The CyberWire Daily Briefing for 11.19.2012
Fighting in Gaza prompts Anonymous to attack Israeli government and industrial networks. Israel may also be suffering a still-unattributed cyber espionage campaign.
Vulnerabilities and exploits disclosed over the weekend include: an active XSS flaw in eBay, Windows 8 vulnerability to updated malware lurking in Google Docs, a jamming problem for LTE networks, and a new wave of banking Trojans for Android.
Researchers think there may be undetected Flame cyber espionage modules operating in the wild. The US Department of Homeland Security and the National Academy of Sciences continue to warn of power grid vulnerabilities. (Homeland Security suggests that "renovation" of critical infrastructure is too often accomplished at the expense of security.)
Skype closes its hijacking hole. VMWare patches its vSphere API to fix a denial-of-service vulnerability.
Observers may accuse them of threat inflation, but US and Canadian authorities double down on warnings that massive, devastating cyber attacks are becoming likelier. Fewer enterprises now provide employees with smartphones. In (probably related) trends they also find more employees are circumventing policies restricting network access and cloud usage with personally owned devices.
The cyber labor market continues to be tight. Financial analysts generally expect significant austerity in the defense and aerospace sectors, with cyber capabilities the only significant hedge available to affected companies.
Close reading of US cyber weapon export control regulations seems to indicate that zero-day exploits may be freely exported. As US President Obama prepares a cabinet reshuffle, observers continue to consider the import of his secret October cyber order.
Notes.
Today's issue includes events affecting Australia, Belarus, Canada, Colombia, Germany, Georgia, India, Iran, Ireland, Israel, Palestinian Territories, Switzerland, United Arab Emirates, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Anonymous responds to Gaza attacks with cyber attack on Israeli government (Al-Bawaba) Anonymous responds to Gaza attacks with cyber attack on Israeli governemnt. Published November 17th, 2012 - 10:49 GMT. Anonymous hacker strikes at the Israeli governments databases. Enlarge Image. Anonymous takes down over 650 Israeli sites
Anonymous takes on Israeli websites, wipes Jerusalem bank (ZDNet) Anonymous has launched a hacking campaign against a number of Israeli sites in protest of attacks taking place on Gaza. The hacking spree, dubbed OpIsrael, has resulted in so many Israeli websites being defaced or shut down through methods including denial of service (DoS) attacks, that it's hard to keep count. However, some enterprising hacktivists have begun compiling lists of affected websites. Targets have included governmental, retail, and businesses -- some belonging to the automotive and fashion industries
Minister: Israel deflected '44 million' cyberattacks over Gaza (ZDNet) Finance Minister Yuval Steinitz says that despite Anonymous' best efforts, millions of cyberattacks fell short. Protesting against attacks taking place on Gaza, hacktivist collective Anonymous began a hacking spree that resulted in hundreds of websites being defaced or taken offline, as well as database data being stolen and placed in public file dumps
Israel's Enemies Now Targeting You (WND) While the rocket attacks launched against Israel have been in the news the last few days, there have been other, more subtle, assaults against the Jewish state. The difference with these attacks is that anyone may fall victim to them. According to a newly released report by Norman ASA, a Norwegian-based cyber security company, a series of cyber attacks that have hit Israel over the course of the last year. The attacker is unknown at this point, but the purpose is assumed to be espionage and surveillance
Active XSS flaw discovered on eBay (ZDNet) According to XSSed, Shubham Upadhyay has discovered an active XSS flaw affecting Ebay.com.
