Red October spread by a Java exploit as well as by infected Microsoft documents attached to emails. Its code has significant Russian language traces, but it also used many exploits developed in China for attacking Tibetan activists.
Incapsula publishes its analysis of the Izz ad-Din al-Qassam denial-of-service attack on US banks. Those banks have asked for US Government help, but security analysts doubt help will be forthcoming.
Another Java zero-day is out and selling for $5000 on the black market. North Korea continues its cyber harassment of the South with attacks on newspapers and political teams, and (dangerously) GPS jamming.
More analysis of bouncer list phishing appears. Verizon shares a cautionary tale of truly black-belt slacking: its log audits revealed that a model IT employee with six-figure compensation had in fact outsourced his job to Chinese developers.
Those of you who listened to sports talk radio on your morning commute heard that Notre Dame linebacker Manti Te'o may have been the victim of a catfish—a completely fictitious person with an online identity. It's worth reviewing ways in which Facebook and Twitter can be used by catfish, and also worth reviewing 2009's Robin Sage episode, the biggest catfish of them all.
Researchers find common bugs in SCADA and medical systems.
Industry news includes several executive moves. BlackBerry 10 gets positive advance word-of-mouth. IT staffs worry about "rogue clouds," clouds managers sign up for on their own hook. An Ubuntu Linux version designed for smart phones may challenge iOS and Android.
Today's issue includes events affecting Canada, China, Estonia, European Union, Germany, Iran, Ireland, Korea, Pakistan, Russia, Thailand, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Red October, RBN and too many questions still unresolved(Security Affairs) The recently discovered cyber espionage campaign Red October has shocked world wide security community, the principal questions raised are:Who is behind the attacks? How is possible that for so long time the campaign went undetected? Which is the role of AV company in these operations
Surprised? Old Java exploit helped spread Red October spyware(The Register) Unpatched Java installations may have helped spread the malware responsible for the recently uncovered "Red October" cyber-spying campaign, researchers at Seculert have revealed. Kaspersky Labs first disclosed the existence of Red October on Monday, claiming that the program had been responsible for attacks on systems in Eastern European countries, former Soviet republics, and Central Asian nations over the last five years. The primary vectors used to install the malware were emails containing attached documents that exploited vulnerabilities in Microsoft Word and Excel
Incapsula Security Firm Analyze Reality Behind Recent U.S. Cyber Attacks(HackRead) If you remember our article on a wave of DDoS attacks on several American banks, this news is the continual of that news and would be releasing some of the shocking aspects regarding the attacks. Here, we would like to add that these attacks were launched by a hacking group by the name of Izz ad-Din al-Qassam in protest to a video which breaches the Islamic code of law. The hacker is now saying such attacks would keep coming and wouldn't stop until the removal of that video content
Banks fighting cyberattacks unlikely to get government relief soon(CSO) Outside of reaching a diplomatic solution, options available to the government would not stop the attacks quickly, say security experts. Banks seeking help from the U.S. government in battling a campaign of cyberattacks that defense officials say is being led by the Iranian government are unlikely to get much relief without a diplomatic solution, security experts say
Another Java Zero-Day Vulnerability Hits Black Market(InformationWeek) Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering
New zero-day Java exploit selling in online forum for $5000(TechSpot) Earlier this week Oracle rushed out a fix for a critical bug in Java that was reportedly being widely exploited by malicious sites to remotely execute code on a victim's machine. Well, it only took one day after the patch arrived for a different and
South Korea Accuses North Korea of Cyberattacks on Newspaper, Transition Team(Softpedia) South Korean officials are accusing North Korea of being behind the cyberattack against the website of the JoongAng Ilbo newspaper and the servers that handle the press rooms at the presidential transition team. Earlier this month, we learned that South Korea was busy training hackers to protect the country against cyberattacks. As it turns out, this is for a very good reason
N.Korea's GPS Jamming Is Terrorism Pure and Simple(Chosun) North Korea has been sending GPS jamming signals since April 28, wreaking havoc with civilian aviation and fishing fleets. Over the last 12 days, 624 passenger planes operated by Korean Air and Asiana Airlines, and 49 foreign carriers were affected by GPS jamming and one U.S. military aircraft on the way from Beijing to Yokohama also experienced disruption. There were four close calls where passenger jets approaching Incheon and Gimpo airports abruptly shifted course when their GPS malfunctioned and landed only after circling the airports
Okara Police Hacked, personal information leaked for #OpSlaughterHouse(HackRead) Thank to CWN for reporting, the official website of Okara District Police (okarapolice.com) Pakistan was hacked by @ThisISGame0ver for #OpSlaughterHouse. The hacker breached the site and leaked personal information of Police officers online, the details contains login details of website administrator's usernames, address, contact details, phone numbers, plain text and encrypted passwords. After looking into the passwords set by the admin for a police site; it shows what a terrible and poor security the site has, as the passwords and usernames are as same as their names. For example: Username: Usman and password is Usman as well.
