The CyberWire Daily Briefing for 6.6.2013
Turkish authorities struggle to contain ongoing unrest, which is accompanied and enabled by cyber rioting—twenty-five people have been arrested for using Twitter. Dissidents show growing technological sophistication in their use of anti-censorship apps as they continue to deface government sites.
NetTraveler, the Chinese espionage tool Kaspersky uncovered this week, has been active since 2004. India and the US appear to have been the major targets, but the spyware has been found in systems worldwide. Infected Word documents were an important NetTraveler vector. University of Toronto researchers, confirming earlier accounts of sitcom workplace anomie, describe Chinese espionage network security as "sloppy"—take from this such encouragement as you may.
The US and China exchange mutual cyber recriminations during the run-up to this week's summit, but both sides also express hopes for positive cooperation going forward. The UK considers strong security measures against Chinese hardware manufacturers (notably Huawei), possibly requiring extensive vetting similar to what the US Congress voted to impose earlier this year.
A Plesk vulnerability places Apache websites at risk—an exploit is publicly available. A backdoor master boot record wiper threatens German users. Google publishes a Windows zero-day.
New security patches address issues in Chrome, OSX, Safari, and Schneider SCADA products. Industry observers remain skeptical of Oracle's new approach to Java security.
Purdue researchers demonstrate "temporal cloaking" as a technique for hiding signals. Wired calls DARPA's Plan X Angry Birds for cyber war.
The US Government is sifting Verizon phone records as part of a three-month security sweep.
Notes.
Today's issue includes events affecting China, European Union, France, Germany, India, Israel, Saudi Arabia, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Social Media Is "Worst Menace To Society" Says Turkey PM, 25 Twitter Users Arrested (TechCrunch) Turkish authorities have arrested 25 protesters for the high crime of using Twitter. Amid widespread violent clashes, police rounded up netizens on Tuesday night for "spreading untrue information." Embattled Turkey Prime Minister Recep Tayyip Erdoğan has labeled social media "the worst menace to society," saying of Twitter, "The best example of lies can be found there."
#OpTurkey Takes Height as Turkish Government Mufti Websites Hacked, Database Leaked by TurkHackTeam (Hack Read) It seems as #OpTurkey is taking heights as more hackers are joining in as in latest hack the Turkish hackavists from Turk Hack Team have breached two official Turkish government websites belonging to Mufti's office
#OpTurkey: Grand National Assembly of Turkey Website Hacked, Login details Leaked by China Blue Army (Hack Read) Just couple of hours ago I reported a breach conducted by China Blue Army on Shalom Hartman Institute of Israel, the same group has now started participating in ongoing #OpTurkey by breaching into the official website of Grand National Assembly of Turkey. As a result of breach the hackers were able to access the server of Turkish Grand National Assembly and compromising sensitive login information
Internet-savvy Turkish protesters turn to anti-censorship apps (Help Net Security) In the months leading up to the current protests in Turkey, its government has been censoring content on Twitter and Facebook, as well as throttling and blocking access to them, claim sources inside
Shalom Hartman Institute of Israel Hacked, 200 login accounts leaked by China Blue Army (Hack Read) A group of hackers from China Blue Army are claiming to breach the official website of Shalom Hartman Institute of Israel (hartman.org.il), ending up with leaking login credentials of around 200 Israelis online. Hackers who contacted me via Twitter shows that data has been dumped online on Pastebin along with a message, targeted and vulnerable link of Shalom Hartman Institute of Israel
Nine-year cyber spying campaign stole tech secrets, Kaspersky claims (Information Age) IT security company Kaspersky Lab says it has uncovered evidence of a nine-year cyber espionage campaign with over 350 high-profile victims. Since 2004, a malware tool known as NetTraveler has been used to steal information from government