Old malware on Google Docs updated to mess with Windows 8 (Neowin) Microsoft's latest version of Windows has been a divisive subject among computer users, but malware is bad, and we all know that. Malware on Google Docs is unusual, but a variant has been found that considers whether a user is running Windows 8 or Windows Server 2012 on his or her machine. The malware gives and receives commands from another server, allowing an element of control over a computer without consent
LTE networks vulnerable to jamming, a question of national security (infosec island) Few months and also in Italy the wireless industry will live its mobile connectivity revolution with the introduction of new generation of networks LTE (Long Term Evolution), high-speed networks claiming speeds that are up to four times faster than comparable 3G networks. But as happened with previous technologies its fundamental ask to ourselves how much secure are them and what are the security issue related. Researchers at Virginia Tech however, have revealed that LTE networks may have serious vulnerabilities
German police warns about Android banking Trojans (Help Net Security) Following a string of complaints about fraudulent cash withdrawals, the Berlin Police Department has issued a warning (via Google Translate) for all Android users, telling them to carefully review any
Thousands of PCs in UK could be infected with blackmailing Trojan (Computer Active) Thousands of PCs in the UK could be infected with malware used to extort money from people warned Bitdefender. The security company, which has developed a new free tool to remove the Trojan, found on millions of PCs around the world, said the malware scans the user's IP address. It then sends a message saying purporting to come from the police accusing people of piracy
FreeBSD shutters some servers after SSH key breach (Naked Security) FreeBSD has announced a smallish system compromise. The FreeBSD administrators took a bunch of servers offline to investigate, and published a blow-by-blow account of what they know about the breach so far
Killer Apps: Dozens of cyber vulnerabilities found at Department of Energy (Foreign Policy) At a time when senior defense officials are sounding the alarms about the potential for a devastating cyber attack against America's critical infrastructure, the U.S. Department of Energy's inspector general (IG) has found dozens of unaddressed cyber
Blackhole exploit kit confusion. Custom builds or copycats? (Naked Security) Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups
More Flame Modules Could Be Lurking (Threatpost) After years of research and investigation into the cyber-espionage attacks that began with the discovery of Stuxnet and continued with Flame, Duqu and Gauss, there still are many details that are unknown. While researchers have a pretty good handle on many of the tools' capabilities, experts say that there may be other modules from these weapons still in circulation that have yet to be discovered
Embedded Systems, Critical Infrastructure 'Renovation' Outpacing Security (Threatpost) Scott Tousley, deputy director cybersecurity division at Department of Homeland Security Science & Technology, is an advocate of integrating cybersecurity education into all disciplines of IT and business and risk management. "We don't want to teach cybersecurity as a stovepipe, but to do it so that it makes sense in overall teaching," Tousley said. In that vein, Threatpost spoke to Tousley during Thursday's Advanced Cyber Security Center conference in Boston where he cautioned that IT investments and innovations are rapidly outpacing security, especially in areas such as embedded systems. As corporations and critical infrastructure providers renovate these systems, they need to tread carefully and consider security
NRC: U.S. Energy Grid Increasingly Susceptible to Terror Attack (PropertyCasualty360) The East Coast electric grid's slow recovery from Hurricane Sandy highlights the shortcomings of the overburdened utility system and its susceptibility to damage from a different kind of surprise threat: terrorist attacks, especially hackers, notes one risk manager
Protecting the Electric Grid from Terrorism -- Nobody is in Charge (Forbes) This week, the National Academy of Sciences (NAS) released its study Terrorism and the Electric Power Delivery System, a work prepared at the request of the Department of Homeland Security. This report has been kept under wraps as classified information since 2007. The entire report was recently approved for publication, with the exception of a few pages for those with security clearance. The NAS had pressed for publication, indicating that the 2011 US Southwest blackout, and the 600-million person event in India "underscore the need for the measures discussed in this report. " The timing could not be better, now that we have seen yet again what can happen in the event of a severe grid event
