roundup for 2014, "Cybercrime Hits the Unexpected." Greed is motivating cybercriminals to take a non-traditional approach in the selection of unlikely targets, such as advanced threats to Point-of-Sale (PoS) terminals and the exploitation of disasters. Though well protected, these new targets are in the crosshairs of emboldened cybercriminals around the world

Kaspersky Lab reports on cyber threats in Africa (BizTech Africa) As well as reporting on global IT threats, Kaspersky Lab also presents statistics for Africa in the first quarter of 2014, based on data from Kaspersky Security Network. Algeria leads in terms of local and web threats, well ahead of Egypt in second place. South Africa followed by Kenya saw a significant number of security incidents, though the number of users affected is one of the lowest in the region. Africa accounted for 4% of total security incidents worldwide, while the figure for the Middle East region was 3%

VN faces high risk of cyber attacks (VietnamNet) Director for Systems Engineering, Asia South Region, Symantec, Raymond Goh said that Viet Nam had jumped nine spots because of the rapidly increasing number of mobile internet subscribers and users who lack good cyber security skills

Office workers have little trust in digital world (Help Net Security) The majority of UK office workers have trouble deciding who to trust in the digital world, however this isn't surprising considering 14 percent have already been badly affected by cybercrime, according to PhishMe

Legislation, Policy and Regulation

Abe, Netanyahu agree to join hands on defense, Internet security (Japan Times) Prime Minister Shinzo Abe and Israeli counterpart Benjamin Netanyahu agreed in Tokyo Monday to bolster bilateral defense cooperation, including in cyberspace

Australian spies sought US assistance to listen in on Australian citizens (Sydney Morning Herald) Australia's electronic espionage agency sought the help of American spies to monitor the communications of Australian citizens suspected of terrorist connections, according to a new book by American journalist Glenn Greenwald

NSA reform: lawmakers aim to bar agency from weakening encryption (Guardian) Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment

Evan Schuman: One law to rule all data breaches — but let's make it a real law (Computerworld) When the White House issued its big-data privacy report on May 1, it recommended the passage of federal breach legislation "to replace a confusing patchwork of state standards." Although that may have sounded like good news to the development community -- the folk who generally bear the brunt of complying with such security requirements -- it's only a step in the right direction if your goal is falling off of a cliff

REUTERS SUMMIT-DHS chief says confident U.S. cyber legislation will pass (Reuters) Congress is likely to pass cybersecurity legislation this summer, Jeh Johnson, secretary of the U.S. Department of Homeland Security said on Tuesday, citing growing consensus among lawmakers on the need to help industry share data with government about escalating attacks on computer networks

Government Surveillance Criticism Heats Up (InformationWeek) As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed

Can JIE take cyber awareness 'beyond the foxhole'? (C4ISRNet) The Joint Information Environment aims to streamline Defense Department technology and networks, aligning the services under a centralized strategy for the future of Pentagon IT. But what will the initiative do for military operations in cyberspace?

Here's why the GSA wants to build a sprawling cybersecurity campus in Greater Washington (Washington Business Journal) The federal government is putting together plans for a sprawling campus devoted to cybersecurity somewhere in the D.C. region that would bring together hundreds of industry experts under one roof

Products, Services, and Solutions

Mozilla Asks CAs for Details on Subordinate Certificate Controls (Threatpost) Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company's new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, but gave CAs about a year to comply and now that grace period is running out

SafeNet Enhances Access Security to Microsoft Cloud Applications and Services (MarketWatch) SafeNet, Inc., a global leader in data protection solutions, today announced that its industry-leading SafeNet Authentication Service (SAS) can be fully integrated with Microsoft Windows® Server 2012 R2 Active Directory Federation Services (AD FS). This enables enterprises and other organizations to quickly deploy and manage multi-factor authentication into Office 365® applications and other web-based services for more secure access control

Compatability Issues May Occur with Microsoft's EMET Security Tool (Microsoft Certified Professional Magazine) Microsoft's free Enhanced Mitigation Experience Toolkit (EMET) may not operate correctly for some apps. EMET emerged from Microsoft about five years ago as an alternative check to software security threats, but using it comes with a risk that users will encounter application compatibility issues. Microsoft's lists just a few apps with known incompatibilities, including Skype, the NetFlix Silverlight app, ATI drivers, the iPod sync service and an AOL plug-in, at this TechNet forum page. However, the forum includes comments from many others describing apparent app incompatibility issues

