
The CyberWire Daily Briefing for 5.21.2014
news from the Georgetown Cybersecurity Law Institute
Georgetown's Cybersecurity Law Institute opens this morning with discussions of legal and regulatory frameworks. We'll be expanding our summaries with tomorrow's and Friday's issues, but early speakers have stressed the multinational regimes companies effectively operate under, the importance of data discovery and a sound assessment of the value enterprises have at cyber risk, managing exposure to third-party risk, and corporate organization for effective cyber security.
More details concerning the US indictment of Chinese military personnel on charges of industrial cyber espionage emerge. The enterprises targeted (for the most part big ones) proved surprisingly vulnerable to social engineering: the principal route into their systems was phishing. The PLA hackers were also allegedly hired and tasked by Chinese government-owned companies, who thereby contracted out their own industrial espionage.
The Chinese government continues to express outrage, both in public denials of espionage and (paradoxically) tu quoque attacks on American policy: "you're hypocrites; you do it too."
The (very unequal) Russo-Ukrainian conflict gives rise to an interesting if implausible information operations campaign. Russia publishes stories (supported by photos) of US "mercenaries" conducting anti-Russian operations inside Ukraine. The US denies any such involvement, pointing out that the photos appear to be of police and National Guard working during Hurricane Katrina.
A warning has appeared in eBay sites advising users to change their passwords. It's still unclear, however, what to make of this, and how serious any breach might be (if there's actually been a breach at all).
The US Department of Homeland Security announces that an unnamed American public utility's control network has been hacked, but without disruption to its operations.
In industry news, Proofpoint buys automated incident response provider NetCitadel. Congratulations to Lunarline, Tenable, and Duo Security, all of whom receive awards.
The US Congress advances surveillance reform legislation, but privacy advocates remain dissatisfied. Congress also considers legislation designed to help the Department of Homeland Security hire cyber talent.
Notes.
Today's issue includes events affecting Bahrain, Belgium, China, France, Iran, Kuwait, Oman, Qatar, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese Hackers Show Humans Are Weakest Security Link (Bloomberg View) Some of the biggest companies in the U.S. remain vulnerable to one of the oldest hacking tricks in the book, according to yesterday's indictment of five Chinese military officials accused of stealing trade secrets
Chinese state-owned enterprises 'hired' military hacking unit (PCWorld) A U.S. criminal indictment against Chinese Army personnel over alleged hacking describes how stolen intellectual property was funneled to Chinese companies, an unresolved question for analysts
A Peek at the Chinese Army Unit Accused of Hacking U.S. Companies (Wall Street Journal) The People's Liberation Army hackers at the center of U.S. allegations of government-led Chinese cyber-theft work in a cluster of buildings that are easy to ignore among Shanghai's skyscrapers
White House accuses Russia of anti-U.S. propaganda war in Ukraine (Los Angeles Times) The Obama administration's dispute with the Kremlin over the unrest in Ukraine has turned to a new controversy: whether heavily armed men in a grainy image are trigger-happy American mercenaries in Ukraine or a police SWAT team in New Orleans after Hurricane Katrina
American Public Utility Hacked, Dept. of Homeland Security Says (Reuters via Newsweek) A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security
Should you change your eBay password? (Graham Cluley) It's all very curious. A post has appeared on PayPal's community site and press website claiming that eBay is going to ask all eBay users to change their passwords
Fascinating MiniDuke backdoor hits again (Help Net Security) MiniDuke — the extremely small and highly customized Asembler-based backdoor used in the past to target mostly government entities and institutions around the world — has been spotted again, this time by ESET researchers
Pat Pilcher: Are Windows XP security threats overhyped? (New Zealand Herald) With Windows XP support now at an end, debate is raging about what this means for home and business users once XP vulnerabilities start being exploited. Curious to get an experts view, I caught up with Alastair MacGibbon
Stalking-as-a-service: Creepy Facebook urges users to pester friends about their SEX LIVES (The Register) What the Zuck? Facebook users are now encouraged to ask fellow Facebookers to reveal details about their relationships if they haven't already dished the dirt on their love lives
is.gd goes down, takes a billion shortened URLs with it (Netcraft) The popular is.gd URL shortening service has been offline for more than two days, taking with it more than a billion shortened URLs. Shortly before the site disappeared on Sunday, the homepage reported that its links have been accessed nearly 50 billion times
Facebook rape joke posted by 'hackers', Hooters insists (Naked Security) "We were hacked!" said Hooters, the emporium of beer, buxom babes and unlimited $10.99 chicken, after somebody posted a rape joke onto its Facebook page on Saturday
Cyber Trends
Privacy advocates warn of 'nightmare' scenario as tech giants consider fitness tracking (Washington Post) Fitness tracking apps and devices have gone from an early adopter novelty to a staple of many users' exercise routines during the past few years — helping users set goals and measure progress over time. Some employers even offer incentives, including insurance discounts, when workers sign up
Insider Threat survey reveals increased awareness but little action (Wall Street Journal) Despite heightened awareness of insider threats, most organizations continue to grapple with how to mitigate risks to their networks and sensitive information. According to a new report issued today by Raytheon Company (NYSE: RTN), people with access to privileged data — such as health care records, sensitive company information, intellectual property or personal records — frequently put their organization's sensitive information at risk
Half of security pros fail to secure data (Help Net Security) Research conducted at Infosecurity Europe 2014 has revealed that 50% of security professionals do not secure data on portable storage devices such as USBs and external hard drives
TECHNOLOGY: Luck not enough to avoid cyber security catastrophe (BusinessDayLive) It is March 2014 and London is under attack. The financial sector is suffering catastrophic computer failures. ATMs have stopped working. The stock exchange has put initial public offerings on hold because its computer systems are malfunctioning
The Most Important Points Missing From the Conversation About Cyberwar (Slate) Take that, Chinese hackers. This week, the Department of Justice announced the first-ever criminal charges against a foreign government for economic cyber-espionage. But the announcement speaks to a much thornier issue—one that may require a wholesale rethink of our legal framework for conflicts: Does an economic cyberattack constitute an act of aggression? Are we at the beginning of a cyber cold war?