After theft, NASA orders laptops encrypted, but is that enough? (Government Computer News) After an agency laptop PC was stolen from an employees car on Halloween, NASA is requiring that all laptops containing sensitive information be protected by full-disk encryption as soon as possible. The agency has ordered CIOs at its facilities to have as many laptops as possible encrypted by Nov. 21, and all of them protected by Dec. 21, according to a notice from NASA headquarters. After Dec. 21, no laptop without full-disk encryption will be allowed out of a NASA facility if it carries sensitive data, including personally identifiable information, International Traffic in Arms Regulations and Export Administration Regulations data, procurement and HR information, or other sensitive but unclassified data, NASA said
Security Patches, Mitigations, and Software Updates
VMware Security Update Fixes DoS, Other Vulnerabilities (Threatpost) Virtualization software maker VMware shipped a security update for its vSphere API yesterday that resolved a denial of service vulnerability in ESX and ESXi, as well as adding a number of open source security updates to the ESX Service Console
Adobe to fix Flash Player on Patch Tuesdays (CSO) Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule
Skype account hijack exploit finally closed (Fierce CIO: TechWatch) Microsoft (NASDAQ: MSFT) has finally closed a security vulnerability that allows a hacker to hijack a victim's Skype account. The original instructions were posted some two months back, and reposted mid-week here with a note that the problem still exists
Cyber Trends
Cyber-threat is real and 'potentially devastating,' former CSIS spy warns (The Province) "One significant cyber-attack on a critical infrastructure node will bring calamity upon all of us," Boisvert said during a panel discussion sponsored by the Canadian Association for Security and Intelligence Studies. "I will say categorically from my
'Spectacular' Cyber Attack Looms: Security Official (CNBC.com) The U.S. is facing unprecedented cyber threats. And businesses and government are at risk, said Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy in an interview with CNBC. "I read my intel brief every morning at 5:30 a.m. and it's
Life under constant cybercrime threat (Gulf News) When my wife received a distressed call last weekend from my sister in New York, asking about my welfare and if she (my wife) has established contacts with me in Greece, it automatically raised an alarm bell at home. I was watching a movie in the living room - in Dubai
BYOD Demand Grows as Vendors Offer Solutions (eSecurity Planet) When it comes to BYOD, the cloud could be the key to security. Walk into nearly any enterprise today and more likely than not, employees will be carrying their own mobile devices. The Bring Your Own Device (BYOD) phenomenon is real, and it's affecting the way that
Employees disregarding security policies to engage in cloud use (Fierce CIO: TechWatch) Employees are turning to the cloud to get work done, regardless of what their company's IT policy has to say about it. This was the conclusion of a study sponsored by cloud backup provider Symform, which surveyed nearly 500 companies across a wide range of industries
What's stopping your company from implementing full disk encryption? (Fierce CIO: TechWatch) You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment. I can think of a couple of reasons for this, which I outline below
Meet The Elusive Data Scientist (InformationWeek) Data scientists in Chicago share a glimpse at their everyday problems: organizational process, enterprise fiefdoms -- and yes, a big data talent shortage
Survey finds dramatic drop in employers providing smartphones to employees (Firece Mobile IT) Only one-third of employers provide corporate smartphones to their employees, down from 58 percent last year, according to the latest Mobile Workforce Report by iPass
Marketplace
Government, businesses compete for expert cyber workers (Chicago Daily Herald) The majority of the firm's clients are US intelligence agencies, he said. KeyW's typical hire is someone with five to 10 years of experience and a security
Cyber workers in high demand (Fort Wayne Journal Gazette) In suburban Maryland, The National Security Agency at Fort Meade - the center of the cyber galaxy - has thousands of computer scientists, mathematicians and engineers gathering foreign intelligence electronically and defending the government's
Top federal security execs join (ISC)2's Government Advisory Board (Infosecurity Magazine) Members of the Securities & Exchange Commission (SEC), the US Department of Health and Human Services and the US Department of Homeland Security (DHS) have joined the (ISC)2 US Government Advisory Board for Cyber Security
Small Business Tips for Department of Homeland Security Contracting (SIGNAL) Small business contracts make up 32 percent of the U.S. Department of Homeland Security's (DHS's) business. But it can be challenging for small companies to take advantage of these opportunities. Breaking into the DHS market as a small business is not impossible, according to a DHS industry liaison, but it is difficult
