The CyberWire Daily Briefing for 5.16.2014
The Belgian Foreign Ministry works to recover from the latest cyber attacks it's sustained. (The Ministry is more attack route than primary target: the attackers are interested in third parties.)
Symantec has a good brief account of the Elderwood platform's resurgence in recent zero-day campaigns. Organized criminals behind Elderwood (and their customers) would do well to take note of two bits of law enforcement news. In some demand-side policing, an international manhunt (European and Australian) is kicking in the doors of Blackshades malware buyers. And in the United States the mob-busting RICO battle-axe has been used to send a low-grade cyber crook away for twenty years.
The zero-day Microsoft closed in its recent out-of-band patch continues to be actively exploited, with Australian enterprises reporting attacks using exploits designed to evade defenses.
Banking Trojan Zeus Gameover is also evolving, and now hits victims in new countries (South Africa, Nigeria, India, Singapore, Turkey, UAE, Saudi Arabia, Australia, Croatia, and Greece among them).
Did you know Kaspersky sold a "Kaspersky Mobile" security app in the Windows Phone store? Neither did Kaspersky—there's no such product—and Kaspersky Labs alertly exposed the fraud. A similarly bogus "VirusShield" was discovered in the Android store last month. Caveat emptor, but more scrutiny of products by the stores themselves would be welcome.
In the US, the Retail Industry Leaders Association and the National Retail Federation organize separate cyber threat information-sharing efforts. Observers hope the two associations will succeed in developing actionable intelligence through the glare of alerts.
Today's issue includes events affecting Australia, Belgium, China, Croatia, Denmark, European Union, Finland, Germany, Greece, India, Italy, Netherlands, New Zealand, Nigeria, Russia, Saudi Arabia, Singapore, South Africa, Sweden, Turkey, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Belgium Gets Hacked…Again (Wall Street Journal) Belgium's foreign ministry has no access to emails or the World Wide Web after it was hacked recently, although systems to handle passports and visas are up and running again. The ministry cannot tell, because it doesn't yet know, just when the attack started and how long it has been underway
Five-year-old Elderwood zero-day gang rides again (SC Magazine) More intelligence sharing is needed to tackle this type of zero-day threat, says Tom Cross, Lancope director of security research
How the Elderwood Platform is Fueling 2014's Zero-Day Attacks (Symantec) Back in 2012, Symantec researched the Elderwood platform, which was used in spear-phishing and watering-hole attacks against a wide variety of industries. The Elderwood platform essentially consists of a set of exploits that have been engineered and packaged in a "consumer-friendly" way. This allows non-technical attackers to easily use zero-day exploits against their targets
Recently patched IE 0-day abused in APT attacks (Help Net Security) When Microsoft issued an out-of-band security update to patch the zero day Internet Explorer vulnerability on May 1, it was revealed by researchers from security company FireEye that the bug was being actively exploited by attackers targeting US-based defense and financial firms
Hackers using IE exploit against Australian businesses (ZDNet) Australian businesses in the resource and mining, financial services, and telecommunications sector are the latest targets of hackers exploiting Internet Explorer zero day
Zeus 'Gameover' Trojan Expands Global Reach (Dark Reading) Cybercrime clients configure juggernaut Gameover variant of banking Trojan to reach bank customers in new countries
SNMP could be the future for DDoS attacks (SC Magazine) After DNS and NTP vectors are cut off, SNMP may be used to carry out DDoS attacks. DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront
Bogus anti-virus apps in the official Windows Phone and Android app stores (Graham Cluley) Security researchers at Kaspersky Lab have raised a querulous eyebrow after discovering a Kaspersky Mobile in the Windows Phone store
DogeVault says attackers gained access to virtual machines (CSO) The service lost 280 million dogecoins and has recovered 120 million
Breaches and Attacks that are "Not in Scope" (Internet Storm Center) Last week, we saw Orange (a Telecom company based in France) compromised, with the info for 1.3 million clients breach. At this time, it does not appear that any credit card numbers or credentials were exposed in that event. The interesting thing about this data breach was that it involved systems that would not be considered "primary" — the site compromised housed contact information for customers who had "opted in" to receive sales and marketing information