India prime target of Chinese cyber-espionage: Kaspersky (The Hindu) India has been a prime target of a Chinese cyber-espionage campaign that has been active for at least eight years, according to Russia's leading IT security provider. A report released by the Kaspersky Global Research and Analysis Lab said an ongoing
Chinese hackers sloppy with their own network security, says researcher (FierceGovIT) Chinese espionage networks are themselves very sloppy with their network security, says cybersecurity investigator Ron Deibert, director of the Citizen Lab at the Munk School of Global Affairs at the University of Toronto
Buggy Word programs still exploit of choice for persistent data-stealing groups (SC Magazine) A malicious toolkit, called NetTraveler, is being leveraged in a cyber espionage campaign targeting hundreds of organizations around the globe – and attackers are using two commonly exploited flaws in Microsoft Word to steal corporate data
Red Star: Another advanced hacking crew from China is revealed (Foreign Policy) In the spirit of last February's report by Mandiant detailing the exploits of a Chinese-government-linked hacker group, Russian IT security giant Kaspersky Lab today released a report on another sophisticated Chinese cyber-espionage outfit, dubbed the
More than 360,000 Apache websites imperiled by critical Plesk vulnerability (Ars Technica) Publicly available attack code exploits remote-code bug in Plesk admin panel
Backdoor Wipes MBR, Locks Screen (TrendLabs Security Intelligence) German users are at risk of having their systems rendered unusable by a malware that we're seeing being sent via spam messages. This particular malware, on top of its ability to remotely control an affected system, is able to wipe out the Master Boot Record – a routine that had previously caused a great crisis in South Korea
Google researchers publish Windows 0-day exploit (Help Net Security) Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for help in creating an exploit
135 Indian Websites Hacked by Kurdish Hacker (Hack Read) Yet another day, yet another hack where a Kurdish hacker going with the handle of 'SA3D HaCk3D has hacked and defaced total 135 Indian websites today
Pharmaceutical scammers impersonate Facebook's Notification System, entice users into purchasing counterfeit drugs (Webroot Threat Blog) Opportunistic pharmaceutical scammers are currently spamvertising tens of thousands of bogus emails impersonating Facebook's Notification System in an attempt to trick users into clicking on the links, supposedly coming from a trusted source. Once users click on the links found in the fake emails, they're exposed to counterfeit pharmaceutical items available for purchase without a prescription
iLivid ads lead to 'Searchqu Toolbar/Search Suite' PUA (Potentially Unwanted Application) (Webroot Threat Blog) Our sensors recently picked up an advertisement using Yieldmanager's ad network, enticing users into downloading the iLivid PUA (Potentially Unwanted Application) on their PCs. Operated by Bandoo Media Inc., the application installs the privacy invading "Searchqu Toolbar"
European Police College Hacked (eSecurity Planet) More than 14,000 CEPOL user and admin account credentials were published online
Is data fragmentation putting businesses at risk? (Help Net Security) IT managers believe that fragmentation of corporate data across their IT infrastructure and an emerging 'Shadow IT' network of user devices or consumer cloud services outside their control, is putting
Security Patches, Mitigations, and Software Updates
BIND 9 Update fixing CVE-2013-3919 (Internet Storm Center) Today BIND9 received an update fixing a "recursive resolver with a RUNTIME_CHECK error in resolver.c" [1] Affected versions are BIND 9.6-ESV-R9, 9.8.5, and 9.9.3. The rated CVSS on this one is 7.8
Schneider Patches 18-Month Old SCADA Bugs (Threatpost) More than 18 months after a security researcher revealed a long list of vulnerabilities in its SCADA products, Schneider Electric has released patches for a subset of those bugs for a couple of the affected products
Google Ships 12 Security Patches in Latest Chrome Update (Threatpost) Google released a stable channel update for its Chrome browser yesterday, resolving 12 vulnerabilities, one of which one was considered 'critical', Google's most severe rating, ten of which received second most severe 'high' ratings, and one receiving a third-in-line 'medium' rating