Proofpoint Targeted Attack Protection™ Featuring Predictive Defense Selected as Finalist for Microsoft Best of TechEd Awards (MarketWatch) Latest generation of Proofpoint advanced threat protection, cloud security and compliance for Microsoft Office 365 and Exchange is one of 3 finalists in security category

CYREN Expands International Reach with Strategic Distribution Deal in India (MarketWatch) CYREN CYRN -0.60%, a leading provider of cloud-based security solutions, today announced it signed a national distribution agreement with NexTek, an IT services and solutions company based in Mumbai, India. The partnership creates a significant CYREN presence in the country

Cyberoam ties up with IP Dimension as its partner in SA (ITWeb) Cyberoam, the leading global provider of network security appliances, today announced the appointment of IP Dimension as its partner in South Africa

Lieberman Software Enables Audited, Privileged Access for Users From the Cloud to On-Premises (MarketWatch) Lieberman Software Corporation is introducing new privileged user management (PUM) capabilities in Enterprise Random Password Manager(TM) (ERPM) at Microsoft TechEd 2014 in Houston, TX this week. The new PUM capabilities allow users to launch cross-platform applications in a secure environment, where elevated operations are automatically authorized, recorded and audited. ERPM now offers connectors for a broad array of cloud provider portals, SAAS vendors and social media platforms

SanDisk ships its first self-encrypting SSDs (ComputerWorld) The drives come with management software with an administrative dashboard

SanDisk Unveils Third-Party Ecosystem of Enterprise Security Software Providers to Support SanDisk X300s SSD Deployments (MarketWatch) SanDisk Unveils Third-Party Ecosystem of Enterprise Security Software Providers to Support SanDisk X300s SSD DeploymentsSanDisk Corporation (SNDK), a global leader in flash storage solutions, today announced the inaugural members of its broad ecosystem of independent software vendors (ISV) for security management

Newest ESET® Mobile Security Comes With Proactive Anti-Theft (MarketWatch) New proactive anti-theft detects potentially dangerous situations for Android devices

Microsemi Protects Against Future Heartbleed-like Attacks with Introduction of Breakthrough WhiteboxSSL Cryptography Security Solution for OpenSSL (MarketWatch) More than a patch, Microsemi WhiteboxSSL is a fundamental drop-in security technology that prevents memory-based server key attack vulnerability

Panda Security Launches Panda Cloud Antivirus 3.0, More Intuitive, Lighter and Safer than Ever Before (Digital Journal) Panda Security, The Cloud Security Company, today announced the launch of a new version of its popular cloud-based free antivirus scanner Panda Cloud Antivirus, v3.0

Advanced attack protection for data centres (ProSecurityZone) StealthWatch FlowSensor 4000 has been released for providing large network visibility and security against advanced attacks launched against enterprise data servers and data centres

Free Malware Research Tool On Tap (Dark Reading) Invincea to release a free research version of its FreeSpace forensics tool next week

Technologies, Techniques, and Standards

Proactively Hardening Systems Against Intrusion: Configuration Hardening (Tripwire: The State of Security) The concept of "hardening" has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that's been repeatedly quenched and tempered, or of hardened fortifications or bunkers

Marketplace

Cyber: worth the risk? (Intelligent Insurer) As cyber threats increase and legislation involving privacy and data breaches tightens, demand for cyber coverage has never been higher. As insurers strive to stay ahead of demand, Intelligent Insurer asks is the industry doing enough?

