The CyberWire Daily Briefing for 11.26.2012
Several claims of zero-day vulnerabilities cropped up over the past week: a Chrome hole (Google doesn't believe it, and the researcher won't talk until he demos his exploit at an upcoming New Delhi conference), a Yahoo! Mail exploit (for sale on the black market), and SCADA vulnerabilities in systems by Siemens, GE, Kaskad, ABB/Rockwell, Eaton and Schneider Electric.
The US continues to deny charges of cyber espionage against the Elysee Palace, and some expert observers lend credence to the denial.
Symantec reports a database exploit is loose in the Middle East; Iranian security authorities call it old news. Other small hacks and scams surface; they amount to fresh warnings to use caution online. One is worth calling out: PASSTEAL malware is circulating in file-sharing sites where it masquerades as a key generator for paid applications.
The South Carolina breach looks more serious: attackers had at least two months' "unfettered access" to the state's tax system. US banks are warned to expect fallout from the 3.3 million bank accounts compromised in the exploit.
Huawei's reputation in the US Government as a security risk opens a market opportunity for other firms: Nokia and Siemens prepare a joint push for US Federal business. Various countries friendly to the US look to American companies to provide cyber expertise.
Lesser-known US universities—the University of Tulsa being exhibit A—become major sources of Federal cyber talent.
Australia's Defence Signals Directorate gives businesses advice on BYOD policy. Greek and British hackers face trial for cyber crimes.
Today's issue includes events affecting Argentina, Australia, Canada, European Union, Finland, France, Georgia, Germany, Greece, India, Iran, Israel, Kuwait, Malta, New Zealand, Oman, Pakistan, Palestinian Territories, Qatar, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Questions, Doubts greet Researcher's Claim to have Chrome Zero Day (Security Ledger) But Gobejishvili also said he has not made any attempt to inform Google about the vulnerability and will not publish any details of the zero day hole even after
Researcher Claims To Have Chrome Zero-Day, Google Says 'Prove it' (Slashdot) chicksdaddy writes "Google's been known to pay $60000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a
Hacker Sells Yahoo! Mail Zero-Day for $700 (Softpedia) Underground hacking forums are flooded with all sorts of zero-day exploits, many of which can
Adobe Reader Zero-Day Still Unfixed, Researchers Fail to Provide P.O.C. (Softpedia) Earlier this month we learned from cybercrime investigation company Group-IB that cybercriminals were selling an Adobe Reader X/XI zero-day for prices
Info about 0-day SCADA flaws offered for sale (Help Net Security) Following in the footsteps of French Vupen Security, Malta-based start-up ReVuln has also decided to sell information about zero-day vulnerabilities to companies and governments instead of sharing it
Researcher Finds Nearly Two Dozen SCADA Bugs in a Few Hours' Time (Threatpost) It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric. And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work
Today's Tech: US accused of cyber-attack on France (ITProPortal) The United States has been accused of playing a part in some of the most significant cyber-attacks recorded in recent years, including the vicious Flame and Stuxnet viruses. But while the victims of these campaigns have been fairly predictable, with
Expert skeptical of alleged U.S cyberattack on French computers (CSO) Hackers said to have used Facebook to make a connection with people working in the Elysee Palace
U.S. denies hacking computers in the Elysee Palace (Help Net Security) U.S. cyber spies have allegedly hacked a string of computers inside the official residence of the President of the French Republic during the last days of Sarkozy's tenure and have stolen confidential
Maher center announcement about the 'narilam' malware (certcc) Recently Symantec reported the detection of a new malware called "win32. narilam". regarding that report there were numerous media coverage on the topic, and comparing the threat to the previously reported cyber-attacks on Iran's infrastructure like stuxnet, duqu and flame
W32.Narilam the malware that hit databases in Middle East (infosec island) Recently we have always thought to malware as dangerous agents used to steal information such as banking credentials or to be used in cyber espionage operation. This is one of the different ways to monetize the development of a malicious agent, virus creation to steal information which is associated with an economic value. But we also learned that malware could be developed for destructive purposes, that the case of state-sponsored project or cyber weapon such as Stuxnet, but similar approach could be also persecuted by private companies against competitor business
Pakistan Hacker Explains How Pakistan google and other sites got hacked (E Hacking News) Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet. At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites. Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach
Anonymous Steps Into Gaza Crisis (InformationWeek) Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say
Hannibal account leak proven as false (cyberwarnews) A few days ago we posted an article that made claims that over 1,000,000 account details had been leaked from a hacker using the handle Hannibal who claimed to leak the data in retaliation attack against anonymous hacktivist for operation Israel. IT has come to light today that this attack was never carried out, that the data was leaked months ago and is still currently being hosted online in the exact same format that hannibal leaked it
MeTV Hacked, Affiliates credentials leaked (cyberwarnews) A popular TV broadcasting network MeTV has been hacked by a hacker we follow often @DARWINARE who recently has attacked and leaked data from UNSW, Amazon. uk and other high profile sites
Dreamhost Breached, Server & client information leaked (cyberwarnews) A pastebin user using the handle Syst3mswt who is apart of warriors team SWT has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host
Anonymous hacker takes on Kaspersky & defaces Kaspersky MP3 webpage (cyberwarzone) Today I got an message in one of the social media groups that the website of Kaspersky has been defaced. It is not the full domain that has been defaced but simply one page (so far). The page that has been defaced is the Kaspersky Anti-Virus 6
Details of 700 Students Leaked from Syrian Virtual University (Softpedia) A hacker group called GreySecurity, or GSec, has hacked into the systems of the Syrian Virtual University (svuonline. org) and has leaked the email addresses of around 700 students. Over the past period, hackers have mostly tried to protect Syrian organizations, but it appears that some collectives dont necessarily care about the agenda of Anonymous and other hacktivists
Anonymous Hackers Take Down School District Site over Student Tracking System (Softpedia) The Northside Independent School District (NISD) in San Antonio made a lot of headlines last week, after threatening to expel a student that refused to participate in their radio frequency identification (RFID) tracking program. At the end of last week, a court delayed the school districts plans to expel the student but, in the meantime, some Anonymous hackers decided to take the matter into their own hands and took down the NISD website. The hacker who took credit for the attack told HotHardware that these 'student locator' programs are ultimately aimed at getting students used to living in a total surveillance state where there will be no privacy, and wherever you go and whatever you text or email will be watched by the government
Bogus Chase Paymentech notification carries malware (Help Net Security) If you receive an email seemingly coming from payment processing company Chase Paymentech, think twice about opening the attachment it carries. The email purportedly delivers an electronic Merchant
'Twitter is going to start charging' phishing scheme pops up (Help Net Security) Twitter users are being actively targeted with DMs falsely announcing Twitter's decision to start charging its use
Bogus Apple invoice leads to Blackhole, banking malware (Help Net Security) If you receive an invoice seemingly coming from Apple that apparently shows that your credit card has been billed for $699,99 (or a similar preposterously huge amount of money) because you bought post
Digitally signed ransomware lurking in the wild (Help Net Security) Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts
Trojanized Thanksgiving-themed screensavers lurking online (Help Net Security) If you want to add a little festive cheer to your computer, a screensaver showing beautiful Thanksgiving images might be just the thing
PASSTEAL Malware Lurking on File Sharing Sites (Threatpost) Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicro's TrendLabs
Hacked Go Daddy sites infecting users with ransomware (Naked Security) Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites
South Carolina Data Breach Poses Big Risks to Banks (American Banker) After initially deflecting responsibility, South Carolina Governor Nikki Haley has admitted that his government could have done a better job to prevent a data breach that compromised sensitive information for four million individuals and 700,000 businesses that file state taxes. More than 3. 3 million unencrypted bank accounts were stolen, and 5,000 credit card numbers, though most of those were expired
Attackers Had Access for Months in South Carolina Data Breach (Threatpost) Attackers had two months of unfettered access to South Carolina's Department of Revenue systems in a classic targeted attack that began with a phishing email and ended with the loss of electronic tax return data, and payment card and personal information on 3.8 million filers, possibly dating back to 1998
Security Patches, Mitigations, and Software Updates