Elion Denies Cyber Attack to Blame for Extensive Outages(Estonian Public Broadcasting) Director of technology for Elion, Kalev Reiljan, said the failure that caused cascading problems at the telecommunication company and digital services provider was a perfect storm of an outage and not caused by cyber attack. "I can completely, definitively and categorically say that this was not due to an external influence," he told ETV
Precision Bouncer List Phishing Kits Keep Targets Inside the Ropes(Threatpost) Just when you thought phishers had exhausted all avenues of innovation, a new tactic has emerged in attacks against financial institutions bringing the level of targeting and geo-filtering to precise new levels. Dubbed bouncer list phishing by RSA Security, these attack kits are built off stolen email lists that are filtered for particular targets, such as a regional bank
Bouncer kit perfect for laser-focused phishing campaigns(Help Net Security) Researchers have unearthed a new type of phishing kit that allows crooks to target specific users and keep away others in order to keep the scheme hidden from knowing eyes and security firms for as long as it's possible
Log audit reveals developer outsourced his job to China(Help Net Security) Log analysis can reveal a lot of security mistakes and fails, but a lot of security sins, too. Take for example the incident recently shared by Verizon's Risk Team: called in by a critical infrastructure company to investigate what seemed to be a breach of its networks by the hands of Chinese-based hackers, they ended up discovering a complex scam perpetrated by one of the company's most respected employees
Facebook Graph Search is an awesome tool for phishing attacks(CSO) Graph Search makes it easier for cyber criminals to gather relevant details that can be used to target phishing attacks more effectively. Facebook shook the tech world's foundation a bit with the announcement of Graph Search capability. Users are anxious for a chance to play with the new feature, and attackers are looking forward to this potent new weapon, er, tool as well. In a nutshell, Facebook Graph Search is a search engine that allows you to find things based on relationships and context--basically drawing from the limitless pool of Likes, tags, and check-ins posted by a billion Facebook members
How Twitter users can fake a verified account - and how you can tell the difference(Naked Security) Verified accounts on Twitter can help you tell the difference between a real celebrity's account, and those of imposters and over-enthusiastic fans. In this way, you can tell the real @britneyspears apart from the likes of @britney_spears and @britneyspear. A Naked Security reader got in touch this morning asking us how on earth a fictional character (Percy Jackson) had managed to get his Twitter account verified:"How is an RP account verified by Twitter?"We took a look, and sure enough there's a blue verified badge beside @PerseusJackscn's name
A shock in the dark: Flashlight app tracks your location(NBC News) The element of surprise causes hard feelings when it comes to privacy violations, and mobile phone apps are ambushing consumers far too often, according to researchers at Carnegie Mellon University. Researchers at the school's Human-Computer Interaction Institute studied both the data gathered by the 100 most popular programs in Google's Android app store, and how surprised users were when told what the apps were doing. On Tuesday they released a list of the 10 worst offenders in terms of transparency
90 percent of passwords can be cracked in seconds(Infosecurity Magazine) More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte. The consulting firm's Canadian Technology, Media & Telecommunications (TMT) Predictions 2013 report covers a range of technology predictions, including the outlook for subscription TV services and 4K televisions, but the vulnerabilities in todays password practices top the list of things to consider in 2013. The problem, researchers said, is that everything that we thought to be true must be reconsidered given advances in technology."Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust, said Duncan Stewart, a director of research for the report
Heads-Up - Security Researchers Expose X-ray Machine Bug(Dark Reading) A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication
For Industrial, Medical Systems: Bugs Run In The Family(Security Ledger) On the surface, the kinds of industrial control systems that run a power plant or factory floor are very different from, say, a drug infusion pump sitting bedside in a hospital intensive care unit. But two security researchers say that many of these systems have two important things in common: theyre manufactured by the same company, and contain many of the same critical software security problems. In a presentation at gathering of industrial control security experts in Florida, researchers Billy Rios and Terry McCorkle said an informal audit of medical devices from major manufacturers, including Philips showed that medical devices have many of the same kinds of software security holes found in industrial control system (ICS) software from the same firms
Whistleblower sheds light on global zero day exploits market(TechEye) The result of their fattening labour are zero-day exploits, bits of custom code specifically tailored to exploit software flaws which have not been made public yet. While they may sound scary to the average user, they are also a vital resource for
Internet Mercenary Gives A Peek Into His Shadowy World(Business Insider) "As technology advances, the effect that zero-day exploits will have is going to become more physical and more real," [Desautels] says. "The software becomes a weapon. And if you don't have controls and regulations around weapons, you're really open to
Security Patches, Mitigations, and Software Updates
Chrome 25 to Support Unprefixed Content Security Policy(Threatpost) Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel
Novell Patches Vulnerability in eDirectory Product(Threatpost) Novell has fixed a vulnerability in its eDirectory service that could affect users who run the program on some Linux and WIndows platforms. The problem, a stack buffer overflow (CVE-2012-0432) is remotely exploitable and can be done without authentication, according to an alert issued yesterday by David Klein on the Full Disclosure mailing lists
Oracle Critical Patch Update Advisory-January 2013(Oracle) A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes
Security stories to watch: Patches for Java, IE, and SCADA-pocalypse!(IT World) The patches are out for both Java and Internet Explorer, but this is hardly the end of the story - or the hand wringing. Also: a SCADA-pocalypse! If you work in IT security, this week started off with a bang, as Oracle and Microsoft released critical, out-of-cycle patches to fix serious and exploitable holes in their software. The patches put an end to the haranguing each company was getting from security experts, but it certainly isn't the end of the story - or the hand wringing for organizations already wary of attack
Another Notch In 'Cyber Threat' Rhetoric's Belt: Former UK Head Of Cyber Security Brings 'AIDS Epidemic' Into The Mix(Techdirt) Well, we've seen the always-impending cyberdoom compared to all sorts of horrendous events by legislators and security agencies. The perpetually-just-over-the-horizon cyberattacks have been given catchy names like "cyber-Pearl Harbor" and "cyber-9/11" in an attempt to scare up some support for terrible legislation and expansions of power. The UK's former head of cyber security has taken a slightly different tack, avoiding the terrorist imagery in favor of something even more dubious
Canada infrastructure vulnerable to cyber attack, RCMP report(SC Magazine) Canada remains vulnerable to cyber attacks by "terrorist groups [which] have expressed interest in developing the capabilities for computer-based attacks against Canada's critical infrastructure." The warning was contained in the annual departmental
Company bosses slacking on hacking(Help Net Security) Company bosses across the UK have a complacent attitude toward cybercrime and are inviting criminal attacks due to their sloppy approach to internet security, reveals new research from Swivel Secure
TODAY'S SPOTLIGHT... Enterprises uninformed about BYOD security risks, says Frost survey(Fierce Mobile IT) Information security managers believe that enterprises must do more to understand the security implications of the BYOD trend, according to a survey conducted by Frost & Sullivan on behalf of IT security trade group (ISC)2. More than half of the companies surveyed said they allow employees and business partners to connect to their networks, according to the survey results published by ComputerWeekly. A full 78 percent of the 12,000 information security professionals surveyed expressed concern about the security risks associated with BYOD. The biggest concerns include application security and cloud-based systems
Juniper: Mobile wearable device use in enterprise on the rise(Fierce Mobile IT) Enterprises will increasingly use mobile wearable devices for various applications, including warehouse management, according to Juniper Research in a new report. Enterprise wearables include mobile devices such as terminal devices, scanners, display devices, as well as tracking devices used for logistics, factory management and production houses, Nitin Bhas, a Juniper analyst and author of the report, told FierceMobileIT