Why do people hack Social Media accounts? (Panda Security News) 'Why would a hacker want to break into my Facebook account when there is nothing of any real value there?' you may think. Think again. Your seemingly harmless information such as holiday photos, latest purchases and restaurant reviews can be a goldmine when they end up in the wrong hands
Dairy Queen catches flack over data privacy fail, says let them eat cake (FierceBigData) Ok, that's not exactly how it went down but the gist is still true. In honor of Mother's Day, Dairy Queen offered a brain-freeze deal--not from its free offer of an ice cream cake but from the strings attached to it
Data Breach Exposes 3,500 New Zealand Dentists' Personal Information (eSecurity Planet) Names, titles, home addresses, phone numbers, email addresses, user names and passwords were exposed
5 EYEWITNESS NEWS Investigates Flaw in Security of Popular Websites (5 Eyewitness News) Your bank, your email, and your favorite retailer — your online accounts with all three — could be vulnerable to an attack almost any hacker could pull off
Security Patches, Mitigations, and Software Updates
Bitly Installs Two-Factor Security After Insider Account Compromise (eWeek) Back on May 8, popular URL-shortening service Bitly admitted that its systems were compromised. As it turns out, Bitly has now disclosed that the problem is just the latest example of an insider compromise
Apple releases OS X Mavericks 10.9.3, repeats last month's security updates (Naked Security) In the very latest Chet Chat podcast, we wondered aloud if Apple was heading into what you might call the "patching mainstream"
Apple releases Mac OS X 10.9.3, but offers scant information on improvements (Intego) Today Apple has released a new version of its desktop operating system, OS X 10.9.3, but offered the barest of details regarding what the minor update actually fixed
Adobe's Last XP-ready Patches Cover Critical Updates for Flash, Acrobat and Reader (Infosecurity Magazine) The software maker announces fixes for several remote code execution vulnerabilities
Microsoft's .NET Framework security updates further effort to phase out RC4 encryption (PC World) Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections
Microsoft bug hunters kicked 0day own goal (The Register) Redmond no longer tells world about bugs until it checks own exposure
Google Apps users getting encrypted messaging that goes beyond Gmail (CSO) Google is making available a service to allow its enterprise customers to send and receive encrypted e-mail to users of non-Google mail systems, including Yahoo and Microsoft Exchange
Cybercriminals targeting unlikely sources to carry out high-profile exploits (Help Net Security) Cybercriminals continuously discover more ways to successfully target new outlets for financial theft, according to Trend Micro. Greed is motivating cybercriminals to take a non-traditional approach in the selection of unlikely targets, such as advanced threats to Point-of-Sale (PoS) terminals and the exploitation of disasters
Symantec: New era of 'Mega Breaches' signals bigger payouts for cyber criminals (Techday) After lurking in the shadows for the first ten months of 2013, cyber criminals unleashed the most damaging series of cyber attacks in history
Consumers have little security concern with BYOD (Help Net Security) Despite the rise in the use of personal devices for business use, U.S. consumers are showing scant concern for security when it comes to BYOD
Workers download malware in SA companies (News 24) Malware designed to steal sensitive data is on the increase and employees in 84% of South African companies download the software once every 10 minutes
Over Half of US Firms Have No Formal BYOD Agreements with Staff (Infosecurity Magazine) Gartner research highlights huge security blindspot for organizations which allow use of personal devices for work
Cyber experts tread carefully around the Internet (Reuters) They know the risks of the Internet better than anyone, but most cyber experts still shop and bank online — with care
How to Ensure Your Social Media Privacy (CIO) Living a genuinely private life in today's increasingly social and interconnected world requires an equal measure of patience, research and ingenuity. Of course, digital marketers say you worry too much
Dual Retail Cyberthreat Intelligence-Sharing Efforts Emerge (Dark Reading) The Retail Industry Leaders Association (RILA) rolls out a retail ISAC following the National Retail Federation's (NRF) announcement last month of an intel-sharing platform planned for June