Key focus areas for security technology investment (Help Net Security) A new report from the Security for Business Innovation Council advocates three key areas for technology investment and recommendations for specific security technologies to build better anticipatory defenses while also improving business productivity

Nurturing IT's Next Generation, Chicago-Style (InformationWeek) There's plenty of talk about IT talent gaps and developing the next generation of tech pros. Here's how several Chicago companies walk the walk — locally

Wellington Financial Provides $5 Million Growth Capital to Agiliance (MarketWatch) Wellington Financial LP, a privately-held specialty finance firm, today announced a $5 million expansion financing for Agiliance®, Inc. The investment will be used to increase product marketing evangelism, leverage target sector distribution and solution coverage and bring to market a new cloud offering. Wellington's funding follows Agiliance's double-digit profitability over the past seven quarters, release of an innovative and high quality RiskVision™ 7 , and nearly ten-fold growth in secure cloud services wins over a trailing twelve month period

Syniverse Agrees to Acquire Aicent (MarketWatch) Acquisition anticipated to expand Syniverse's global communications network, driving increased service and value to customers

Blue Coat is looking to partner with business, says chief security strategist (ComputerWeekly) Information security is about what you can make possible for the business, says Hugh Thompson, chief security strategist at security firm Blue Coat

CSG Invotas Appoints Stephen R. Katz to Advisory Board (Wall Street Journal) CSG Invotas, the exciting new enterprise security business from CSG International, Inc. (NASDAQ: CSGS), today announced the addition of Stephen R. Katz to its advisory board

WatchGuard Technologies Announces Interim CEO (MarketWatch) WatchGuard® Technologies , a leader in integrated security platforms, today announced that its Board of Directors has named Michael Kohlsdorf as interim CEO while it conducts a selection process to replace Joe Wang, who has announced his departure

Research and Development

Facebook experiment helps battle man-in-the-middle attacks (CSO) Facebook, Carnegie Mellon University detection tool finds tampered or forged certificates in more than 6,800 SSL connections to the social network

Inspired by nature, researcher develops new cyber security techniques (Phys.org) Imagine a cyber world in which hackers, identity thieves, spammers, phishers, foreign spies and other miscreants have a much tougher time plying their trade. Thanks to UC Irvine computer science professor Michael Franz and his research group, such a world is closer to a reality

Security Patches, Mitigations, and Software Updates

BlackBerry Updates Products Affected by Heartbleed (Threatpost) BlackBerry issued an advisory today that updates are available for all of its products affected by the Heartbleed OpenSSL vulnerability

Stable Channel Update (Chrome Releases) The Stable Channel has been updated to 34.0.1847.137 for Windows, Mac and Linux. This release also contains a Flash Player update, to version 13.0.0.214

Linux "got root" kernel bug patched after five years at large (Naked Security) You enter stormy waters when you compare security at the core of Linux with security inside Windows

Patch Tuesday wrap-up, May 2014 — Adobe and Microsoft both patch multiple remotable holes (Naked Security) Patch Tuesday updates from both Microsoft and Adobe are out. There aren't any huge surprises this month, because we haven't been waiting to see whether any as-yet-unpatched zero days made it into the updates

Microsoft reveals new security and privacy capabilities for Office 365 (On Windows) Microsoft has revealed several new capabilities to improve security and privacy of its enterprise-grade Office 365 platform

TechEd: Microsoft boosts Azure cloud defences to deter data thieves and cyber saboteurs (V3) Microsoft has announced a wealth of security enhancements for its Azure cloud platform, including new in-built anti-malware and Site Recovery services

Twitter glitch makes it more difficult to report abuse, while "mute" is on its way (Naked Security) Yesterday, Twitter offered two security- and vicious-troll-related things

AVG Slammed For Not Patching 'Critical Flaws' (TechWeek Europe) AVG fixes one of four vulnerabilities in remote administration tool, but researchers who uncovered the flaws aren't happy with the security firm

Cyber Attacks, Threats, and Vulnerabilities

Chinese hackers accused of attacking Vietnamese websites (Thanh Nien News) As tensions flare in the East Sea, a leading Vietnamese Internet security company reported Monday that 220 local websites were apparently attacked by Chinese hackers

Russian Hackers Suspected of Stealing Documents Related to Ukraine from Belgian Ministry (Softpedia) A piece of information-stealing malware has been discovered on the systems of Belgium's Ministry of Foreign Affairs. Cybercriminals are said to have used the malware to steal documents and information related to the crisis in Ukraine

Public sector warned over Ukraine cyber-war threat (Public Technology) UK public sector bodies are being warned that they could face cyber attacks within days as a result of growing tensions in Ukraine