BYOD: Sleepless nights ahead for CIOs, IT personnel(Fierce Mobile IT) Recently, Gartner polled an impressive number of chief information officers, 2,053 to be exact, to find out what their business and technology priorities and concerns are for the coming year. While mobile technology ranked second in terms of technology priorities, it ranked first in terms of how disruptive it will be to the enterprise. No doubt this concern about disruption stems from the flood of personally owned mobile devices into the workplace, whether approved by CIOs or not
Rand: American involvement in a cyber crisis is inevitable but manageable(Fierce Government IT) The United States will likely find itself in a cyber crisis owing to the fact that cybercrimes and espionage continue to rise and the risks from cyberspace are growing, according to a recently-released Rand Corporation monograph prepared for the Air Force. Crises are less likely to "emanate from the unavoidable features of cyberspace" than from "each side's fear, putatively exaggerated, of what may result from its failure to respond," the report says
F-35 Software: DoD's Chief Tester Not Impressed(IEEE Spectrum) Last September, U.S. Air Force Maj. Gen. Christopher Bogdan, the then incoming director of the troubled F-35 program, said that he was not optimistic that all the program's current problems—especially those related to software, which has long been a sore point (pdf)—would be fixed in time to meet the services' planned initial operational capabilities, beginning with the Marine Cops in about 2 years. The 2012 Annual Report (pdf) on major defense acquisitions, by the Department of Defense's Director of Operational Test and Evaluation, J. Michael Gilmore, isn't likely to increase Bogdan's optimism any
Navy CIO abruptly cancels IT conference scheduled for end of month(Fierce Government IT) The Navy Department chief information officer has canceled a planned information technology conference less than two weeks before it was due to start Jan. 28-30 in San Diego. Navy announced the cancelation in a posting on the DoN CIO website, stating the action was taken "in response to DoD and DoN guidance." Until this week, the plan was for the DoN CIO to host the DON IT Conference at the same time and location as the 2013 AFCEA West conference. Defense and Navy officials will continue to speak at the military association's event, the DON announcement says. Navy personnel may still go to it, it adds, provided they don't incur travel costs
CRGT Subsidiary to Provide EPA IT Systems Support(Govconwire) CRGT's Guident subsidiary has won five task orders to provide U.S. Environmental Protection Agency information technology systems development and migration services, Guident said Wednesday. The Herndon, Va.-based data analytics provider will also provide the agency design and other related IT support services for up to five years. "Guident has been supporting numerous offices within the
Dish bests Sprint's offer to acquire Clearwire(Fierce Mobile IT) Dish Network's bid to steal Clearwire out from under Sprint Nextel (NYSE: S) could signal the satellite TV provider's interest in partnering with the terrestrial broadband wireless provider. Dish has offered to pay $3.30 per share to acquire Clearwire, more than the $2.97 per share Sprint has offered. Dish also offered to buy spectrum from Clearwire for $2.2 billion
Behrman Capital acquires Cyber security provider Tresys Technology(Government Security News) Behrman Capital, a private equity investment firm on Jan. 9 acquired Tresys Technology, a provider of Cyber security products, services and solutions to government and commercial customers. Financial terms of the transaction weren't disclosed
HP Names Former VA Healthcare COO Laura Miller a Public Sector Principal(Govconwire) Laura Miller, a former chief operating officer for the Department of Veterans Affairs' healthcare system, has joined HP Enterprise Services (NYSE: HPQ) as healthcare client principal for the U.S. public sector. The company said the 30-year public health veteran will work with clients such as the VA, the Military Health System and the Department of Health and Human Services
Vistronix Names EVP John Hassoun Corporate President(Govconwire) Vistronix has promoted John Hassoun from the executive vice president ranks to corporate president, the company said Monday. Hassoun will report to CEO Deepak Hathiramani and be responsible for the company's business units and corporate support functions. Hassoun, who joined the company in July 2012 as corporate development EVP, will also oversee the integration of
