The CyberWire Daily Briefing for 5.24.2013
The Assad regime has deployed thirty-four Blue Coat servers to perform deep-packet inspection on Syrian Internet traffic.
The scope and persistence of the ongoing cyber espionage campaign apparently directed by India continue to surprise as new digitally signed Mac spyware is detected. [Update 2.11.14: Text on Indian company involvement withdrawn by source. 022014-001]
The US Department of Homeland Security, in bad news for anyone with a security clearance, is warning employees and contractors that vulnerable clearance processing software an unnamed vendor used has exposed personal information. The vulnerability, now closed, had existed since July 2009.
ZeuS/ZBOT variants resurface with new features. Researchers will show (at Black Hat) how to bypass BIOS security. Google researchers say they've found privilege escalation vulnerability in Microsoft Windows. Ransomware spikes worldwide.
The usual squalid spoor of hacktivist vandalism defiles Eastern European and Mediterranean sites.
Chinese hacking seems to have escaped central control, with a thriving bandit sector that suggests a small-scale reversion to warlordism. Espionage and cybercrime will be central topics of discussion in upcoming Sino-American talks, with the US complaining about the former and offering help against the latter. (Many observers note that the US is no naïf here—it's been a malware buyer.)
Policymakers in the US, South Africa, India, and Australia grapple with approaches to cyber security. In the US, the Government seeks more information sharing, which industry at some level wants, while fearing intrusive and commerce-throttling regulation. The security of the energy sector is of particular concern, as fears of Iranian cyber attack rise.
Notes.
Today's issue includes events affecting Algeria, Australia, Belarus, China, Croatia, Germany, India, Iran, Democratic People's Republic of Korea, South Africa, Syria, Tunisia, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Syria using 34 Blue Coat servers to spy on Internet users (TrustLaw) The servers are using DPI (Deep Packet Inspection) technology to analyse and control the activities of Syrian Internet users - censuring websites, intercepting emails, obtaining details of sites visited and so on. As the Assad regime recovers territory
Researchers find more versions of digitally signed Mac OS X spyware (CSO) The malware is connected to Indian cyberespioange operation and has been active since at least December 2012, researchers say. Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users. KitM (Kumar in the Mac), also known as HackBack, is a backdoor-type program that takes unauthorized screen shots and uploads them to a remote command-and-control (C&C) server. It also opens a reverse shell that allows attackers to execute commands on the infected computers
India likely source of multination cyberspying (USA Today) A multi-national cyberspying onslaught, carried out over three years against companies and agencies in a dozen nations, has been uncovered by Norwegian security vendor Norman Shark and San Diego-based antivirus maker ESET
Thousands of DHS Personnel Notified of Data Breach (Threatpost) The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk. The notifications began on Monday, according to an online statement, after officials learned of a vulnerability in software used by a vendor to process personnel background investigations. The security vulnerability apparently has existed since July 2009 and the exposed data includes names, Social Security numbers and dates of birth. The security hole was sealed immediately
ZeuS/ZBOT Malware Shapes Up in 2013 (TrendLabs Security Intelligence Blog) The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In our 2013 Security Predictions, we predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this thesis, as seen in threats like CARBERP and Andromeda botnet
BIOS Bummer: New Malware Can Bypass BIOS Security (Dark Reading) Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine. As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed
Google researcher reveals another Windows 0-day (Help Net Security) Tavis Ormandy - the Google researcher known for discovering a slew of Windows, Java and Flash Player vulnerabilities and zero-days and his combative attitude regarding the "responsible disclosure" policy
Microsoft brushes off claim Xbox Live accounts were compromised (CSO) Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service. The hacker, who goes by the Twitter handle "@Reckz0r," wrote on Pastebin that Microsoft stored the login credentials in plain text. The data included email addresses and passwords, he added
Researcher Unlocks Samsung Galaxy S4 Bootloader for AT&T, Verizon Android Phones (Threatpost) A researcher has unlocked the bootloader on Samsung Galaxy S4 Android devices, enabling the uploading of custom kernels and software