Anatomy Of The New Iranian APT (Dark Reading) Former Iranian hacktivist operation evolves into cyber espionage with 'Operation Saffron Rose'

Cyber spies in disguise: Nation-state (SC Magazine) Espionage has been a fact of life for centuries, but with increased capabilities online, it's spread beyond a narrow core, reports James Hale

Anonymous Tunisia takes down 100 Israeli websites (CyberWarZone) Anonymous hackers which support the Anonymous Tunisia group have successfully attacked 100 Israeli webdomains

Do you use NAS drives? For work? One just LEAKED secret cash-machine blueprints (The Register) So says security biz in 'share everything to the web' flaw alert

Heartbleed Vulnerability Still Beating Strong (SecurityWeek) It has been roughly a month since the 'Heartbleed' vulnerability in OpenSSL became public, and for all the publicity, many organizations remain vulnerable

Hidden face of a Dirty Decrypter malware (Infosec Institute) The Dirty decrypter is a crypto ransomware; its intention is to encrypt the compromised user's pictures, documents, videos etc making them unusable. The malware coerces you to pay large sums of money to decrypt any of these files. Failure to pay this sum will cause the malware to destroy all the decryption keys for the files, which results in destruction of the user's files forever. The malware was coded with the ability to override several essential security measures such as Windows Firewall, UAC, and Anti-Virus solutions

Kippo Users Beware: Another fingerprinting trick (Internet Storm Center) We all know that the ssh honeypot "kippo" is a great tool. But it is awful easy for an attacker to figure out that they are connected to a kippo honeypot. The latest trick I see people use is to run the "file" command, which is not impleneted in kippo

Canadian security company server used for massive DDoS attack (IT World Canada) A high-power server used by a Canadian security company was hijacked in a massive distributed denial of service "DNS flood" attack against an online gaming web site earlier this month

Uruguay: Prisoner Hacks US Ambassador's Cellphone (New York Times) A prisoner in Uruguay tapped into the U.S. ambassador's cellphone and sent messages to some of her contacts in an attempt to commit a still undisclosed fraud, authorities said Tuesday

Spamvertised 'Notification of payment received' themed emails lead to malware (Webroot Threat Blog) PayPal users, watch what you click on! We've recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails

"Your Photos Are being Used" phishing scam targeting Facebook users (Help Net Security) Another day, another Facebook phishing scam. This one comes in the form of a warning sent by a friend: "OMG YOUR PHOTOS ARE BEING USED ON THIS SITE"

About 50K transactions, other data, compromised in three-month breach (SC Magazine) Arizona-based Gingerbread Shed Corporation is notifying customers that an unauthorized individual gained access to its systems for roughly three months and may have compromised about 50,000 transactions, as well as other data

ICO Report Identifies Eight Most Common Causes Of Data Breaches (TechWeek Europe) ICO says the same mistakes are being made again and again. The Information Commissioner's Office (ICO) has called on businesses and organisations to familiarise themselves with the best ways of protecting personal data and not fall prey to the most common causes of data breaches

Such hack, much sad: Doge Vault reportedly loses $56,000 in heist (Ars Technica) Even the fun-loving, not-so-serious cryptocurrency is subject to real hacks

Investor Alert: Bitcoin and Other Virtual Currency-Related Investments (US Securities and Exchange Commission) The SEC's Office of Investor Education and Advocacy is issuing this Investor Alert to make investors aware about the potential risks of investments involving Bitcoin and other forms of virtual currency

Windows Vista trumps XP in fourth quarter malware infections, report reveals (ComputerWeekly) The last quarter of 2013 saw a dramatic rise in malware infections of computers running supported versions of Microsoft Windows, a report has revealed

Windows XP is extinct. So why are so many companies still on it? (Forbes) The latest security risk to computers running Windows XP highlights the dangers to supply chains that continue to rely on that obsolete operating system

Academia

Norwich University receives $122,000 NSF grant for cybersecurity scholarship (Vermont Biz) Norwich University has received a $122,232 supplemental grant from the National Science Foundation (NSF) as part of a "Scholarship for Service" program, in which student-recipients majoring in computer security and information assurance commit to work for the federal government following graduation. A five-year, $974,836 grant was awarded by the NSF two years ago, portions of which are disbursed annually. The current $122,232 grant supplements this original grant, and will support the education of one student for two years