Mozilla Releases Multiple Updates (US-CERT) The Mozilla Foundation has released updates to address multiple vulnerabilities for the following products: Firefox 17.0, Firefox ESR 10.0.11, Thunderbird 17.0, Thunderbird ESR 10.0.11, [and] SeaMonkey 2.14. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, bypass safety restrictions, or perform a cross-site scripting attack
A Backhanded Thanks (Dark Reading) As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world. Around Thanksgiving time in the U.S., I usually take a minute or two between football overload (like that's possible) and binge eating to reflect on the year. It's hard to believe folks are putting holiday decorations up and we're in full fledged planning for 2013. Didn't 2012 just start? Uh, I guess not
Business needs to focus on cyber security threat, says KPMG (hrmagazine) Senior management in British businesses are not taking the threat to cyber security seriously enough, despite increasing publicity about online security breaches in some of the world's largest organisations, according to professional services firm KPMG. The warning comes after cyber security minister, Chloe Smith, last week reiterated the Government's commitment to tackle cyber crime. KPMG's head of information protection and business resilience, Stephen Bonner, said:"The UK's digital economy accounts for 8% of our GDP, so why organisations are yet to develop a mature approach to cyber security is a question that must be answered
Growth of Black Friday online spending slowed despite the iPad's emergence as a major shopping tool (Quartz) US online sales rose 17.4% on Thanksgiving Day and 20.7% on Black Friday from a year earlier, according to estimates by IBM. Mobile web usage increased significantly, with 24% of consumers visiting retailers' sites from a smartphone or tablet, compared to 14.3% last year. Mobile sales represented 16% of the total, up from 9.8% in 2011. Consumers using iPads conducted roughly 10% of total online shopping, blowing away all other tablets. Wal-Mart separately said that mobile devices represented 45% of all Walmart.com traffic on Thanksgiving. But overall online shopping growth rates slowed from last year
Understanding basic honeypot concepts (Help Net Security) The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by CERTs to proactively detect cyber attacks. The study reveals barriers
Battles over online information control to escalate (Help Net Security) The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, escalating battles over the control of online information and continuous threats to the U.S. supply chain
What's the most coveted target for cyber attackers? (Help Net Security) Despite repeated warnings, organizations are still failing to lock down the primary target of most cyber-attacks – privileged access points. Cyber-Ark labs analyzed a string of recent, high-profile
Cloud Security Not the Barrier It's Supposed to Be (Midsize Insider) Groups like the Cloud Security Alliance will continue to perform research and issue documents, as it recently did, according to this Integration Developer News article. These documents are said to serve an important purpose in showing how the industry
Study Hints at the Future of Cloud Computing (BostInno) A recent study by the Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA) revealed that changing government regulations, plausible exit strategies, and international data privacy are the most pressing
Paid mobile apps to generate $57 billion by 2017, says Strategy Analytics (Fierce Mobile IT) Paid mobile apps downloads are expected to generate more than $57 billion globally between 2008 and 2017, despite a shift toward free app downloads over the period, according to the latest estimate by Strategy Analytics.
Nokia Siemens to head stateside to fill Huawei-shaped market gap (ZDNet) After a U.S. House Intelligence Committee found that Huawei and ZTE, which provide telecoms equipment to cellular and wired networks, "cannot be trusted" to be free from foreign state influence and "thus pose a security threat to the United States," it left many networking companies which buy their products up the creek without a paddle. Finland-based Nokia Siemens Networks (NSN) is looking to fill the gap, and what an opportune time: the company is sinking and it needs to expand stateside or face potential collapse
As cyberwarfare heats up, allies turn to U.S. companies for expertise (Washington Post) In the spring of 2010, a sheik in the government of Qatar began talks with the U.S. consulting company Booz Allen Hamilton about developing a plan to build a cyber-operations center. He feared Iran's growing ability to attack its regional foes in cyberspace and wanted Qatar to have the means to respond
Cyberwar Poses Dilemma For Defense Contractors (Washington Post) As allies seek help, U.S. officials wary of technologys misuse
Cyber Security Challenge announces new competitions (Engineering and Technology) The Cyber Security Challenge has announced new competitions including malware attacks from hostile states, IP theft in motor racing and 'Stuxnet-like' attacks on high security facilities. Professional cyber teams from Orange, Prodrive, (ISC)2, the SANS Institute, QinetiQ and Sophos will test over 100 qualifiers from the virtual first-round competitions over the coming months to determine the 40 finalists for the Masterclass grand finale in March 2013