Oracle Addresses Java's Symptoms, But Doesn't Cure Sickness (Threatpost) Security experts are lukewarm on Oracle's security plans for the Java browser plug-in, largely because they don't address code innate to the platform's security sandbox which has been bypassed in a number of attacks
Apple's OS X and Safari get biggish security fixes (Naked Security) Apple has published updates for all supported versions of OS X and for Safari version 6. A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes
Cyber Trends
Mobile security incident costs, regional threat differences revealed (CSO) Survey finds that threat costs run into six figures losses for many, and adware is the most pervasive menace
Ponemon and Symantec 2013 Cost of Data Breach Study Says 'We' are the Enemy in Most Cases (Techzone360) It is report season in the security industry, as witnessed by my earlier item just this past week coming from McAfee on various cyber threats. In keeping with the season, it seems appropriate that Ponemon and Symantec this week released their annual 2013 Cost of Data Breach Study: Global Analysis, and it is interesting on two big fronts
Negligence, Glitches Push Up Cost Of Breaches Worldwide (Dark Reading) The costs of data breaches inched up globally, but in the U.S. companies have managed to continue bringing breach costs down, according to the eighth annual Cost of Data Breach Study out this week. Conducted by Ponemon Institute on behalf of Symantec, the study found that mistakes and human errors accounted for the bulk of all breaches studied, but malicious or criminal attacks costs businesses more when they are at the root of breaches
Marketplace
Huawei faces UK heat over cyber-attack fears (The Australian) TELECOMS equipment made by Chinese companies should be independently tested by the British government to guard against cyber-attacks, an intelligence report says
David Cameron warned of cyber attack threat (ITV News) Telecoms equipment made by Chinese firms should be independently tested by security services in order to protect against cyber attack, the Prime Minister has been warned. The key role played by the Chinese company Huawei in Britain's telecoms network
Army Punches Back In Battle Over Intel Network (Politico) The two sides in the long-simmering dispute over a battlefield intelligence network are reaching deep into the ranks to bolster their cases
Lunarline Provides Beckman Coulter with Air Force DIACAP Services (PRNewswire) Lunarline was recently contracted by Beckman Coulter to provide cyber security services, specifically certification and accreditation, by way of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) for one of their cutting edge custom remote management systems. As part of the support, Lunarline will be assisting in hardening the system to meet department wide standards and requirements, as well as individual military department specifications in order to support deployment of their solution eventually across the DoD
CACI, Be Informed Partner to Offer Agencies Cloud Service (GovConWire) CACI International (NYSE:CACI) and business software maker Be Informed have started developing a cloud computing-based platform intended to help federal agencies deliver services to the public. The companies plan to build an on-site software-as-a-service system for agencies to communicate with citizens, gather stakeholder information and fulfill regulatory measures, CACI said Tuesday
Jane Snowdon Named IBM Federal Chief Innovation Officer (GovConWire) Jane Snowdon Dr. Jane Snowdon, a 17-year veteran of IBM Research (NYSE: IBM), has been appointed to the newly-created position of chief innovation officer for the company's U.S. federal business unit, Information Week reports
Salesforce acquires email company ExactTarget for $2.5B (FierceCMO) Salesforce.com has agreed to purchase ExactTarget for $2.5 billion in cash. The acquisition is Salesforce's biggest ever and is designed to beef up its marketing cloud offerings with ExactTarget's marketing technology, which includes primarily email, but also social and mobile
Why IBM paid big bucks for a company you've never heard of (IT World) Cloud services company SoftLayer was just scooped up by IBM, who had to fight off competing bids from EMC and AT&T to get it. Why was Big Blue willing to pay so much for a fairly anonymous company?