Catapult Names L-3 Vet Brian Murphy Enterprise Systems Business Development Lead(Govconwire) Catapult Technology has appointed L-3 Communications veteran Brian Murphy director of business development for the enterprise systems team, Catapult said Monday. The company said Murphy will be responsible for acquiring new business in the defense sector, identifying opportunities and leading proposal development. He will also be responsible for building relationships with team partners as part
Northrop Names 32-Year Vet Ruth Bishop Mission Assurance Sector VP(Govconwire) Northrop Grumman (NYSE: NOC) has appointed Ruth Bishop sector vice president of quality, safety and mission assurance within the technical services sector, effective Jan. 26. Bishop, a 32-year company veteran, will oversee sector-wide mission assurance and Six Sigma functions and be responsible for measuring productivity, the company said. She will also be responsible for predicting
Survalent Technology Commissions New SCADA System Greenfield Power and Light, Indiana(SFGate) Survalent Technology, the most trusted provider of smart grid solutions for the control room, announced today that it has commissioned a new Supervisory Control and Data Acquisition (SCADA) system for Greenfield Power and Light, Indiana. Greenfield Power and Light provides electrical service to residential and commercial customers within the Greenfield city limits. They are a member of the Indiana Municipal Power Agency (IMPA) and the Indiana Municipal Electric Association (Ind MEA)
Microsoft advances the Cloud OS(Help Net Security) Microsoft announced new solutions to help enterprise customers manage hybrid cloud services and connected devices. System Center 2012 SP1, the enhanced Windows Intune, Windows Azure services for Windows Server and other new offerings deliver against the Microsoft Cloud OS vision to provide customers and partners with the platform to address their top IT challenges
BlackBerry 10 specs leak: The biggest thing to happen to BlackBerry since BlackBerry(Emirates 24/7) The (unofficial) word is out: leaked specs of the upcoming first BlackBerry 10 device – the BlackBerry Z10 all-touch-screen phone – reveal that Research in Motion (RIM) might have its fortunes reversed (they were in reverse motion for a long time) once the phone hits Dubai – and five other markets – on January 30, 2013
Microsoft Enhances System Center For Hybrid Cloud Work(InformationWeek) With System Center's new service pack and Windows Server 2012, an IT administrator can create Hyper-V virtual machines and deploy them to internal data center, remote hosting service provider or public cloud, such as a Windows Azure site
Meet Facebook's Graph Search Tool(InformationWeek) Facebook downplays Google as competitor as it launches "internal" search tool that helps you find people, photos, places and interests inside Facebook using established privacy settings
Facebook Graph Search Makes Privacy Seem Selfish(TechCrunch) The subtle impact of Facebook Graph Search is that when you share openly, you share for the benefit of mankind. And when you don't, or share to just a few people, you're robbing the world of your knowledge, recommendations, and content. The question for each of us now is whether we prioritize our contribution or our privacy
'Rogue clouds' giving IT staffs nightmares(IT World) Cloud computing is increasingly being adopted by companies around the world, but IT managers say "rogue cloud implementations" in which business managers sign up for services without getting IT approval is among their biggest challenges
Cloud security key to BYOD, (ISC)2 study shows(Computer Weekly) Businesses welcome bring your own device (BYOD) policies for the operational cost savings and user experience, according to the (ISC)2 2013 Global Information Security Workforce Study. At the same time, the study conducted on behalf of the (ISC)2 Foundation by the analyst firm Frost & Sullivan shows that information security managers admit companies must do more to understand the security of the technologies behind the trend, particularly cloud-based systems and applications. BYOD is a prevalent practice, according to selected results released at a press conference previewing the Infosecurity Europe 2013 conference at Earls Court in London from 23 to 25 April
Safeguarding data-filled devices requires sophisticated tools(Defense Systems) Military data security initiatives are typically defensive strategies designed to protect information at and beyond the network perimeter. Yet such efforts omit a crucial vulnerabilitysensitive data at rest. Data at rest refers to any type of information stored inside a computer device, such as network servers, smart phones, tablet systems and various forms of removable storage, while excluding data that is traversing a network or temporarily residing in computer memory to be read or updated