Africa: Algeria Leads in Local, Web Threats in Africa — Kaspersky (allAfrica) Data from Kaspersky Security Network report on global IT threats, which include statistics for Africa in the first quarter of 2014, shows that Algeria was ahead in local and web threats, well ahead of Egypt and other African countries
Cyber attack costs the Gulf Arab countries $1b per year (Gulf Today) A new world war where faceless enemies are out to destroy using the internet and social media is gaining momentum. More than 18 cyber attacks take place per second globally and are costing the United States a whopping $250 billion (Dhs991 billion) a year alone
Marketplace
Government Hiring Practices Hamper Cybersecurity Efforts (InformationWeek) Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say
4 IT Security Stories to Watch: Microsoft, SAP, Alert Logic on Azure (MSPMentor) Microsoft (MSFT) and SAP (ADR) have expanded their global partnership and will create solutions designed to improve cloud and data interoperability. Alert Logic and Trend Micro (TYO) could be IT security companies to watch this week as well
Proofpoint Acquires Security Pioneer NetCitadel (TopTechNews) Proofpoint, Inc., a leading security-as-a-service provider, today announced that it has acquired Silicon Valley-based NetCitadel, a pioneer in the field of automated security incident response, for approximately $24.0 million in cash
Israel makes headway in cyber security (Financial Times) In a quiet corner of an Israeli farming village, Tanya sits at her computer and chats online with some of the most skilled hackers in cyber space. Some are just having fun; others are planning heists of credit card details or denial-of-service attacks that would cripple targeted websites
Veterans and the cybersecurity gap (FCW) An increasing number of training programs are betting on the common thread of situational awareness to link combat veterans with a wide range of cybersecurity careers
Lunarline Inc. Named One of Virginia's Fastest-Growing Businesses (MarketWatch) Lunarline Inc., a Service Disabled Veteran Owned Small Business and one of the nation's leading cyber security companies, was recently recognized as Virginia's 27th fastest-growing business during the 19th Annual Fantastic 50 Awards
Tenable Network Security Selected as a Red Herring Top 100 North America Winner (MarketWatch) Tenable Network Security®, Inc. the leader in real-time vulnerability, threat and compliance management, announced today it has been selected as a winner of Red Herring's Top 100 North America award, a prestigious list honoring the year's most promising private technology ventures from the North American business region
Duo Security's CEO Dug Song Named Innovator of the Year by Lawrence Tech & WWJ Newsradio (Broadway World) Last week, Lawrence Technological University awarded Duo Security CEO and co-founder Dug Song with the title of Innovator of the Year. Announced at a reception on May 15, Song was chosen from nearly 50 nominees for his numerous significant contributions to the information security industry
Catbird Names Holland Barry as Vice President of Technology (Digital Journal) Catbird, the leader in security policy automation and enforcement for private clouds, today announced Holland Barry as Vice President of Technology, promoting him from within the organization where he served as Solution Architect Director rather than filling the position externally
Former Microsoft, Geomagic execs join GlobalSign (Boston Business Journal) Web software security firm GlobalSign, which has its North American headquarters in Boston, said it has expanded its management team
Products, Services, and Solutions
SafeNet enhances access security to Microsoft cloud applications and services (Telecompaper) Cloud-based authentication solution easily integrates with Microsoft AD FS for uniform oversight of multi-factor authentication to all applications
Bitdefender Enhances Privacy, Security with App Lock for Android (MarketWatch) New Bitdefender Mobile Security & Antivirus adds a deeper layer of Android protection
AlgoSec Enables Security Zoning Policy Enforcement in Data Centers and Networks (MarketWatch) Latest release of the AlgoSec Suite raises the bar for automating security change implementation, provisioning 400 firewall rules in less than 10 minutes at a Fortune 50 customer environment
MobilityShield Offers Secure Reverse Proxy Alternative for Microsoft TMG to Publish Lync and SharePoint (IT Business Net) MobilityShield's Bastion reverse proxy solution enables organizations to safely publish SharePoint and Lync from mobile devices and protects against Active Directory credentials theft
Symantec tailors sharper small business security suite (IT World) Norton Small Business works on Windows, OS X and Android with limited features for iOS
Bromium and LogRhythm Team Up to Deliver Industry-Leading Security Intelligence (Bobs Guide) Integrated approach delivers in-depth security intelligence to defeat and analyze threats in real-time
Trend Micro Helps Facebook Users Fight Cyber Threats with 'HouseCall' (MarketWatch) Social media giant integrates threat defense technology to combat malicious activities while maintaining user privacy
