The CyberWire Daily Briefing for 11.13.2012
The Cool Exploit Kit adds a new attack against older versions of Java (Java 7 Update 9 is safe). An Indian "hacker prodigy" claims he's got a Windows Phone 8 OS exploit. European Commission information mavens' laptops were hacked during the Internet Governance Forum in Baku, Azerbaijan. Hootsuite mistakenly exposes users' email addresses; PayGate loses credit card information to hackers.
Last week's Twitter password reset leads businesses to review their social media security. Cloud Pro offers advice on side-channel attacks and how cloud users might address them.
Israel and the Palestinian Authority are under long-term, sustained cyber espionage attack. The campaigns appear state-sponsored, based on Xtreme RAT crimeware kit, and related to the Arab Spring, but attribution remains unclear. Iran arrests one of its nationals on charges of hacking Western targets.
Amazon UK denies weekend reports of hacking. The Citadel banking Trojan continues to evolve into more sophisticated and tenacious forms.
Microsoft patches its recently released Surface tablet and shows Steven Sinofsky the door. Widely seen as Microsoft's next CEO, Sinofsky led development of Windows 8. Lockheed Martin asks suppliers to help with cyber security. Lockheed also names a new CEO.
German authorities launch a public-private cyber security partnership program. China accuses the US of a "cold war" mentality in the ZTE and Huawei investigations. The email trail that exposed former US DCI Petraeus' misbehavior now apparently extends to General Allen, US commander in Afghanistan. (And at least one implicated email account reused passwords compromised in last year's Stratfor hack.)
Notes.
Today's issue includes events affecting Azerbaijan, China, European Union, Georgia, Germany, Iran, Israel, Norway, Palestinian Territories, Russia, South Africa, Sweden, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
New Java Attack Introduced into Cool Exploit Kit (Threatpost) A new exploit has been found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw that's been patched by Oracle in Java 7 Update 9
Windows Phone 8 malware? This teen hacker claims to have created a prototype (Naked Security) A teenage hacker prodigy in India claims to have developed a prototype of malware that will run on smartphones running Microsoft's new Windows Phone 8 operating system - the first known instance of Windows Phone 8 malware
European Commission Officials Say Their Computers Were Hacked in Azerbaijan (Softpedia) Neelie Kroes, the vice-president of the European Commission, has revealed that the laptops of her advisers have been hacked into while attending the Internet Governance Forum (IDF) in Baku, the capital city of Azerbaijan. On her personal blog, Kroes stated that she attended the event because she was confident that the IDF would bring radical change, just as it happened in Tunisia and Egypt. But on the other hand I was denied access to meet political prisoners, despite a commitment from the President himself"
HootSuite Inadvertently Exposes Email Addresses of Thousands of Users (Softpedia) Social management company HootSuit has mistakenly exposed the names and email addresses of as many as 4,000 users. A couple of days ago, customers whose 60-day HootSuit Pro trial was about to expire were notified via email. However, the recipients didnt see only their own email address, but also the ones of others, The Next Web reports
Payment Processor PayGate Hacked, Credit Cards Exposed (Softpedia) Representatives of PayGate a South African company that intermediates payments between online retailers and banks admitted that their systems were breached back in August and that some credit cards were exposed. According to Independent Onlines Business Report, the confirmation comes after four financial institutions were forced last week to re-issue thousands of credit cards. PayGate stated that they took immediate steps to secure their systems after the breach was discovered
Fake AmEx alert leads to hard-to-detect malware (Help Net Security) American Express customers are often targeted with malware-laden or phishing emails, mostly because when it comes to money and the potential loss of it, people automatically become anxious and are more
Request for info: Robocall Phishing Against Local/Regional Banks (Internet Storm Center) Last week, my wife got an automated call from a bank with only a local presence that her debit card was deactivated. The call went to her cell phone. She wasn't a customer of that bank so it was easy for her to discard the call (I am a customer with my commercial accounts). It seems they simply wardialed every phone number with the right area code and three digit exchange in the area of that bank