Dell faces tough road ahead (FierceFinance) Dell is in a tough spot. On the one hand, it has a difficult business to run, so it has to project the aura of a winning company with cool products. It has to be a company with a bright future
General Dynamics Mediaware Creates Technical Partnership with Sentient to Enhance Situational Awareness from Airborne Surveillance (Sacramento Bee) Sentient's automatic target-detection plug-in strengthens intelligence reporting capabilities for Mediaware's award-winning D-VEX end-to-end video-exploitation system
Northrop Grumman Awarded $318 Million Task Order to Deliver Enterprise Application Development, Integration Support to Defense Intelligence Agency (Sacramento Bee) Northrop Grumman Corporation (NYSE: NOC) has been awarded an Enterprise Application Development and Integration Support task order with an estimated value of $318 million over 4 years. The task order is provided through the Solutions for Information Technology Enterprise contract from the Defense Intelligence Agency (DIA)
'A new war' (Washington Jewish Week) Israeli cyber-security firms meet potential investors and strategic partners. "We're always looking for innovative partners," said Ed Jaehne, chief strategy officer for KeyW Corporation. It's for that reason that Jaehne - and about 100 other local entrepreneurs and investors - showed up on May 29 for the Maryland/Israel Development Center's (MIDC) Cyber Security Forum
Products, Services, and Solutions
BeyondTrust Releases PowerBroker 6.0 (Dark Reading) Newest release includes session and file integrity monitoring capabilities
AirWatch updates Secure Content Locker (FierceContentManagement) This week, AirWatch--which has developed a variety of mobile management tools--released the latest version of its Secure Content Locker, a tool that provides a way to control key documents when they go in motion
HP-Autonomy wants to help you clean up obsolete legacy files (FierceContentManagement) HP-Autonomy announced Autonomy Control Point 4.0 this week, designed to help organizations find and dispose of old content hidden in the recesses of their content repositories
New SDL translation service provides quick machine translations for free (FierceContentManagement) SDL introduced a free online translation service this week that makes it simple to get machine translations of documents or text. It's called FreeTranslation.com
Technologies, Techniques, and Standards
Building And Enforcing An Endpoint Security Strategy (Dark Reading) Endpoint technologies, defenses, and threats are changing rapidly. Here are some tips for keeping up
Spooks nicking your tech? What you need is THE CLOUD - NSA boss (Register) General Keith Alexander, National Security Agency (NSA) director and commander of US Cyber Command, made his comments during the NATO-organised CyCon conference in Estonia today. "Theft of intellectual property has resulted in the greatest transfer
Flaws in the Carbon Layer: Is a Penetration Test Without a Social Engineering Component Really a Penetration Test? (StoreFrontBackTalk) Every QSA gets asked the same question about penetration testing: What is acceptable (translation: what is the least I can do) for PCI compliance? In the current environment of criminal (and state-sponsored) hacking, that is the wrong question. Instead retailers should ask: How do I get the greatest value from the penetration testing I am already required to do? I would like to make the point that at least part of the answer is for every retailer and payment card merchant to include some form of social engineering as a part of their pen testing
Celebrate Internet Safety Month this June - Stay Safe Online All Summer (MarketWatch) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is celebrating Internet Safety Month this June by encouraging all digital users to STOP. THINK. CONNECT. when accessing the Web. Summer break brings increased Internet use and NCSA advises everyone to take security measures, understand the consequences of their behavior and actions and enjoy the benefits of the Internet
A major cyber threat to critical infrastructures is from…the electric utilities (Control) Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora. As a result, Aurora throws the traditional concept of interdependencies on its ear
IBM's Vision For Cognitive Computing Era (InformationWeek) Ready or not, enterprise IT is entering an insight-driven age of computing where big data analytics rules, says IBM
Cloudera Declares End Of Data Warehousing Era (InformationWeek) Cloudera CEO Mike Olson urges companies to reconsider their data-management approach as the "center of gravity" shifts toward Hadoop
Research and Development
This Pentagon Project Makes Cyberwar as Easy as Angry Birds (Wired) The target computer is picked. The order to strike has been given. All it takes is a finger swipe and a few taps of the touchscreen, and the cyberattack is prepped to begin. For the last year, the Pentagon's top technologists have been working on a program that will make cyberwarfare relatively easy. It's called Plan X. And if this demo looks like a videogame or sci-fi movie or a sleek Silicon Valley production, that's no accident. It was built by the designers behind some of Apple's most famous computers — with assistance from the illustrators who helped bring Transformers to the silver screen
"Temporal cloak" used to hide data transmitted at 12.7 Gbps (Ars Technica) Output looks like a signal-free beam of light
Motorola ponders cybersecurity via tattoo, pill (GMA News) At the D11 conference, Motorola said the tattoo and an FDA-approved pill may make the human body transmit passwords to smart devices, Bitdefender reported. "It means my arms are like wires, my hands are like alligator clips, and when I touch my phone
Biostamps - freedom from password tyranny, or Hollywood science? (Naked Security) Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?