Transcom Opens Cyber Center (Executive Gov) U.S. Transportation Command has opened a joint cyber center for securing the command's information networks, American Forces Press Service reports
Exelis to Help Navy Design, Install C4ISR Awareness Systems (ExecutiveBiz) ITT Exelis has won a $93,261,183 U.S. contract to provide material and services for design, procurement, installation and maintenance of adaptive persistent awareness systems
CMS Awards up to $15B to Upgrade & Manage Data Centers (Govconwire) The Centers for Medicare and Medicaid Services has awarded a number of contracts that could add up to $15 billion in the next 10 years, for the management of its data center operations. According to a NextGov article, contractors for the "virtual data center operation" indefinite-delivery-indefinite-quantity contracts include Accenture Federal Services, HP Enterprise Services, IBM, Lockheed Martin and other vendors
Joyent Gets New CEO, Preps Cloud Tools (InformationWeek) Henry Wasik joins Joyent from Dell, where he lead networking unit; cloud software gets upgrade in early 2013
Intel's Next CEO Must End Mobile Neglect (InformationWeek) Intel built an unbeatable infrastructure for PC and server chips -- which gives it zero advantage in meeting fundamentally different requirements for mobile chip design
Could departure of Intel CEO signal faster shift toward mobile? (Fierce Mobile IT) Chip maker Intel (NASDAQ: INTL) announced Tuesday that Paul Otellini, its long-serving chief executive officer, is retiring in May
Products, Services, and Solutions
Mozilla suspends work on 64-bit Firefox for Windows (Computer World) Mozilla this week suspended development of a 64-bit version of Firefox for Windows, citing add-on incompatibilities and low priority for the project. In a message posted to Bugzilla, the company's bug- and change-tracking database, Benjamin Smedberg, a developer with consulting firm Mozdev, and a regular contributor to the open-source browser, said that the organization was suspending, perhaps for some time, the work on a 64-bit version."Please stop building windows 64 builds and tests," Smedberg wrote on Bugzilla Wednesday. In the same message, he told commenters the decision had been made, and not to argue it on Bugzilla, a warning that several people ignored
HP delivers server for Big Data (Help Net Security) HP unveiled a server built to help clients operationalize Big Data, drive new business opportunities and save up to $1 million over three years
Check Point taps ThreatCloud to revolutionise attack response (ITWeb) Check Point Software Technologies, the worldwide leader in securing the ... and are powered by Check Point's revolutionary ThreatCloud security intelligence
QinetiQ Group plc : QinetiQ Commerce Decisions' Award software is available on G-Cloud Ii / Rm1557 Ii Framework (4-Traders) QinetiQ Commerce Decisions, leading provider of software and services to support strategic procurement projects, has been awarded a place on Lots 3 and 4 of the G-Cloud II framework by the Government Procurement Service. Lot 3 is the framework for Software as a Service (SaaS) and Lot 4 is for Specialist Cloud Services
VMware vCenter Multi-Hypervisor Manager 1.0 released (Help Net Security) VMware vCenter Multi-Hypervisor Manager is a component that enables support for heterogeneous hypervisors in VMware vCenter Server
New line of Panda Security integrated perimeter security appliances (Help Net Security) Panda Security launched Panda GateDefender Performa eSeries, its new, unified perimeter security device that protects against all types of threats
Imation releases PC on a Stick mobile workspace (Help Net Security) Imation announced beta availability of its IronKey Workspace, certified for deployment of Windows To Go. The IronKey Workspace lets organisations outfit mobile professionals with a secure, fast USB
ManageEngine updates Password Manager Pro (Help Net Security) ManageEngine announced enhancements to Password Manager Pro, which offers protection to data centres by helping establish access controls to IT infrastructure, and seamlessly record and monitor
Linux file encryption with BestCrypt (Help Net Security) Jetico has announced BestCrypt Container Encryption for Linux 2.0, now with a simple user experience in a new GUI, plus greater stability and security
Netflix Wants You To Adopt Chaos Monkey (InformationWeek) Netflix has made its own automated disaster testing service, Chaos Monkey, available as a free public download. Should you turn it loose on your own systems
10 Best Apps For Samsung Galaxy Notes (InformationWeek) Check out these 10 great apps that take advantage of the Samsung phablet's S Pen stylus
Android 4.2 On The Nexus 7: First Impressions (InformationWeek) Google recently pushed Android 4.2 Jelly Bean to the Nexus 7 and other devices. Here's a first look at the newest version of Android on Google's 7-inch tablet.