How safe is your company's Twitter account? (Fortune) In light of last week's massive password reset, businesses should shore up their security measures. What do the experts suggest? Did Twitter force you to change your password last week? While it may have been an inconvenience to social media managers, the micro-blogging giant had some very good reasons to take this action
Cryptography attack: side-channel cloud threat is all nerd and no knickers (Cloud Pro) Side-channel attacks are nothing new, in fact I have been interested in them and writing about them for more than ten years now. Their arrival in the cloud, or rather the potential for a side-channel approach to touch the cloud threat surface, most
Study Shows Israel and Palestinian Territories under Cyber Attack (MarketWatch) According to Norman AS, a leading malware analysis firm headquartered in Oslo, Norway and San Diego, California, multiple malware attacks against Israeli
The Globalization Of Cyberespionage (Dark Reading) Newly revealed cyberspying campaign against Israeli and Palestinian targets demonstrates how the threat is no longer mostly a China thing. A recently discovered targeted cyberespionage campaign targeting Israeli and Palestinian organizations in operation for more than a year serves as chilling evidence that cyberspying is a global phenomenon and no longer mostly the domain of massive nation-states like China
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout (Information Week) Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes. The pioneering Stuxnet computer virus, which was designed to attack a single Iranian uranium enrichment facility, went on to infect PCs around the world. Security experts have identified thousands of resulting Stuxnet infections. On Monday, multinational energy giant Chevron became the first U.S. company to admit that it, too, was infected by Stuxnet
Co-ops Rally After S.C. Cyber Attack (Electric Co-op Today) Following a massive cyber attack on the state government, South Carolina's electric cooperatives are helping alert consumers that their personal information could be at risk. After a huge cyber security breach against the state of South Carolina, co-ops are stepping up to the plate. (Photo By: Thinkstock) The South Carolina Department of Revenue was hit by what many experts believe is the largest security breach of a state government. Some 3.6 million Social Security numbers, plus 387,000 credit and debit card numbers, were compromised by a hacker
Amazon denies UK customer database hacked (IT Pro) Internet retail giant denies claims that Pastebin data dump is from its systems. Internet retail giant Amazon has denied claims that a computer hacker infiltrated its systems and leaked the details of more than 600 UK users online. A hacker, going by the name Darwinare, posted usernames, contacts details and home address of 628 people on text-sharing website Pastebin on Saturday, claiming they belonged to Amazon customers
Citadel Trojan Tough for Banks to Beat (Bank Information Security) The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industry's greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions
Young Facebook users are most vulnerable to security threats (Help Net Security) ZoneAlarm revealed the common behaviours of younger Facebook users that increase their susceptibility to encountering cyberbullying, predators and other security threats
12 scams of Christmas (Help Net Security) A Harris Interactive study, conducted online among over 2,300 U.S. adults, investigates the online habits and behaviors of Americans, including those who indicate that they will engage with the Internet
Security Patches, Mitigations, and Software Updates
Microsoft plugs critical hole in Surface operating system (Fierce Mobile IT) In an advanced notice of its security patches issued on Patch Tuesday--the second Tuesday of every month--Microsoft (NASDAQ: MSFT) announced that it is patching a critical vulnerability in its Surface tablet's Windows RT operating system, which if left unpatched, could enable hackers to infect the tablet with malware
Cyber Trends
Hacking attempts will pass one billion in Q4 2012, claims information assurance firm (The Next Web) Hacking attempts across the globe are likely to top one billion in the final quarter of 2012, according to estimations by the NCC Group
Symantec predicts cyber crime developments in 2013 (Wired) Well, they would know if anybody does. Anybody besides the guys who invented Flame, who are presumably way too busy to blog these days. I hope the Flamesters didn't report directly to Petraeus
NSA 1990s Report Showcases Wildly Inaccurate Predictions About Computing's Future (Reason) The mid-1990s were dark years for the National Security Agency. Its budget had been slashed, top technical talent was seeping out, and the company that made its supercomputers was in trouble. You can get a sense of the agency's worry — and its myopia