Retail stores commit to cyber info sharing (The Hill) More than 50 major retailers like the Gap, Safeway, Target and J.C. Penny are getting together for a new push to fight hackers
Target, JC Penney among new ragtag retail cybersecurity team (ZDNet) They join the likes of Safeway and Lowe's in the Retail Industry Leaders Association, a collaborative organization aimed at helping retailers share threat data
How retailers can boost security through information sharing (CSO) Retailers have formed a group for sharing threat intel, but experts say success depends on trust and technology
A State of Security Event Overload (Dark Reading) As many as 150,000 security events are logged each day in some enterprises, new data shows
Business needs to shift budget to relevant security, says Verizon (ComputerWeekly) Many businesses are failing to invest in blocking the threats that are actually hitting them, says Eddie Schwartz, vice-president of global security solutions, Verizon. "This is because most of their budget is still being spent on traditional perimeter defences, which means there is little left over for anything else," he told Computer Weekly
Report Shows Global Market Jittery on Cloud, Due to NSA (MSP News) Edward Snowden's revelations about the widespread snooping activities of the US National Security Agency have made businesses much more circumspect in their choice of cloud services providers, especially those that host data in the USA
Electronic Frontier Foundation praises tech firms for post-PRISM privacy moves (V3) Internet and technology rights group the Electronic Frontier Foundation (EFF) has praised the improved transparency of Google, Microsoft, LinkedIn, Twitter and Facebook, among others, which it says have upped their game in response to the public reaction to Edward Snowden's NSA-related whistleblowing
Why the FBI Wants to Procure Malware (Nextgov) The FBI seeks a commercial supplier of malicious software to supply the intelligence agency with a steady stream of 30 to 40 gigabytes per day of old variants and new, unique malware for research purposes
Agencies near cyber-workforce deadline (FierceGovernmentIT ) By the end of the fiscal year, agencies must update and re-define current and future cybersecurity positions by applying the National Cybersecurity Workforce Framework taxonomy to all positions in the Information Technology Management 2210 and 443 Occupation Series
Rackspace Hires Morgan Stanley To Explore Its Options (CRN) Data hosting and cloud giant Rackspace Hosting said Thursday that it has hired Morgan Stanley to explore the possibility of partnering with another technology firm or being acquired
Tenable Network Security is Selected as a Finalist for the 2014 Red Herring Top 100 North America Award (MarketWatch) Tenable Network Security®, Inc. the leader in real-time vulnerability, threat and compliance management, announced today it has been selected as a finalist for Red Herring's Top 100 North America award, a prestigious list honoring the year's most promising private technology ventures from the North American business region
Products, Services, and Solutions
High-Tech Bridge launches online on-demand web penetration testing service ImmuniWeb (Dark Reading) On-demand ethical hacking service delivers new approach to website security assessment, manually-written report guarantees zero false-positives
Eset launches upgraded mobile security system (Telecompaper) Global ICT security specialist Eset has released the latest version of Eset Mobile Security, which arms Android users with proactive anti-theft features to track lost or stolen mobile devices
Bitdefender Launches Removal Tool for Stubborn Mac Adware (Broadway World) Bitdefender, the innovative antivirus software provider, has released the Bitdefender Adware Removal Tool to remove aggressive adware such as Genieo that can alter users' search results, inject ads and monitor web sites visited
Cimcor & SWC Technology Partners Form Partnership (IT Business Net) Cimcor is pleased to announce a partnership with SWC Technology Partners. This is Cimcors newest U.S. partner that will offer CimTrak, the innovative IT security, integrity and compliance technology developed by Cimcor. Built around leading-edge file integrity monitoring (FIM) technology, CimTrak provides deep situational awareness into changes occurring in an organizations IT infrastructure and is deployed heavily to meet payment card industry digital security standards