SC Magazine Rates NIKSUN Alpine as Top Pick and Lab Approved (Broadway World) NIKSUN Inc., the world leader in real time and forensics-based cybersecurity and network monitoring solutions, is pleased to announce that NIKSUN's latest NetDetector/NetVCR Alpine has been awarded 5-stars by SC Magazine's Forensics Product Review, calling the Alpine offering "an analyst's dream" because of its intelligent ability to monitor traffic while also identifying anomalous traffic
Anonymous Search Engine DuckDuckGo Adds Images, Recipes, Places (NBC News) DuckDuckGo, the best anonymous alternative to the likes of Google and Bing, has just taken the wraps off some serious improvements. The search engine now matches your query to images, places, recipes and lots more
Technologies, Techniques, and Standards
Cyber Solutions Handbook: Making Sense of Standards and Frameworks (Booz Allen Hamilton) The strength of an organization's cybersecurity program is now a market differentiator, and cybersecurity is a key business enabler. Today, chief information security officers (CISO) and their equivalents are facing increased responsibility amid a series of quickly evolving
Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model (FireEye) This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model
How to use the Metasploit Framework to test for new vulnerabilities (TechTarget) Shortly following the confirmation of a new exploit, I often see that it is quickly added to the Metasploit Framework. What does that mean? Is it a sign that an exploit is particularly dangerous or just very common?
Design and Innovation
Bell Labs offers $100,000 prize for game-changing information technology (NetworkWorld) Bell is looking for innovative web applications, cloud services, cryptography, network mathematics, security to software-defined networks, wireless systems and coding theory
Research and Development
Researchers Crack Impregnable Encryption Algorithm in Two Hours (Laboratory Equipment) A protocol based on "discrete logarithms," deemed as one of the candidates for the Internet's future security systems, was decrypted by EPFL researchers. Allegedly tamper-proof, it could only stand up to the school machines' decryption attempts for two hours
UK and Israel join together for cyber security research (CSO) £1.2 million off joint funding for cyber research made available
Academia
Schools adding computer coding to curriculum (Boston Herald) Students as young as kindergartners are learning computer programming as Massachusetts schools join a growing national movement to prepare students for 21st-century jobs
Legislation, Policy, and Regulation
China vents outrage over U.S. cyberspying indictment (Washington Post) Outraged by U.S. cyberspying charges against members of a secretive Chinese military unit, China summoned the U.S. ambassador in Beijing for a dressing down, state media said Tuesday, and the Defense Ministry blasted the U.S. accusations as hypocritical
Michael Chertoff: China's Strategic Campaign To Steal Western Commercial Secrets (TIME) The indictment lays down an important marker that strategic intellectual property theft will be treated as a serious breach
Bill would give DHS special hiring authority for cyber professionals (Federal Times) The Department of Homeland Security would be given authority to pay cybersecurity professionals more and to hire them faster under legislation introduced May 20 by Sen. Tom Carper, D-Del
OVERNIGHT TECH: Lawmakers: Revised NSA bill best 'we're going to get' (The Hill) THE LEDE: Lawmakers on both sides of the surveillance debate say that privacy advocates' exodus from a key bill to rein in the country's intelligence agencies is not likely to halt momentum for the legislation
NSA spying: Rep. Justin Amash renews effort to gut controversial surveillance tactics (mlive) U.S. Rep. Justin Amash's latest bid to undermine the government's domestic spying programs became apparent this week after warning to amend the annual defense authorization bill
FBI mulls making marijuana users into crack computer security squad (Naked Security) Job satisfaction, according to some, is the key to a successful career. And what could be more satisfying than smoking pot in the toilets at FBI headquarters?
Op-Ed: In (and out) of the wilderness of secrets (Ottawa Citizen) The slow drip of revelations from former National Security Agency contractor Edward Snowden continues. Most of these revelations, of course, concern U.S. spy operations. They have already forced a fundamental rethinking of the legitimacy, lawfulness and purpose of the U.S.'s enormous capacity to conduct global surveillance
Litigation, Investigation, and Law Enforcement
Colombia's Santos blasts election rival for "criminal campaign" (Fox News Latino) Colombian President Juan Manuel Santos on Monday denounced his main challenger in the May 25 election for running a "criminal campaign," as evidenced by a video showing candidate Oscar Ivan Zuluaga meeting with a man recently arrested for cyber-espionage targeting the government
Sailor Who Led Hacker Ring From Aircraft Carrier Pleads Guilty (ABC News) A former Navy sailor pleaded guilty today to charges related to leading a hacking ring while serving aboard an American aircraft carrier
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.