When will the public sector grasp basic lessons on information security? (Help Net Security) Another day, another public sector data breach. Last month the ICO fined Greater Manchester Police £120,000 for the loss of a USB stick. The month before, the Scottish Borders Council was slapped
Cyber Wars (Air Traffic Management) Faced with the theoretical potential for a cyber attack to affect multiple connected systems, ICCAIA evokes the volcanic ash crisis of recent years to press home the need for a coherent response. A cyber attack in a future interconnect air system could
Businesses admit to losing data through BYOD (Help Net Security) Businesses are putting their corporate security at risk, with one in three organisations (33 per cent) allowing their staff unrestricted access to corporate resources from their personal smartphones
Mobile network backhaul equipment market to reach $6.71 billion next year (Fierce Mobile IT) Fueled by 4G deployment and mobile data traffic, the global mobile network backhaul equipment market is predicted to reach $6.71 billion next year, according to the latest research from Visiongain
Middleware firms drag feet on mobile platform strategies, says report (Fierce Mobile IT) The majority of traditional middleware providers such as IBM (NYSE: IBM), Oracle (NASDAQ: ORCL), VMware, SAP and Red Hat have taken most of this year to develop mobile platform strategies, with integrated offerings not expected until 2013, according to a report on BYOD trends by Current Analysis
Marketplace
Fort Meade: Building a team of elite cyber professionals (CapitalGazette.com) Rhett A. Hernandez, commanding general, Army Cyber Command. While all re-enlistment ceremonies are unique and impactful to the personnel involved and the families and units supporting them, this re-enlistment was noteworthy for the ranks of the Army
Lockheed says cyber attacks up sharply, suppliers targeted (WKZO) The Pentagon's No. 1 supplier, Lockheed Martin Corp, on Monday cited dramatic growth in the number and sophistication of international cyber attacks on its networks and said it was contacting suppliers to help them shore up their security. Chandra McMahon, Lockheed vice president and chief information security officer, said about 20 percent of the threats directed at Lockheed networks were considered "advanced persistent threats," prolonged and targeted attacks by a nation state or other group trying to steal data or harm operations
General Dynamics to Provide C4ISR and IT Support for U.S. European, Central and Special Operations Commands (PR Newswire) General Dynamics Information Technology, a business unit of General Dynamics (NYSE: GD), has been awarded a contract by the Space and Naval Warfare Systems Center (SSC) Atlantic to provide worldwide Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Technology (IT) support to its European Office and its Combatant Command and Unified Command customers. The five-year, multiple-award, indefinite delivery, indefinite quantity (IDIQ) contract has a potential value of $750 million to all five awardees, if all options are exercised
Know your worth: Salaries for IT professionals in UAE curves upward (Emirates 24/7) Technology professionals continue to be in strong demand within Middle East. Information technology (IT) professionals are not always the most admired lot at work. Co-workers and employees grumble about how all tech-related problems emanate from the IT room
Wanted: Qualified Data Scientists, People Skills A Plus (InformationWeek) A good data scientist is hard enough to find; try finding one who can effectively communicate data-driven insights to non-technical folk
Denver Cyber Security Announces Merger with Web Development Firm Denver Web Services (The Herald) Denver Cyber Security, an IT security firm providing custom solutions for companies throughout the state of Colorado, has recently been acquired by internet marketing and web development firm Denver Web Services
Former Chairman William Bratton to Remain at Kroll as Senior Advisor (Govconwire) Kroll Advisory Solutions has retained former Chairman William J. Bratton as a senior advisor, according to a company statement. Bratton will now serve the firm by working with public entities and private organizations that face complex security or investigatory issues
Lockheed Names 29-Year Vet Marillyn Hewson CEO Starting Jan. 1 (Govconwire) Lockheed Martin (NYSE:LMT) has elected Marillyn Hewson, currently executive vice president for electronic systems, to succeed the retiring Bob Stevens as chief executive, effective Jan. 1, 2013. In a release, the company said it also named her president, chief operating officer and director, effective immediately, upon the resignation of Chris Kubasik from the company