Agencies not analyzing steady state IT systems, says GAO (Fierce Government IT) Federal agencies that spend the most on steady state information technology systems generally don't conduct annual oversight analyses on them as required by the Office of Management and Budget, says the Government Accountability Office
DoD IT Dashboard whitewash (Fierce Government IT) In a report dated Oct. 16 not posted online until Nov. 15, auditors say the Defense Department in particular has never publicly assigned to IT projects a rating greater than "medium risk," eschewing an evaluation of "high risk" or even "moderately high risk." The Office of Management and Budget requires agency CIOs to assign risk scores for publication on the IT Dashboard--which the GAO has several times noted has been beset by other inaccuracies
Navy Names Robert Hoppa Cybercom Ops Deputy Head (ExecutiveGov) Robert Hoppa for promotion to the rear admiral-lower half rank and assigning him as deputy director for operations at U.S. Cyber Command
Sequestration Or Not, U.S. Firms, DoD Will Take A Hit (Defense News) Even if the U.S. Congress is able to hammer out a debt deal that avoids sequestration in January, the resulting agreement will likely result in billions of dollars in additional cuts to the Defense Department -- perhaps as much as $25 billion -- likely forcing the military to alter its roles and missions
3 Companies Capable of Surviving an Economic Blowout (Motley Fool) ManTech is one of the companies providing cyber-security to the Department of Justice under the Information Technology Support Services (ITSS-4) contract, which has a ceiling of $1.4 billion through the end of fiscal 2017
Is the Fiscal Cliff Priced Into Small Cap Government Contractor Stocks? BAH, CACI, MANT, NCIT & INHC (Small Cap Network) Small cap government contractor and services provider stocks like Booz Allen Hamilton Holding Corporation (BAH), CACI International (CACI), Mantech International Corp (MANT), NCI Inc (NCIT) and Innolog Holdings Corporation (INHC) will be the first to leap - one way or the other
SAIC, Motorola Form Mobile App Partnership (ExecutiveBiz) Science Applications International Corp. and Motorola Solutions are partnering to offer government and enterprise customers an open architecture and mobile applications, the companies announced Thursday
Rockwell-Boeing Consortium to Develop DARPA UAV Cyber Protection Software (The New New Internet) A team of computer scientists led by Rockwell Collins and also featuring Boeing will develop cyber attack protection software for unmanned vehicles for the Defense Advance Research Projects Agency
Drone security project to go open source (Register) Australia's high end tech research engine NICTA will take a pivotal role in an US$18 million US Defence project which will develop software to protect the systems in drones from cyber attack. The US Defense Advanced Research Projects Agency (DARPA)
Navy Hands Down $900M Intel Applications, Hardware IDIQ (Govconwire) The U.S. Navy has awarded contracts potentially worth $899,560,000 to several companies for applications and hardware in intelligence, battlespace awareness and information operations. According to a Defense Department notice, work under the indefinite-delivery/indefinite-quantity contract also includes development, integration and testing. Awardees include: Booz Allen Hamilton (NYSE: BAH) CACI International (NYSE: CACI) Engility Corp
Dell Acquires Cloud Solutions Provider, Forms New Enterprise Org. (Govconwire) Dell has announced the purchase of cloud provider Gale Technologies in addition to the formation of a new enterprise systems & solutions organization to be led by Dario Zamarian,vice president and general manager. According to a Dell statement, the terms of the transaction were not disclosed and Gale helps customers turn discrete compute, network and storage components into integrated
Big Data Consolidation: WANdisco Buys AltoStor For $5.1M To Beef Up Its Apache Hadoop Cred (TechCrunch) A little consolidation in the world of big data and Apache Hadoop development: WANdisco, a UK/U.S.-based provider of collaboration software that focuses on the open-source Apache Subversion revision control system, has announced the completion of its acquisition of Palo-Alto-based AltoStor, which will help it further develop its big data products. Publicly-traded WANdisco is paying $5.1 million
Apple Acquisition Target AuthenTec Sells Off Embedded Security Systems Division To Inside Secure (TechCrunch) Back in July, Reuters reported that Apple was looking to acquire mobile security solutions company AuthenTec for around $356 million. Part of the company's business involved providing embedded mobile security but that division is being sold off to NFC company Inside Secure for around $48 million. Still, it looks like there's reason to believe this move suggests continued interest in NFC