Recent spike in FBI Ransomware striking worldwide (Webroot Threat Blog) Recently we have seen a spike of this ransomware in the wild and it appears as though its creators are not easily giving up. This infection takes your computer hostage and makes it look as though the authorities are after you, when in reality this is all just an elaborate attempt to make you pay to unblock your computer
49 Israeli Websites Hacked by The key40 from Algeria (Hack Read) An Algerian hacker going with the handle of 'the key40′ has hacked and defaced total 49 Israeli websites. The sites were left with not one but several partially deface pages and messages against Israel, favoring Palestinians, such as
Honda Belarus Breached, Accounts and Data leaked by @Ag3nt47 (Cyberwarzone) Earlier today hacker @ag3nt47 announced that they were sick of Honda ads (sponsored tweets) on twitter and that they would be hacked
Syndicasec in the Sin Bin: targeted espionage malware in action (We Live Security) Malware researchers receive so many malicious code samples every day that prioritization for deep examination becomes an important part of the analysis process. In some instances, it is easier to decide than others. Such is the case for a sample we recently came across here at ESET named Win32/Syndicasec.A, for which the decision was pretty easy, for a variety of reasons:Our telemetry systems show that the infection scale is extremely small and strictly limited to Nepal and China
Event ticketing company hacked, at least tens of thousands affected (SC Magazine) After a server attack, tens of thousands of customers, who used the services of Boston-based online ticketing company Vendini, had their financial and other sensitive information exposed
The wide world of hacking in China (CNet) CNetChina has been cited as allegedly hacking into U.S. government and corporate networks for years now. Generally, the thinking has been that the government is the only entity in the country actively hacking. But a new report seems to indicate that's not even close to the truth.The News York Times on Thursday released a report on hacking across China. The Times found that not only does hacking occur at the highest levels of the government, but that everyone on down from local law enforcement
Chinese hackers advertise HACKS FOR SALE (Cyberwarzone) Chinese hackers openly advertise on IT fairs.A good hacker in China earned $ 100,000 a year. The skill to penetrate into foreign systems, IT security trade fairs advertised openly and taught at universities.Hackers company praise on an IT Security Expo in Beijing to open their services. As the New York Times journalist Edward Wong reports , sales professionals from companies such as Nanjing XHunter software advertise that they attack every computer in China, copy the contents of the hard drive
Mandiant: Report Sending Chinese Cyberattackers Back To The Drawing Board? (CRN) A Mandiant report that tied China to a cyberespionage operation and exposed how it infiltrated more than 100 businesses has significantly impacted the group's campaign, decreasing attacks and possibly forcing the group to turn to alternative methods
Iran Hacks Energy Firms, U.S. Says (Wall Street Journal) Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said. In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation
The dangers of downloading software from unofficial sites (Help Net Security) Because malware peddlers often bundle their malicious wares with legitimate software, downloading anything from unofficial download sites is a bit like playing Russian roulette: a click and the game
Why Twitter's two-factor authentication isn't going to stop media organisations from being hacked (Naked Security) Twitter's new two factor authentication system will be welcomed by some users, but ignored by others who will find it a nuisance. Notably, it's unlikely to be much use at all to media companies who have suffered at the hands of hackers, as Graham Cluley explains
Twitter's two-step authentication a good start, experts say (CSO) For celebrities and the average Joe, having two-factor authentication turned on won't protect them against determined hackers, however. While experts praise Twitter's decision to provide accountholders with two-factor authentication, they warn that additional security will still be needed to prevent the hijacking of high-profile accounts
Compromised Devices of the Carna Botnet (AusCERT) What is the Internet Census 2012
Cyber Trends
Fight Against Cyber-Crime Is On The Right Track, According To PandaLabs Q1 Report (Dark Reading) Major organizations such as the BBC or Burger King saw their Twitter accounts hacked. PandaLabs, Panda Security's anti-malware laboratory, has published its Quarterly Report for Q1, analyzing the IT security events and incidents from January through March 2013. Despite the numerous security incidents that took place during the first quarter of the year, the fight against cyber-crime looks to be on the right track, and though there is still a long way to go, international co-operation among security agencies is beginning to pay off and criminals around the world are being brought to justice