Windows head Sinofsky out at Microsoft (IT World) Steven Sinofsky, the executive in charge of Microsoft's Windows 8 operating system and the driving force behind the new OS, is leaving the company, Microsoft announced late Monday, just weeks after the long-awaited operating system launched
The Wrong Man For The Job, Microsoft In The Aftermath of Steven Sinofsky's Departure (TechCrunch) Now that Steven Sinofsky has left Microsoft as President of the Windows division, the question now comes down to what happened and the implications his departure means for the company
The Next CEO Of Microsoft Suddenly No Longer Works At Microsoft (TechCrunch) "Floored." "Wow." "Wild." Those are some of the reactions within Microsoft tonight upon hearing that Windows and Windows Live President Steven Sinofsky would be leaving the company "effective immediately". Those are the reactions because nearly all Microsoft employees found out about the news tonight alongside the rest of us
Products, Services, and Solutions
Just how well do Android privacy apps hide your sexy photos and secret texts? (Naked Security) Do you have photographs on your smartphone that you don't want others to see? If an app publisher tells you that they will keep your secrets safe would you trust them? Gary Hawkins takes a closer look at Android apps that promise to keep your photos private, and finds some lacking
Sophos unveils new unified threat management appliance (Help Net Security) Sophos released a new unified threat management appliance and software package exclusively for small businesses. The Sophos UTM 100 appliance with BasicGuard sets a new standard for small business security
Sourcefire puts persistent malware in its sights (ITWorld Canada) Sourcefire Inc. a Maryland-based cyber-security company, has just updated its line of FirePower appliances with more advanced malware protection software
With BlackBerry 10, RIM must pull off its greatest trick yet (ZDNet) With BlackBerry 10, RIM must pull off its greatest trick yet. Summary: RIM's new operating system will need to score with consumers and business, tablets and smartphones
Technologies, Techniques, and Standards
Protecting Your Identity As Cyber-Attacks Become More Frequent and Sophisticated (Huffington Post) The South Carolina Revenue Department announced a major cyber-attack at the end of October possibly affecting 3.6 million taxpayers dating back to 1998. The state says an international hacker took unencrypted social security numbers and 387,000 credit
Russian Hackers Beaten at their own Game (WND) 'Honey pot' traps agents turning computers into secret surveillance machines. In the world of cyber espionage, usually an attacker can lurk in the shadows unidentified, but through a combination of skill, timing and luck, one hacker has been exposed for all the world to see
Stop To Consider Vendor Lock-In (MSPmentor) In fact, in a recent survey, the Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA) asked IT decision makers to name their top concerns about cloud. Not surprising, exit strategies (#1), contract lock-in (#4)
CSA Releases Security Guidance For Critical Areas Of Mobile Computing (Biztech2.com) The Cloud Security Alliance (CSA) has released version 1.0 of the "Security Guidance for Critical Areas of Mobile Computing" which provides an assessment of the current state of mobile computing as well as details the prevailing top threats to mobile
Design and Innovation
Google Commits 1M Euros To German Startups Via Berlin Start-up Center, The Factory (TechCrunch) Google has a number of initiatives aimed at entrepreneurs globally, and a thread of a strategy appears to be emerging in Europe, albeit with different approaches. The tech giant has already supported the creation of an accelerator/workspace called Le Camping in Paris, part-backed with state money. In London it literally took out a ten-year lease on a building, Google Campus London, and stacked it
Innovation Lesson: Disrupt Before You're Disrupted (InformationWeek) Even innovators struggle with the pace of change. Here are some of the ways Silicon Valley companies like LinkedIn push the edge without falling off
Research and Development
Your Unconscious Brain Can Do Math, Process Language (IEEE Spectrum) New experiments suggest sophisticated subliminal workings in the brain
Legislation, Policy, and Regulation
Zittrain: Peer-to-peer transactions risk privacy (Fierce Government IT) The rise of low-cost, peer-to-peer transactions facilitated by the Internet presents challenges for privacy, yet regulation of it may be difficult due to the First Amendment, said Jonathan Zittrain, a Harvard law professor
Spotlight: VanRoekel to stay on for second term (Fierce Government IT) Federal Chief Information Officer Steven VanRoekel intends to continue working at his Office of Management and Budget post for President Obama's second term