Cisco Acquires Enterprise Wi-Fi Startup Meraki For $1.2 Billion In Cash (TechCrunch) Networking tech giant Cisco has just agreed to acquire cloud infrastructure startup Meraki, and my industry sources confirm the purchase price was $1.2 billion, all in cash. I've also gotten ahold of the letter to Meraki employees from CEO Sanjit Biswas. It's a huge win for the 330 employee San Francisco startup. [Update: The PR just hit the wire, confirming our details on the acquisition and
PwC Adds Ray Group to IT Consulting Portfolio (Govconwire) PwC U.S. has acquired information technology and program management consulting firm Ray Group International to bolster its technology consulting and implementation offerings for public sector clients. The transaction was completed Nov. 6 and PwC did not disclose financial terms of the deal in its announcement
Products, Services, and Solutions
Windows Phone 8 Users Reporting Random Reboots, Freezing; Nokia, HTC Handsets Affected (TechCrunch) Some Windows Phone 8 users are reporting problems with random reboots and freezes. It is unclear exactly what is triggering the problems — and whether they are related or down to specific issues with different handsets, although since multiple handsets from different makers are involved a problem relating to the OS seems most likely
Security firms move to stamp out 'piracy' attack (v3) (A rampant malware infection which attempts to pose as a police notification has prompted security vendors to take action and release free removal tools. Security firm Bitdefender said that it would be offering users a free copy of its "Piracy" malware detection and removal kit. The company said that the malware poses as a message from law enforcement and looks to extort payment of "fines" from victims
Raiffeisen Switzerland Launches Cronto Solution for Secure Online Banking (Business Wire) Raiffeisen, a leading Swiss bank, is the first bank in Switzerland to offer Cronto's Visual Transaction Signing Solution as next-generation protection for their online banking customers. Available to customers today, CrontoSign will help to defend online customers from most advanced attacks poised by Trojan malware specifically targeting online banking. Pascal Drr, Head of Electronic Channels at Raiffeisen, Switzerland, says: "We have been looking for a solution that can offer both the security of transaction signing and the user experience that meets the expectations of our 840,000 e-banking customers
Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate (Naked Security) "In April 2011, Naked Security wrote an open letter to Facebook about security and privacy. Eighteen months later, it looks like he have some reason to celebrate - as Facebook appears to be saying "yes" to one of the three steps we asked them to take to better protect its users. Way back in January 2011, Facebook announced it was implementing HTTPS to allow its many millions of users the ability to automatically encrypt their communications with the social network - preventing hackers and attackers from sniffing your sensitive data while using unencrypted wifi hotspots
Why Opera Thrives in Europe's Last Dictatorship (Quartz) Opera lives on in Belarus. Not the musical drama, but the world's fifth most popular web browser. StatCounter, which uses data on browser usage across some 3 million websites, identifies Belarus as the only country in the world where Opera—which elsewhere is something of a niche product—commands the largest share of users
Secure email app for iOS and Android (Help Net Security) AppRiver launched the CipherPost Pro app, which lets companies extend AppRiver's cloud-based encryption service to any iOS or Android device. CipherPost Pro allows users to create, read, track and
FileLocker: Secure cloud collaboration (Help Net Security) FileLocker protects data by encrypting it locally, in-transit and again in the cloud. This means the file is stored with two layers of encryption - one controlled by FileLocker, and one controlled by
Microsoft 2013 unveils 60-day trial of Office 2013 (Fierce CIO: TechWatch) Microsoft Office Professional Plus 2013 is now available for a 60-day trial for customers or IT professionals who would like to give it a spin. The suite consists of Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher, and Lync, and can be downloaded from the Office Professional Plus 2013 download page on TechNet here
They want it for the holidays, but do you want it on your network? (Fierce CIO: TechWatch) As customers--many of whom are also enterprise users--are waiting to see which electronic present they'll get to open, enterprise IT shops are waiting to see what effects some of these new devices will have on their networks
Symantec launches new mobile security app (Fierce Mobile IT) Symantec has launched a new mobile app that provides a console for monitoring and protecting network security, including personally owned mobile devices accessing the network