Cybersecurity awareness week: be aware you're being lied to (Crikey) It's cybersecurity awareness week. So you should be aware that you're being lied to about cybercrime, who's behind it, and how your rights and freedoms are under threat
Infectious Computer Worms Are Sucking Energy and Money From Companies (Forbes) The analysis, titled Electric Grid Vulnerability, goes on to say that the U.S. Department of Homeland Security has processed 68 percent more cyber-incidents in 2012 involving federal agencies than it did in 2011. The report references one U.S. utility
US fears irrational hackers (TechEye) The sort of attack they could carry out is like the one found by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT. A flaw was found in equipment from Germany's TURCK, which is used
Is protecting intellectual property from cyber thieves futile? (CNET) "The frustration for me is that in the U.S., parties who have valuable intellectual property are not adequately protecting their data," said Richard Marshall, former director of Global Cyber Security Management for the Department of Homeland Security
Only 36% of small firms apply security patches. No wonder cybercrooks are stealing their cash (Naked Security) Small businesses are under constant attack from malware, scams and online fraud. They are simply woefully under-prepared to keep their assets safe. Despite reorganisation and redirected priorities, the police can still do little to help. Here are some general tips from the FSB to help firms better
Marketplace
How to Win Contracts When Lowest Price Is the Highest Measure (SIGNAL Magazine) The lowest price technically acceptable (LPTA) acquisition strategy, which focuses on price over value, has become the dominant approach that agencies are applying to federal contracting. The accelerated transition to this strategy has been fueled by sequestration and the growing need for government to do business at a reduced cost. Contractors are still learning how to operate in this new environment, but many fear that the emphasis on lower cost labor will reduce the expertise of the work force and result in lower levels of effort
GAO: Military Propaganda Efforts Flawed (USA Today) Pentagon propaganda programs are inadequately tracked, their impact is unclear, and the military doesn't know whether it is targeting the right foreign audiences, according to a government report obtained by USA TODAY
GSA, Telecom Firms Sign Govt-Wide Mobile Service BPA (GovConWire) Kay Kapoor AT&T (NYSE: T) Sprint (NYSE: S), T-Mobile and Verizon (NYSE: VZ) have signed a blanket purchase agreement with the General Services Administration to centralize service plans for agencies under one government-wide purchasing vehicle
M&A in big data security (FierceBigData) Blue Coat Systems is a security company that likes to consider security as a means to an end, which is to ultimately provide business value. It calls its product set business assurance technology. This week, the company added to its means by announcing its intention to acquire Solera Networks, a big data security intelligence and analytics company, for an undisclosed sum
Big data's creating more jobs than we can fill (FierceBigData) Talent shortages may persist in the big data market, but at least companies are beginning to understand what skills they need. Over the next two years, companies in the United States will be looking to fill 1.9 million technical positions, mostly analytical, according to Gartner. There will be another 2 million worldwide
David Keffner Named SRA Corporate Controller (GovConWire) David Keffner, a former business group chief financial officer at SRA International, has been promoted to corporate controller at the Fairfax, Va.-based technology services contractor. Keffner will be responsible for financial planning and analysis, treasury and corporate accounting in his new position, SRA said Wednesday
Products, Services, and Solutions
MoVP II (Internet Storm Center) Volatility is a Python framework for performing memory forensics. If you haven't tried it yet I highly recommend it. The Volatility Month of Volatility Plugins II is on! As announced here Volatility 2.3 is entering beta and the second MoVP (Month of Volatility Plugins) has started and is actually in their second installment. Some very exciting new stuff
NetAbstraction and Light Point Security have signed a partnership agreement to offer virtualization and cloud technologies to protect customer's online activity. (PRNewsWire) NetAbstraction combines their next-generation secure network with Light Point Security's first and only server-based virtual-machine-in-a-browser
A Privacy App That Ensures Personal Data Really Disappears (Entrepreneur) Files are never stored; they are completely overridden, cleared of metadata and encrypted with the same security technology employed by the National Security Agency. The free version allows users to send messages that can be kept for up to five days