Cyber-tension between nations fuels public desire for action (Net-Security) The UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year, according to LogRhythm. In a survey of 1,000 consumers, 65 percent of respondents stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46 percent believe it depends on the level of threat posed. Of those surveyed, 45 percent believe that the UK government needs to step up its protection of national assets and information against cyber security threats, and 43 percent think that the threat of international cyber war and cyber terrorism is something that needs to be taken very seriously now
German Cyber-Security Partnership Launched (Security Defense Agenda) "A new Federal Alliance of Cyber-Security opened for business in Germany on Thursday. The two chief bodies behind the project are the Federal Office for Information Technology Security and the I.T. trade association Bitkom. At the initiatives core is a reporting system, which will allow companies and organisations to immediately alert the authorities of any cyber-attack without necessarily having to disclose their identity
Israel Police Force Launches Cyber Unit (Algemeiner) The announcement comes two weeks after a system-wide cyber attack forced police to discontinue use of the internet on computers and avoid using thumb drives or CDs, or any other passing of data and programs between police computers
Senate readies for fight over cybersecurity surveillance (CNet) Sen. Joe Lieberman says his cybersecurity bill is necessary to prevent terrorists from dumping "raw sewage into our lakes." But privacy groups call it a big step toward Big Brother. Sen. Joseph Lieberman spent years fighting unsuccessfully for a so-called Internet kill switch granting the president vast power over private networks during a "national cyberemergency."Now Lieberman, who did not seek reelection, is hoping a more modest version of his proposal will be approved before he leaves office. Majority Leader Harry Reid has inserted the cybersecurity bill into the Senate's post-election calendar, and a vote could happen as early as this week after debate on a proposal to open more public land for hunting and fishing
White House May Soon Take Action on #Cybersecurity (Search Engine Journal) Now that the dust of the elections has settled, and Congress is due back in session tomorrow, President Obama may soon add a signature to an Executive Order on Cybersecurity. That step by the White House depends on whether or not Congress will finally come to a decision on cybersecurity legislation that has been languishing in limbo
US Renews Call to Private Industry to Help Cybersecurity (Tom's Hardware Guide) In a speech to the audience of the Symantec Government Symposium, General Keith Alexander, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service, said that only a close collaboration between the
Military gears up to defend US against cyber-attack (Military Technologies) Military gears up to defend U.S. against cyber-attack. The next attack on the United States may be an invisible one, but the consequences could be very real. The military is gearing up to defend the nation against an attack in cyberspace
Post-Petraeus CIA Should Kill Less and Spy More, Former Chief Says (Wired Danger Room) When David Petraeus got the job of CIA chief, he knew what job #1 was: find out everything he could about al-Qaida and its allies — and then assist in their removal from the land of living. Fourteen months and more than 110 drone strikes later, the breaking of al-Qaida's core that began under Petraeus' predecessors is almost complete. Yet a major chunk of the nation's intelligence community remains singularly focused on terrorism. It's time to give that a rest, a former leader of the Central Intelligence Agency says — especially with Petraeus gone. There's a whole world out there that needs to be snooped on. "We have been tremendously focused on counterterrorism for the last 11 years [since 9/11]. How do you now begin to make sure that you cover other necessary things without making the country less safe?" asks former CIA director and retired Gen. Michael Hayden
New UAE law on cyber crimes: Porn, online harassment criminalised (Emirates 24/7) New decree provides legal protection to all information published online. President His Highness Sheikh Khalifa bin Zayed Al Nahyan has issued Federal Legal Decree No. 5 for 2012 on combating cyber crimes. The new decree includes amendments to Federal Legal Decree No. 2 for 2006 on cyber crimes
Litigation, Investigation, and Law Enforcement
Iranian Hacker Responsible for Attacks on US and Israeli Sites Arrested (Softpedia) Iranian authorities have arrested a man suspected of hacking into more than 1,000 foreign websites. Most of his targets are from the United States and Israel. According to Trend, the hacker claimed that he breached the US and Israeli websites out of curiosity and to demonstrate that they were not properly secured