RIM moves up to No. 3 on smartphone device, OS ranking (Fierce Mobile IT) Finnish mobile phone maker Nokia (NYSE: NOK) is continuing its slide in the smartphone market, dropping from the No. 3 smartphone maker to No. 7 in the third quarter, according to the most recent data from Gartner
Cisco teams with Qualcomm to provide Wi-Fi-based mobile customer capabilities (Fierce Mobile IT) Cisco (NASDAQ: CSCO) is teaming with Qualcomm to help retail stores, hotels, and other businesses use their Wi-Fi networks to provide smartphone users with location-based services and to monetize customer opportunities
Technologies, Techniques, and Standards
All Security Technologies Are Not Data Loss Prevention (Dark Reading) While security technologies may share the common goal of protecting an organization's sensitive data, not all can – or should – be called data loss prevention
Threat Intelligence Hype (Dark Reading) How to measure the IQ of the data you're being fed. Now that we've talked a bit about analytics, I'd like to take on the other thriving buzzword: intelligence. Specifically, threat intelligence, which seems to be part of every security product these days
Writing And Enforcing An Effective Employee Security Policy (Dark Reading) Enterprises have been writing IT security policies for decades, and employees are still violating them. Here are some tips for breaking out of the rut
Tech Insight: Better Defense Through Open Source Intelligence (Dark Reading) Corporate defenders can use the same publicly-available information sources that attackers do, but to better secure their data
Dublin Airport Authority uses virtualisation to overhaul IT (Computer Weekly) As workloads expanded at Dublin Airport Authority, it launched a major IT infrastructure overhaul earlier this year with HPs converged infrastructure and VMware vSphere platform. In under a year, the virtualisation project has given the IT team cost savings, standardised IT, highly-available infrastructure and a centrally managed environment. The virtualisation project at Dublin Airport Authority (DAA) is a five-year IT plan worth about 2m and will drive IT efficiency across its airports and bring cost savings
Thinking about Security from the Inside Out (Wired) However, the recent cyber-attack against oil giant Saudi Aramco reinforces the need to give equal weight to internal threats as well. On August 15, 2012, an insider at Saudi Aramco used privileged access to the company's network to release a computer
Continuous monitoring: A piece of the IT security puzzle (Government Computer News) Tony Sager of the SANS Institute, who until June was COO of the National Security Agency's Information Assurance Directorate, called it "one of the best ideas in information security" he has seen from the government, although he prefers the term
Academia
Degreed Wants To Jailbreak The College Degree (TechCrunch) There's a lot of buzz about how new education platforms are making it easy to acquire the kind of skills that, traditionally, have been reserved for the hallowed halls of higher education. These services, whether it be Khan Academy or one of the countless new MOOCs or MOOC hybrids, want to make it easy for students young and old not only to learn but also to get hired
Legislation, Policy, and Regulation
DoD's Bold Initiative: Secure The User, Not The Device (Dark Reading) Joint Information Environment effort under way to improve its ability to share information between the services, industry partners, and other government agencies
Soghoian: Cyber weapon regulation excludes zero-day exploits (Fierce Government IT) Carefully worded government guidance on what constitutes a cyber weapon allows the unregulated export of zero-day exploits, said Chris Soghoian, a Washington, D.C.-based privacy activist. A zero-day exploit is agnostic as to whether it's used for data exploitation or other uses--and finding and weaponizing them is far more difficult than writing malicious code for post-system penetration havoc
Meaningful use seeks to strike a balance, says Mostashari (Fierce Government IT) The Health and Human Services Department faces a major challenge as it aims to strike a balance between rapidly modernizing the healthcare system and changing at a pace that can be absorbed by healthcare professionals and IT vendors, said an HHS official during a Nov. 14 House subcommittee hearing
Information Security Incidents are now a concern for Colombian government (Internet Storm Center) Like any other country in the world, we are no strangers to security incidents. Many criminals have moved their real world actions to the virtual world, where they have committed numerous crimes and actions that have impacted IT infrastructure of too many companies. Therefore, the National Economic and Social Policy Council (CONPES) issued the 3701 document, which sets out in policy guidelines for cybersecurity and cyber defense of Colombia. The objective of this policy is to strengthen state capacities to address threats that undermine their security and defense in the cyberspace arena creating the atmosphere and the conditions for protection inside it. The document creates the following institutions