Sophos RED scoops "Protector Award" at this year's AusCERT conference (Naked Security) We're proud to say that at this evening's 2013 Information Security awards at the AusCERT conference in Australia, Sophos scooped the "Protector Award" with its Sophos RED product. Paul Ducklin says, "Well done" to the techies behind the technology
OnRamp Addresses Recent Cloud Security Concerns with Private Cloud Solutions Designed to Mitigate Security Risks (DigitalJournal.com) Although there are many risks associated with the cloud in general, in a recent report released by the Cloud Security Alliance (CSA) titled The Notorious Nine: Cloud Computing Top Threats in 2013
FireEye Supports Compliance With Latest NIST Privacy Controls (MarketWatch) FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, today announced that its
Twitter Two-Factor Security Combats Takeovers (InformationWeek) Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming
Technologies, Techniques, and Standards
The secret to getting engineers to be more charismatic (Quartz) The idea that qualities like charisma or leadership can be taught is fairly new. Sixty years ago, science dictated that social skills were innate; somebody like Olivia would have been better off seeking a profession in which she could mostly avoid people
Security Pros Fail In Business Lingo (Dark Reading) Non-executive-level security professionals just aren't communicating well or coherently with senior executives, a new survey shows.That's in contrast to their superiors on the executive side of the security house, who appear to have somewhat hacked the proper business language and perspective: While about 38 percent of non-exec security pros say they use business-oriented language when they communicate with corporate execs, nearly half of exec-level security pros say they do
Is it time to professionalize information security? (Help Net Security) The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate. I think it is time to examine the question again
Beware Of The 'Checklist' Penetration Tester (Dark Reading) If your penetration tester has an overreliance on checklists, he or she is a novice. In the hands of a novice tester, checklists are treated as both the start and the end of a test
Design and Innovation
Someday, you may use bitcoin without even knowing it (Quartz) Bitcoin backers have big dreams—dreams of reinventing the financial system based around a currency not issued by governments and not subject to the whims of central banks. But the cryptocurrency's volatility over the last few months has raised questions about whether most people would want to depend upon it to pay for goods and services
Free information, as great as it sounds, will enslave us all (Quartz) Imagine our world later in this century, when machines have gotten better. Cars and trucks drive themselves, and there's hardly ever an accident. Robots root through the earth for raw materials, and miners are never trapped. Robotic surgeons rarely make errors. Clothes are always brand new designs that day, and always fit perfectly, because your home fabricator makes them out of recycled clothes from the previous day. There is no laundry. I can't tell you which of these technologies will start to work in this century for sure, and which will be derailed by glitches, but at least some of these things will come about
Research and Development
CESG And Cellcrypt To Develop MIKEY-SAKKE Technology (Dark Reading) MIKEY-SAKKE is a method of key exchange that provides a full set of standards in the public domain
The solace of quantum (The Economist) Cryptograaphy is an arms race between Alice and Bob, and Eve. These are the names cryptographers give to two people who are trying to communicate privily, and to a third who is trying to intercept and decrypt their conversation. Currently, Alice and Bob
Academia
Why Young IT Pros Should Consider Higher Ed (InformationWeek) While high unemployment continues nationwide, small colleges and universities face a chronic shortage of tech professionals. As if that challenge weren't daunting enough for CIOs like myself, now I'm told we must understand how the different generations think in order to better attract and retain them. Let me explain
Legislation, Policy, and Regulation
US government has no idea how to wage cyberwar: Ranum (ZDNet) Military strategies and tactics that may work in the physical world do not have a place in guiding "cyberwarfare", and those that attempt to use them demonstrate a key lack of understanding, according to Tenable Security's chief of security Marcus Ranum.Ranum, who spoke at AusCERT 2013 at the Gold Coast, Queensland, on Friday, highlighted several methods that strategists and tacticians use that simply do not work in the online world.The concept of castle defence, for example, is commonly used as