China lashes out at US over Huawei/ZTE report, cites 'Cold War mentality' (FierceWireless) In remarks recently at the 2012 Cloud Security Alliance Congress, Huawei's chief security officer, Donald "Andy" Purdy, reaffirmed Huawei's commitment to cybersecurity. Purdy noted that Huawei works with at least 400 U.S. companies, and that Huawei has
Congressional inquiry responses released: Data brokers refuse to name sources (ZDNet) A Congressional inquiry told nine major data brokerage companies to explain how they collect and sell consumer information. The data dealers have responded with PR and generalities. Data brokers have compiled secret dossiers on what's estimated to be 500 million people and they're refusing to name data sources to a Congressional inquiry - or transparently explain what's being done with the privacy-invading data they're collecting and compiling
Email Location Data Led FBI to Uncover Top Spy's Affair (Wired Threat Level) In the irony of ironies, the distinguished career of CIA Director and former CENTCOM commander David Petraeus appears to have come unhinged after authorities traced the location of the sender of threatening e-mails that were written from an anonymous Gmail
Petraeus Scandal Engulfs Afghanistan War Chief (Wired Danger Room) The sex scandal that brought down former Army general and CIA Director David Petraeus has expanded to engulf another senior official: Marine Corps Gen. John Allen, the commander of U.S. and NATO troops in Afghanistan. Allen, who is married, allegedly exchanged what's being described as "inappropriate communication'' — up to 30,000 pages of it — with Jill Kelley, the 37-year-old Tampa socialite who claims she received threatening emails from Petraeus' mistress (and biographer) Paula Broadwell
Petraeus affair offers unintentional lesson on password reuse (Ars Technica) Paula Broadwell, the biographer and reported mistress of CIA director David Petraeus, appears to have been a subscriber to the "private intelligence" firm Stratforand that means that her Stratfor login account and its hashed password were hacked and released last year by Anonymous. The Stratfor hacker, who the US government says was Chicago-based Jeremy Hammond, obtained a complete roster of all corporate client accounts. These were released online in a massive file called stratfor_users
DDoS marketing stunt backfires, entrepreneur jailed for nine months (Naked Security) He meant to promote his anti-DDoS kit by shedding light on poor internet security at the Hong Kong stock exchange, but his two brief DDoS attacks instead wound up costing him his freedom for the better part of a year
Meet The Patent Troll Suing Hundreds Of Companies For Encrypting Web Traffic (Techdirt) Ars Technica has the story on yet another patent troll -- though this one seems a bit special. TQP Development -- a typical patent troll in so many ways -- has apparently gone on something of a rampage over the last four years (and increased in the last year) suing hundreds of companies. The list is impressive
Hong Kong stock exchange hacker sentenced to jail (ZDNet) The hacker who broke into the Hong Kong stock exchange news Web site last year has been sentenced to nine months in jail. A South China Morning Post (SCMP) report Saturday said Tse Man-lai, 28, was convicted in the district court on two counts of obtaining access to a computer with criminal or dishonest intent. On Aug. 12 and Aug. 13 last year, Tse launched denial-of-service attacks (DoS) on HKExnews, a Web site operated by the Hong Kong Exchanges and Clearing (HKEx) which publishes corporate filings, the report said
Pirate Bay co-founder suspected of serious fraud and another data intrusion (Computer World) Swedish authorities now suspect Pirate Bay co-founder Gottfrid Svartholm Warg of serious fraud and another data intrusion in addition to the alleged hacking of IT company Logica that led to his arrest, public prosecutor Henrik Olin said Monday. Svartholm Warg was arrested in Cambodia in August and deported to Sweden. In September, Swedish authorities arrested him on suspicion of hacking Logica, which handles taxes for the Swedish government
Blizzard sued over security concerns, 'deceptive upselling' (Help Net Security) Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in "deceptive upselling" by not making
With HTC dispute over, Apple can aim legal guns at Samsung (Fierce Mobile IT) Apple (NASDAQ: AAPL) and HTC settled their global patent lawsuit over the weekend and announced a licensing agreement that ends their two-year smartphone patent war.
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
E2 Innovate Conference & Expo (Santa Clara, California, Nov 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.