The Underdog Operating Systems Set to Shake Up the Smartphone Scene(Technology Review) Apple's iOS and Google's Android rule the fast-growing smartphone market, but upcoming operating systems want to muscle in on their turf. The mobile operating system has become a key component of a successful computing "ecosystem." A version of Ubuntu Linux designed for smartphones could appeal to some manufacturers and carriers. The next time you go shopping for a smartphone, you might see some unfamiliar software on the screens lining store shelves
Intel CTO: Smart Sensors, Wearable Tech Coming Soon(InformationWeek) Touchscreen Ultrabooks might be cutting edge today, but Intel CTO Justin Rattner says it's nothing compared to the next generation of smart sensors and wearable technology just around the corner
Design and Innovation
Google's Larry Page on Why Moon Shots Matter(Wired Business) Larry Page lives by the gospel of 10x. Most companies would be happy to improve a product by 10 percent. Not the CEO and cofounder of Google. The way Page sees it, a 10 percent improvement means that you're basically
Research and Development
Technical paper: Deeper inside the Blackhole exploit kit(Naked Security) For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit. Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works
Surveillance Strategy Is Privileged and Confidential, FBI Says(Wired) The President Barack Obama administrations surveillance strategy in the wake of the Supreme Courts decision that the installation of a GPS tracker on a vehicle amounted to a search under the Fourth Amendment remains privileged and confidential, the Justice Department claims in newly released memos. What has been made public is that, following the high courts Jan. 23 decision, the Federal Bureau of Investigation pulled the plug on some 3,000 GPS trackers. The bureaus general counsel, Andrew Weissmann, acknowledged that fact while speaking at a legal symposium at the University of San Francisco last year
German government's surveillance software unsettles a nation that prizes privacy(Quartz) Germans take their privacy seriously and have coined a term—glaeserner Buerger, or "the glass citizen"—to describe a dystopic future in which Germans are surveilled around the clock. The news that that Bundeskriminalamt (BKA), Germany's version of the FBI, is testing software by a controversial surveillance firm is sure to raise the glass citizen image yet again
I support 'Aaron's Law' -- for now(CSO) Congresswoman Zoe Lofgren proposes an amendment to the computer fraud law in honor of Aaron Swartz. I support it, though not unconditionally
It's cyber war…send for Dad's Army(Telegraph) A new Home Guard is being recruited to defend the nation's computer networks. There is a classic Dad's Army scene where Captain Mainwaring and his troops are marching down a country road and come across two stranded nuns. "Look at those poor nuns, sir. Their car has broken down," comes a voice from the front
US rebuffed in effort to get copies of Canadian Megaupload servers(Ars Technica) An Ontario judge has refused a US request for unfettered access to the data on Megaupload servers hosted in Canada. The ruling is another sign that overseas courts are not giving US officials the degree of deference they've grown accustomed to in this case under US law. Megaupload once had servers around the world, but they were shut down in a coordinated raid on January 19, 2012
Garda member to lead operations at new EU cybercrime centre(Silicon Republic) A detective inspector with An Garda Sochna has been appointed head of operations for Europols newly established European Cyber Crime Centre in The Hague. Det Insp Paul Gillen is currently head of the Computer Crime Investigation Unit at the Garda Bureau of Fraud Investigation. He will take extended leave without pay from the Garda in order to take up his five-year contract, starting in February
Manning Accusers Must Prove Intent To Aid Enemy(Washington Post) A military judge ruled Wednesday that prosecutors will have to prove that Army Pfc. Bradley Manning knew he was providing information to the enemy when he disclosed hundreds of thousands of cables to WikiLeaks, the anti-secrecy group
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TED X Baltimore: Baltimore Rewired(Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but...
Data Privacy Day(Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy...
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
North American ICS & SCADA Summit(Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.