Academia
Stonesoft certification at ESIEA starting autumn 2013 (4-Traders) Stonesoft, the specialist in cyber security, and ESIEA, French state-recognized Graduate Engineering school, have signed an ETS (Educational Training Site) agreement to include Stonesoft ANSSI-qualified solution certification in the education curriculum of the school
Congress questions details of STEM reorganization (FierceGovernment) The administration's plan to reorganize science, technology, engineering and math education programs--cutting the number of programs from 226 to 110 while increasing funding by 6 percent in fiscal 2014--came under scrutiny Tuesday during a hearing before the House Science, Space and Technology Committee
Big Data Analytics Master's Degrees: 20 Top Programs (InformationWeek) These one-year and two-year graduate programs are just what's needed to close the big-data talent gap. Read on to find a school that fits your ambitions and background
Legislation, Policy, and Regulation
Telecommunications Supply Chain is Safe—for Now (SIGNAL Magazine) Concerns about the telecommunications supply chain have led U.S. network providers to institute extensive security procedures, but government officials are looking at establishing formal guidelines for procuring network components overseas—for better or worse
China selectively opens the Great Firewall for special events (Quartz) The western Chinese city of Chengdu hosts the Fortune Global forum of business leaders today. To the great delight of reporters covering the event, the Great Firewall has been temporarily ruptured: Facebook and Twitter are accessible
Government Has A False Sense Of Cybersecurity (Investor's Business Daily) If our military is unable to counter the serious cyber threats that exist today, it's hard to believe that bureaucrats at the Department of Homeland Security can improve our cyber defense with additional regulatory powers tomorrow. With trust in
Saudi Arabia bans Viber web communication tool (Emirates 24/7) Viber allows subscribers to make free calls, send instant messages and share files over the Internet. Saudi Arabia's telecom regulator has banned use of the web-based communication application Viber, which is hard for the state to monitor and deprives licensed telecom companies of revenue from international calls and texts
Net neutrality soon to be on EU's agenda (Help Net Security) Lack of regulation has contributed much to the success of the Internet, and made it a hotbed for new ideas. But there are some things that should be regulated and enforced in order for it to remain
Obama To Press Xi On Cyber Attacks (Los Angeles Times) In January 2010, when Google accused Chinese hackers of infiltrating its network to track emails of human rights activists, the Obama administration didn't disclose what U.S. diplomats in Beijing believed: China's Politburo had directed the attack
China Calls Out U.S. for Hacking (Threatpost) The predominant narrative among U.S. officials and cybersecurity experts is that Chinese hackers, allegedly at the behest of their government, are thoroughly compromising the computer networks of American government, defense, and public sector organizations in order to steal any valuable data found within them on a daily basis. What you don't hear so often, though we'd be remiss to ignore it and you'd be a fool not to believe it, is that the U.S. is doing the same exact thing to China
U.S.: Cybersecurity should be regular part of diplomatic exchanges with China (FierceGovIT) The United States wants to make cybersecurity a regular part of its diplomatic exchanges with China, White House senior officials said during a June 4 press call ahead of a planned 2 day meeting between President Obama and Chinese President Xi Jinping in California later this week
Litigation, Investigation, and Law Enforcement
Hash Value: Authentication adn Adminissibility in Indian Perspective (Ground Report) Hash value plays a significant role in establishing the authenticity and integrity of data/evidence in the digital world particularly in Cryptography, Data Analyses and Forensic Imaging etc. Hash Value popularly known as Fingerprint of data is the crucial single factors which not only authenticate the integrity of data but also play crucial role in the validation of the forensic processes & equipments used for the forensic examination
Visa To Genesco: PCI Compliance? What PCI Compliance? (StoreFrontBackTalk) The predictable other shoe has dropped (please forgive that heel of a play on words) in the legal battle between apparel chain Genesco (NYSE: GCO) and Visa over PCI penalties, with Visa officially asking a federal judge to dismiss the retailer's lawsuit. The $2.6 billion Genesco chain, which owns Journeys, Lids and Johnston & Murphy, had been breached in 2010 and later had to reimburse its acquiring bank for about $13 million in fines charged by Visa. It sued Visa—with its acquirer's permission and blessing—saying that it hadn't violated any PCI rules