Northrop Grumman Receives Special Judge's Award from Orange County Public Schools (MarketWatch) Northrop Grumman earns recognition as the industry force behind innovative educational outreach in STEM disciplines

Litigation, Investigation, and Enforcement

Snowden, China and cyber security (Horizons (blog)) As I wrote about yesterday, I keep trying to convince myself that Edward Snowden was just a naive fool rather than something more sinister. But just as I'm about to get there, another troubling inconsistency in his story emerges

'No Place to Hide' a vital discussion on Snowden's revelations (Chicago Tribune) Glenn Greenwald's "No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State" comes with a built-in challenge: creating a sense of drama when we all know the basics of the tale. In December 2012, the Rio de Janeiro-based journalist, then writing for the Guardian, received an email from someone calling himself Cincinnatus, after the Roman farmer "who, in the fifth century BC, was appointed dictator of Rome to defend the city against attack"

Chronicling the abuse of authority (The Economist) The disclosures of Edward Snowden constitute perhaps the most notorious leak in history. America's National Security Agency was so secretive that for decades even its existence was classified. Insiders joked that its initials stood for "no such agency". That a 29-year-old contractor was able to steal tens of thousands of classified documents is not only astounding, but also unprecedented. Only recently had it become possible to fit so much material on an inexpensive digital chip

Justice Dept. Criticized on Spying Statements (New York Times) Two Democratic senators accused the Obama administration on Tuesday of seeking to "ignore or justify" statements it made to the Supreme Court about warrantless surveillance by the National Security Agency, contributing to what they called a "culture of misinformation" by the executive branch

Explaining the law behind Privacy International's challenge to GCHQ's hacking (Privacy International) Today, Privacy International lodged a legal challenge to GCHQ's extensive and intrusive hacking of personal computers and devices. Below, we answer a few questions about the law underlying our complaint, and why it matters

"Battered, fractured" Anonymous hacktivists in schism over missing funds (ITProPortal) Back in 2013, Anonymous was riding high. The loose hacktivist collective had just carried out a number of high-profile hacks against major targets around the world, it had gained fame by hacking the email inbox of the beleaguered Syrian President Bashar al-Assad, and it had just raised more than $54,000 (£32,000) via crowdfunding site Indiegogo to turn its YourAnonNews Twitter account into a rolling news service

In 18 months, feds got nearly 300 complaints about Bitcoin miner maker (Ars Technica) Federal Trade Commission received worldwide complaints about Butterfly Labs

How a mayor's quest to unmask a foul-mouthed Twitter user blew up in his face (Ars Technica) Angry backlash shows that online overreach won't "play in Peoria"

UPMC Faces Class Action Lawsuit Over Data Breach (eSecurity Planet) The suit seeks monetary damages plus 25 years of credit monitoring and credit restoration for those affected

100 more Filipino suspects linked to sex blackmail (Philippine Star) About 100 more Filipino suspects are linked to online blackmail syndicates that extorted money from victims worldwide after luring them into exposing themselves in front of webcams or engaging in lewd chats, a Philippine police official said Tuesday

Chinese Students Charged with Hacking to Alter Phys Ed Records (eSecurity Planet) The two were paid almost $13,000 by fellow students who wanted to avoid the school's required morning run

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.

Cyber Security for National Defense Symposium (, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations can come together for actionable discussions and debate. The symposium will focus on increasing the security and resiliency of the Nation's critical networks, operating freely in the Cyber Domain, and the protection of infrastructure in support of national defense and homeland Security.

CyberWest (Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations and Governments to a complex threat environment including hacktivists to trans-national crime organizations and advanced persistent threats. Join experts from government, industry and academia in discussing how we are making our future more secure.

Fraud Summit (Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.

How the SBIR/STTR Program Can Help Grow Your Business (Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of dollars in SBIR/STTR funds for research, development and commercialization purposes. This course will provide attendees with an overview of the SBIR/STTR programs; funding sources and eligibility requirements; best practices in SBIR/STTR proposals writing, involvement, and commercialization; and a discussion of how to protect your company's legal interests in either program.

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.