Co-ordination and responsibility remain top government cyber needs (Janes) US cyber officials continue to call for more active defences, better collaboration, and more accountability in industry as offensive threats maintain a significant advantage over defence
Helping China end its cybercrime spree (CS Monitor) In their first official summit, President Obama and Chinese President Xi Jinping will meet next month in California and talk informally for two days, trying to hash out their differences. If the latest White House concern about China is on the table, the two men will spend a lot of time on intellectual property theft.Only in recent months has the United States officially singled out China as the origin for much of the cybertheft of American industrial secrets. The effects of this stealing have
Mandiant's APT1: Revisited (CSO) The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. In February, Mandiant released APT1: Exposing One of China's Cyber Espionage Units, a 74-page tome that told the story of a professional cyber-espionage group that, if it's not sponsored by the Chinese government, certainly operated with its knowledge. Mandiant also released more than 3,000 APT1 indicators, comprising domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware
How the U.S. Government Hacks the World (BusinessWeek) Obscured by trees and grassy berms, the campus of the National Security Agency sits 15 miles north of Washington's traffic-clogged Beltway, its 6 million square feet of blast-resistant buildings punctuated by clusters of satellite dishes. Created in 1952 to intercept radio and other electronic transmissions—known as signals intelligence—the NSA now focuses much of its espionage resources on stealing what spies euphemistically call "electronic data at rest." These are the secrets that lay inside the computer networks and hard drives of terrorists, rogue nations, and even nominally friendly governments. When President Obama receives his daily intelligence briefing, most of the information comes from government cyberspies, says Mike McConnell, director of national intelligence under President George W. Bush. "It's at least 75 percent, and going up," he says
A spotlight on grid insecurity (Help Net Security) Drawing from responses from more than 100 utilities across America, a new report shows that the nation's electric grid remains highly vulnerable to attacks from Iran and North Korea, or other threats
Attacks on Utilities Highlight Need for Strong Rules: Lawmakers (eWeek) The survey, sent to electric companies and cooperatives by the congressional staffs of congressmen Edward J. Markey and Henry A. Waxman, found that most utilities complied with required cyber-security standards but only a minority had adopted voluntary
Cyber security in US power system suffering from reactive, self-policed rules (Naked Security) John Hawes argued that what's needed is carefully considered defensive strategies combined with fast responses to new, unforeseen vulnerabilities. Sadly when government and big business intersect, pragmatism and speedy reactions are rarely in evidence
Oil and Gas Lobby Resists Regulation Despite Cyber Risk (Wall Street Journal) The oil and gas sector faces many of the same cyber security challenges as the electric industry. Yet, there's one major difference between the industries, both of which need to secure software-based industrial control systems from intruders. There are no regulations governing cyber security among the oil and gas companies
The Morning Download: Gas Industry Lobbies Against Cyber Standards (Wall Street Journal) American Gas Association CEO Dave McCurdy said at a U.S. House of Representatives hearing on cyber security Tuesday that no regulations were needed and that the sector's voluntary approach is working just fine
Information Sharing Critical To Cyber Defense (Forbes) I kicked off a conversation with Dan Holden, Director ASERT, at Arbor Networks by asking him about the Mandiant APT1 Report that was generating a lot of buzz at this year's RSA Conference. Dan emphasized the benefit to the community of security
Cyber security task force launched in California (acumin) Government officials in California have come together with private sector leaders in an effort to develop a new cyber security task force.It is hoped the creation of a comprehensive strategy for the US state - the first of its kind in the country - will leave industry and local government better protected against the threat posed by hackers.Michele Robinson, acting director for the Office of Information Security, told Government Technology the move makes sense because of the various interconnect
Govt plans cyber security coordinator (Deccan Herald) Prime Minister Manmohan Singh on Thursday described outer space and cyber space as two emerging security challenges for India. To combat such threats, the government will soon create a national cyber security office for a coordinated response. The decision is aimed at implementing a national architecture on cyber security.We are implementing a national architecture for cyber security and have taken steps to create an office of a national cyber security coordinator, the prime minister said after