Proofpoint Targeted Attack Protection Featuring Predictive Defense Named Winner for Microsoft Best of TechEd Awards (MarketWatch) Proofpoint builds momentum in storied Microsoft partnership with next-generation email security solutions
Mac adware removal tool (Help Net Security) Bitdefender has released the Bitdefender Adware Removal Tool to remove adware such as Genieo that can alter users' search results, inject ads and monitor visited web sites
CIS Configuration Assessment Tool 3.0 released (Help Net Security) The Center for Internet Security (CIS) announced the release of an enhanced version of its CIS Configuration Assessment Tool, known as CIS-CAT
Technologies, Techniques, and Standards
Retail Breaches Bolster Interest In NIST Cyber Security Advice (InformationWeek) Target data breach highlighted risks in corporate supply chains, and companies are looking to government guidelines for ways to shore up cyber defense, says White House
Brown HIV researchers make Dropbox secure with nCrypted Cloud (CSO) Consumer tech acceptable for sensitive data with a little help from encryption
Beware Cognitive Bias (Dark Reading) Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow
TechEd: Microsoft says Tor cannot stop PRISM snoops and cyber crooks (V3) The Tor network cannot protect web users from cyber criminals and state hackers, according to a top Microsoft security expert
Collecting Workstation / Software Inventory Several Ways (Internet Storm Center) One of the "prepare for a zero day" steps that I highlighted in my story last week was to inventory your network stations, and know what's running on them. In short, the first 2 points in the SANS 20 Critical Security Controls. This can mean lots of things depending on your point of view
How to Protect PII (eSecurity Planet) Personally identifiable information, or PII, is especially valuable to hackers. Here's how to make sure they don't get their hands on it
QinetiQ hosts MP visit (Worcester News) Sir Peter Luff MP meets QinetiQ graduates and students from The Chase School currently on placement with QinetiQ. Graduates at defence technology company QinetiQ shared their experiences and aspirations as part of a national campaign
Legislation, Policy, and Regulation
Saudi King Reshuffles Defense Posts (Defense News) Saudi Arabia's King Abdullah on Wednesday reshuffled top defense posts, removing the deputy minister and the chief of staff, state news agency SPA reported
Saudi Government Seeks Hackers (eSecurity Planet) The hackers will be employed by the country's National Information Center to find vulnerabilities in Saudi Arabia's networks
New Zealand Spy Agency Trained by NSA in Mass Surveillance; PM John Key Refuses to Comment (International Business Times) New Zealand Labour has asked Prime Minister John Key to admit that the country's spy agency has been trained by the U.S. National Security Agency to do mass surveillance. Documents published in a new book revealed that all agencies involved in the Five Eyes Network were trained to operate a sophisticated system that can sift through phone numbers, email addresses and online chat messages
Haglund defends NSA co-operation (Helsinki Times) Military intelligence co-operation is a prerequisite for Finland's participation in international crisis management operations, the Minister of Defence has suggested. Carl Haglund (SFP), the Minister of Defence, has spoken up for the co-operation between the Finnish military intelligence service and the US National Security Agency (NSA), emphasising that Finnish intelligence operations concentrate solely on military targets
The Intelligence Legitimacy Paradox (Lawfare) I have spent the day, which is not over yet in Palo Alto, at a conference at the Hoover Institution on "Intelligence Challenges"…And from the beginning of the day, one theme has arisen repeatedly: call it the "intelligence legitimacy paradox." The paradox, about which more than one speakers has wrung his or her hands, is that the threat environment America faces is growing ever more complicated and multifaceted, and the ability to meet it is growing ever-more-deeply dependent on first-rate intelligence. Yet at precisely the same time, the public has grown deeply anxious about our intelligence authorities and our intelligence community is facing a profound crisis of legitimacy over its basic authorities to collect. The explanation for the paradox, I think, is simple: technology
Cisco CEO: U.S. Should Reform Surveillance Rules (InformationWeek) Cisco CEO John Chambers says his company does not enable NSA spying, and that the U.S. government must establish proper policies