UK mobile operator Three rolls out cloud-based M2M platform (Fierce Mobile IT) U.K. mobile operator Three is rolling out a cloud-based machine-to-machine platform for U.K. companies that want to use its network to provide M2M connectivity
Windows Intune to simplify enterprise adoption of Surface tablet, analyst says (Fierce Mobile IT) Windows Intune, the cloud-based PC management and security software tool available on the new Surface tablet, should "simplify the adoption" of the tablet in the enterprise, said Forrester Research senior analyst David Johnson
Technologies, Techniques, and Standards
Guide to iPad Security in the Enterprise (eSecurity Planet) While iPads and other tablets provide big productivity benefits in the enterprise, they also create some pretty big security challenges. As iPads continue to make their way into the enterprise, security is an increasingly significant concern – a recent study by Context Information Security suggested that the iPad is dangerously vulnerable
Risk Assessment Reloaded (thanks PCI !) (Internet Storm Center) Last month was Cyber-Security Awareness Month, and we had some fun presenting a different security standard each day. One of the standards we discussed was the ISO 27005 standard for Risk Assessment. So when the PCI Council released Risk Assessment Guideance this past week, it immediately caught my attention
What's in Your Change Control Form? (Internet Storm Center) It's surprising how many organizations don't plan well for change. Change Control is a well known process, one that is well defined in many different frameworks (ITIL and the ISO 27000 Series and NIST for starters). Yet many organizations plan changes over coffee and a napkin (or a visio on a good day). This almost always results in figuring out problems during the change (I don't know about you, but the less 1am thinking I need to do, the better off I am!), conflicting changes, or changes that just plain don't work, and need to be backed out in a panic.
Black Friday and Cyber Monday: Trend Micro Canada's Top Tips (Canada NewsWire) With this year's cyber holiday shopping season about to begin, Canadians in record numbers will be online looking for perfect gifts, deals and bargains. Unfortunately shoppers and sellers aren't the only ones who will be busy
Tips for a safe online shopping season (Help Net Security) The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars
Cloud security begins with the contract, says expert (TechTarget) "If I was a business person actually negotiating these deals I would never move forward without those basic, bare bones minimums," Kellermann said in a recent interview with SearchSecurity.com conducted at the 2012 Cloud Security Alliance Congress
Design and Innovation
Innovation Lesson: Disrupt Before You're Disrupted (InformationWeek) Even innovators struggle with the pace of change. Here are some of the ways Silicon Valley companies like LinkedIn push the edge without falling off
Research and Development
A Quantum Dot First: Electron-Photon Entanglement (IEEE Spectrum) A new way to entangle quantum bits made of light and matter could be a boost for quantum communication
Spy Training For The Digital Age (Los Angeles Times) Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage. It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying
Big Data Education: 3 Steps Universities Must Take (InformationWeek) How can universities help meet the growing demand for data scientists? Consider this advice from a professor working in the trenches with tomorrow's analytics pros
Legislation, Policy, and Regulation
DSD issues advice for executives tackling BYOD (ZDNet) The Australian Defence Signals Directorate (DSD) has issued security advice for executives who are having to tackle the issue of employees bringing their own devices (BYOD) into the workplace. Issued from the DSD's Cyber Security Operations Centre, the notice covers implications of BYOD, including the legal, financial, and security implications
Digital Agenda: EU and US sign joint declaration to make the internet safer (Invest in EU) Within the European Commission, Vice-President Kroes is responsible for cyber-security and Commissioner Malmstrom for tackling cyber-crime. Within the United States, the Department of Homeland Security, Department of Justice, Department of State
Demise of cybersecurity bill means executive order on the way (CSO) The demise of the Cyber Security Act of 2012 (CSA) clears the way for President Obama to issue an executive order (EO) implementing at least some of the major elements of the bill. And some political observers say
Israel's Investments in Cyber Defense Pay Off (Heritage.org) Sequestration will cut 9.4 percent from every part of the defense budget. These cuts will hit cyber operations, including cybersecurity programs in the Department of Homeland Security. Hollowing out our conventional and strategic forces is bad enough