Welcome to America. Startups, patent holders, and iPhone programmers, please come to the front of the line (Quartz) Immigration reform looks like it might really happen in US President Barack Obama's second term. Many have tried before and failed; few ever attempted a total overhaul of a very broken system. But amid sudden political momentum, what if the laws governing foreigners' rights to live and work on US shores could be rewritten? Who would get to stay? How tight should borders be? Which countries and industries benefit? Quartz has been asking lawyers, advocates, and business leaders what a sound migration policy in America would look like
President Weighs Picks For Cabinet, Adviser Positions (Wall Street Journal) It is unclear how long Mr. Panetta will stay on. In Asia last week, Mr. Panetta, a former budget chief, signaled his interest in helping resolve the debate over looming defense cuts and other budget issues, which suggests he isn't eager for an immediate exit. "There are a lot of challenges right now with regards to defense issues in Washingtonbudget issues, issues related to planning on Afghanistan," Mr. Panetta said. "I think the president and I are working very closely to make sure that we meet those defense challenges"
Fight erupts over Obama's spy orders to NSA (WND.com) An organization that monitors and reports on privacy issues wants to see of copy of a "secret law" announced by Barack Obama regarding the National Security Agency and its reach into private Internet communications. "This (Freedom of Information Act)
Act now to stop unaccountable, censor-friendly UN agency from hijacking control of the Internet! (BoingBoing) Evan from Fight for the Future, "The open internet is in danger. In just a few weeks, governments from around the world are getting together, and they could decide the future of our internet. Watch the video to find out why a government-dominated agency as old as the telegraph is trying to get its hands on the net we love. Then take action by using the platform to contact your government and tell them to stand up for an open internet"
Information Assurance Framework for Indian Health Care Industry (Blogger News Network) HIPAA has been a trend setter in USA as regards Privacy and Information Security in the Health Care Industry. HITECH act has only enhanced the importance of HIPAA. With Mr Obama being elected for an extended presidential term and his focus on Health
Litigation, Investigation, and Law Enforcement
Georgian police chiefs cuffed in cyber spy plot (Register) Several senior police officials and the former deputy interior minister of Georgia have been arrested on suspicion of spying on former opposition leaders and attempting to influence the result of Octobers parliamentary elections. The arrests come after new prime minister Bidzina Ivanishvilis coalition swept to power at the election, ending the nine-year rule of the government of president Mikheil Saakashvili, who remains in his post until October 2013
Bitcoin…the new paradise for money laundering (SecurityAffairs) In the last decade the cybercrime had made a substantial leap forward of the main threats to the security of each government. The turnover has reached unimaginable numbers attracting ordinary crime and creating new partnerships between organized crime and cybercrime making impossible to indistinguishable them. Group of criminals are paying cybercriminals to receive support to realize complex cyber frauds, vice versa cyber criminals in many cases are reinvesting their earns in other criminal activities binding to major criminal cartels, crime has no limits, it expands like wildfire infiltrating every sector of society
Experian defends security protocols while investigations into its data security grow (pinewswire) It seems that Experian is trying to defend its data security following Jordan Robertsons report on dozens of breaches involving compromised client logins. Jordans report was based on dozens of breach reports compiled by DataLossDB. org and yours truly, who filed a complaint with the FTC about Experians breaches back in April
Judge Dismisses Class-Action Lawsuit Filed Against Valve After November 2011 Hack (Softpedia) In November 2011, the Valve Corporation, the company responsible for the world-renowned game distribution platform, suffered a data breach as a result of which hackers possibly gained access to user billing addresses, passwords, and credit card information. The plaintiffs claimed that they lost money paid to Valve, information, and they were temporarily unable to access certain services because of the incident. They also alleged that they might be forced to spend money in the future to protect their privacy
Microsoft Sued Over Surface Storage Claims (InformationWeek) Lawsuit claims OS and pre-installed apps hog half of the available storage space on new Windows 8 tablet
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.