McCain Attacks Google and Yahoo in Hearing on Malicious Online Ads (Advertising Age) Sen. John McCain took aim at Google and Yahoo this morning during a Senate hearing on malicious online advertising, stating the companies "have a responsibility to help protect consumers from the potential harmful effects of the advertisements they deliver." The Arizona Republican also indicated the responses of the online ad giants during the hearing will compel him to push harder for legislation protecting consumers against malicious ads
Cyber pros, single security architecture among JIE-related priorities (C4ISRNet) As the Defense Department enters into an era of shared services and joint programs — many of which center on the Joint Information Environment — a new generation of priorities are emerging, according to one top DoD official
FCC 'Open' Internet May Mean 'Paid' (Dark Reading) Federal Communications Commission votes to consider broadband rules that could allow data fast lanes. Public invited to comment
The FCC doesn't have to authorize Internet fast lanes—they're already legal (Ars Technica) What the FCC chair really means when he says he isn't legalizing paid fast lanes
FCC Proves Yet Again That It's Out to Kill Net Neutrality (Wired) Well, that meeting of the Federal Communications Commission earlier today was certainly a lot of sound and fury signifying next to nothing
Litigation, Investigation, and Law Enforcement
BREAKING: International police hunt on Blackshades malware buyers (Cyberwarzone) The countries Germany, Australia, Denmark, Sweden, Italy and The Netherlands are operating together in a major police operation which is after people that have bought the 'Blackshades malware' from the darknet and supplyers. The Blackshades malware can be bought for 40 to 100 dollars on the darknet
22-year-old "organized crime" cybercrook convicted under racketeering law gets TWENTY years (Naked Security) Late in 2013, we wrote about what turned out to be something of a landmark criminal case in the USA. Cybercriminal David Ray Camez, 22, from Arizona, USA, was already serving a seven-stretch for cyberfraud when he was brought to trial in 2013, this time under RICO, the Racketeering Influenced Corrupt Organizations Act
Anti-gangster law invoked to score stiff sentence against two-bit cyberthief (Ars Technica) RICO helped take down the Gambino crime family. Now, it's being used online
Edward Snowden: Whistleblower or Foreign Intelligence Agent? (Communities Digital News) Edward Snowden, the National Security Agency contractor behind the massive leak of classified U.S. intelligence documents, continues to dominate headlines for his notorious exposé of the NSA's domestic surveillance program
Politician, paedophile and GP claim 'right to be forgotten' (Telegraph) Google has already received several requests to remove links from its search results
If Google is forced to forget, the internet will remember (The National) The American constitution refers to three fundamental rights — to life, liberty and the pursuit of happiness. Europe has just added a new right for the digital age, the "right to be forgotten". This is at the basis of an explosive ruling by the European Court of Justice that allows people to delete information they do not like from the results of Google searches
Most plaintiffs dismissed in SAIC's case of the unencrypted backup tapes (FierceITSecurity) It's hard to keep data breaches straight any more, but maybe you'll remember this one: In 2011 an SAIC employee was driving unencrypted backup tapes from one facility to another for Tricare, a military health program provider
Convicted Facebook paedophile walks free (Naked Security) Timothy StoreyOn Facebook, he was a wealthy 18-year-old prep school leaver called Tim Stone who listed "exercise, girls and naughtiness" as interests and who had almost 800 Facebook friends — all of them girls under 18
For the Delicious Irony Files (Lawfare) A report from the cyber underground where most of my Lawfare colleagues don't normally follow: File this one as a delicious irony (or, if you prefer, a delightful irrationality). Many will recall that back in 2010 when WikiLeaks first started releasing classified materials many of the financial intermediaries (Visa, Mastercard, Western Union and PayPal) started blocking donations to WikiLeaks. In retaliation, hackers affiliated with Anonymous initiated DDoS attacks on those web sites
For a complete running list of events, please visit the Event Tracker.
SANS Security West (, Jan 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.
INFILTRATE (, Jan 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.
Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.