New web domains face government objections (Fierce Government IT) The government advisory committee to the Internet Corporation for Assigned Names and Numbers released Nov. 20 a list of about 200 proposed new generic top level domains to which various governments object. ICANN began accepting applications for new gTLDs in January and in June unveiled a list of 1,930 possibilities, some of which have attracted controversy--although the usual examples of contentious proposals such as .sex and .gay are in fact missing from the GAC objections list (.sucks does make it, however)
Litigation, Investigation, and Law Enforcement
Anonymous claims Stratfor hacking trial is partial, unfair (ZDNet) Anonymous is demanding that the judge overseeing the trial of a hacker, who is alleged to be responsible for the Stratfor breach, step down from her position. In December last year, hackers stole information from intelligence broker Stratfor and published the information online. The information included over 50,000 credit card numbers, as well as a large number of email addresses, phone numbers, and easily cracked encrypted passwords
Accused Wikileaker To Ask For Dismissal (Baltimore Sun) Army Pfc. Bradley Manning is due back at Fort Meade this week, where lawyers for the alleged WikiLeaker plan to argue that he was punished at a military brig before his case had been heard grounds, they say, to dismiss all charges against him
Govt spies may face court (Otago Daily Times) Any disclosure would allow Mr Dotcom's team to attempt to examine whether the GCSB had passed information to its US partner, the National Security Agency. The NSA works with the FBI on issues of national significance
Feds want Obama's Internet instructions kept quiet (WND.com) The National Security Agency says a special directive from Barack Obama on the organization's reach into private Internet communications will not be made public. The announcement comes in a letter from the NSA's Pamela Phillips to the Electronic
Experts question guilty verdict for AT&T 'hackers' (CSO) Computer Fraud and Abuse Act of 1986 needs major update, security experts say
Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks (Internet Storm Center) From the Associated Press via The Washington Post. The report cites a 9 million record value and notes that Greece currently has a population of around 10 million (WolframAlpha tells me that the 2010 estimate is 11.2M.) The WP article also wisely notes that 9M value is from a data-file that hasn't been de-duplicated
Student denies PayPal cyber-attack (TG Daily) Student Christopher Weatherhead was one of four British hackers to attack PayPal in support of Wikileaks, a court heard yesterday. While his three co-defendants - Londoner Ashley Rhodes, 27, Peter Gibson, 24, from Hartlepool and an 18-year-old male who
Lewys Martin of Kent faces Oxbridge cyber attack charges (BBC News) Lewys Martin of Kent faces Oxbridge cyber attack charges. A man has been accused of 17 offences connected to the blocking of the websites of Oxford and Cambridge universities and Kent Police. The charges against Lewys Martin, 20, also relate to the
Petraeus Staff Subject Of Document Probe (Washington Post) Petraeus aides and other high-ranking military officials were often tasked by Petraeus and other top commanders to provide military records and other documents to Paula Broadwell for her work as Petraeus's biographer, former staff members and other officials told The Washington Post
EPA struggles with FISMA compliance (Fierce Government IT) The Environmental Protection Agency fell short of its major cybersecurity responsibilities in fiscal 2012 through poor security log management and not resolving known security failures, writes the agency's office of inspector general
Lab misspent more than $1M on IT purchases, says SEC OIG (Fierce Government IT) A lab at the Securities and Exchange Commission is responsible for some major spending and IT security infractions, according to an SEC Office of Inspector General report released publicly Nov. 19 but dated Aug. 30
Good Technology lawsuits show MDM competition is heating up (Fierce Mobile IT) Good Technology's recent patent infringement lawsuits against competitors MobileIron and AirWatch are an indication that competition is heating up in the mobile device management market, observed Phillip Redman, research vice president for mobile and client computing at Gartner
For a complete running list of events, please visit the Event Tracker.
First Annual Maryland Digital Forensics Investigation Conference and Challenge (, Jan 1, 1970) Test your knowledge of digital forensics and cyber investigations. Academic teams of four students from Maryland high schools, community colleges and universities will compete for prizes in the Cyber Crime Case Challenge. Law enforcement officers, public officials and others interested in observing the challenge, attending exciting briefings and the DC3 Digital Forensics Tool Expo are cordially invited to attend. Businesses with an interest in digital forensics (and a lot of them should be) are of course also welcome. Speakers will include Senator Barbara Mikulski, Lieutenant General (Retired) Ken Minihan (NSA), Haden Land (Lockheed Martin), "Mo" Baginski (NSA & FBI), Brigadier General (Retired) Bernie Skoch (CyberPatriot). It promises to be an interesting and exciting event.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.
Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.