Microsoft and the FBI take down more than 1000 Citadel botnets (Infosecurity Magazine) Working with the FBI and the financial services industry, Microsoft last week obtained a court order allowing it to cut communications between 1462 Citadel botnets and the millions of infected PCs around the world
Verizon is giving the feds phone records for all of its US customers: report (New York Daily News) The National Security Agency is gathering telephone records of all Verizon customers — who number in the tens of millions — in the U.S., a bombshell report revealed Wednesday. The top-secret court order, obtained by the Guardian newspaper, requires
White House defends Verizon phone record collection (Baltimore Sun) The Obama administration on Thursday acknowledged that it is collecting a massive amount of telephone records from at least one carrier, reopening the debate over privacy even as it defended the practice as necessary to protect Americans against attack
Sweep of digital wiretapping too broad, says human rights report (FierceGovernmentIT) Coincidentally, British newspaper The Guardian published June 5 an article revealing a top secret order from the U.S. Foreign Intelligence Surveillance Court directing American telecommunications provider Verizon to provide the FBI all telephony metadata recorded by its Business Network Services unit for a 3 month period ending July 19
DHS Watchdog: 'Intuition and Hunch' Are Enough to Search Your Gadgets at Border (Wired) The Department of Homeland Security's civil rights watchdog has concluded that "intuition and hunch" are among the primary reasons why it is "inadvisable" to establish constitutional safeguards protecting travelers' electronics from being searched for any reason along the U.S. border
FAS management pressured officers to award contracts (FierceGovernment) The Federal Acquisition Service overrode its contracting officers and pressured them to extend or award schedules contracts based on complaints from contractors, a June 4 General Services Administration office of inspector general report says
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Pen Test Berlin 2013 (Berlin, Germany, Jun 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations and social events. The training offers the opportunity to participate in NetWars.
CyCon 2013: 5th International Conference on Cyber Conflict (Tallinn, Estonia, Jun 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods in cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks.
Capital Connection 2013 (Washington, DC, USA, Jun 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections, or grow their enterprise. It is one of the nation's most respected industry conferences with more than 800 attendees each year who share a common goal of enhancing our technological ecosystem.
RSA Conference Asia Pacific 2013 (Singapore, Jun 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will be able to attend keynote sessions presented by leading information security industry experts and guest speakers, and choose from approximately 50 sessions.
29th Annual INSA William Oliver Baker Award Dinner (Washington, DC, USA, Jun 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo (Baltimore, Maryland, USA, Jun 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS). This four-day event will take place at the Baltimore Convention Center on Monday, June 10 - Thursday, June 13 with the exposition taking place June 11-12.
CISSE 17th Annual Colloquium (Mobile, Alabama, USA, Jun 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit (, Jan 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year, ADM Cyber Security aims at: reviewing solutions to the ever increasing level of attacks, whether real or potential, [and] equipping all stakeholders with a wide range of actionable strategies.
NovaSec! (McLean, Virginia, USA, Jun 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with members of local Northern Virginia businesses and associations to allow participants to meet, interact on key issues and provide a unified forum to network with likeminded individual.
Suits and Spooks La Jolla 2013 (LaJolla, California, USA, Jun 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in common…it readily became apparent that two broad areas kept coming up: threat mitigation through intelligence and active defense (a.k.a. offense as defense). San Diego is a wonderful location for exploring this theme thanks to its military and high technology industries. The FBI, NCIS, DOD, academia and some cutting edge INFOSEC startups will be represented.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.