Joint action needed on cyber crime (TechCentral) If South Africa is to win the war on cyber crime, government and business need to collaborate, industry experts say. Defending against cybercrime requires constant vigilance and training and collaboration between financial institutions, government departments and anyone else who is vulnerable to attack
Litigation, Investigation, and Law Enforcement
French police end missing persons searches, suggest using Facebook instead (IT World) The latest victim of disruption by Internet technologies is a veteran of World War I: the missing persons search
Leonard Downie: Obama's war on leaks undermines investigative journalism (Washington Post) For the past five years, beginning with his first presidential campaign, Barack Obama has promised that his government would be the most open and transparent in American history. Recently, while stating that he makes "no apologies" for his Justice Department's investigations into suspected leaks of classified information, the president added that "a free press, free expression and the open flow of information helps hold me accountable, helps hold our government accountable and helps our democracy function." Then, in his National Defense University speech Thursday, Obama said he was "troubled by the possibility that leak investigations may chill the investigative journalism that holds government accountable"
What to Expect From DHS/FBI in a Cyber Investigation (Wall Street Journal) It's one thing to hear about the challenges companies face when dealing with a cyber incident in the abstract, it's another to see it play out in real-time. Before you even have your hands wrapped around what was taken and who took it, you have to confront you
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.
Diversity Careers in Cybersecurity Symposium (Baltimore, Maryland, USA, May 30 - Jun 2, 2013) The 2013 Diversity Careers in Cybersecurity Symposium creates opportunities for networking and learning. We invite top executives to give presentations on topics ranging from leadership best practices to industry trends in technology. With 30,000 jobs in Cyber Security going unfilled in Maryland alone, the focus for 2013 is building the pipeline to fill the growing need.
Recent Advances in Reverse Engineering (RARE) (San Francisco, California, USA, Jun 1 - 2, 2013) The goal of the rare conference is to provide a venue where people interested in the analysis of binary programs can speak to one another directly, and to form a common language outside of their respective hyper-specialized, individual niches.
2013 St. Louis CISO Summit (, Jan 1, 1970) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind of change that is sweeping through the IS community motivating today's information guardians to develop a new way of thinking to ensure success in protecting their respective organizations.
Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, Jun 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.
Pen Test Berlin 2013 (Berlin, Germany, Jun 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations and social events. The training offers the opportunity to participate in NetWars.
CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, Jun 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods in cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks.
NSA SIGINT Development Conference 2013 (Fort Meade, Maryland, USA, Jun 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by providing America's leaders with critical information they need to defend our country, save lives, and advance U.S. goals and alliances globally. The exposition will be unclassified and will consist of a one-day event as an adjunct to the SIGINT Conference. The conference sessions will be conducted in a classified area in close proximity to the exhibits.
U.S. Census IT Security Conference and Exposition (Suitland, Maryland, USA, Jun 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your information' to lead up to their Annual IT Security Awareness Conference. This specific workshop will take place on June 5, 2013 with a focus on Security Issues..
Capital Connection 2013 (Washington, DC, USA, Jun 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections, or grow their enterprise. It is one of the nation's most respected industry conferences with more than 800 attendees each year who share a common goal of enhancing our technological ecosystem.
RSA Conference Asia Pacific 2013 (Singapore, Jun 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will be able to attend keynote sessions presented by leading information security industry experts and guest speakers, and choose from approximately 50 sessions.
29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, Jun 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.