The CyberWire Daily Briefing 06.27.13

Cyber Trends

Top 5 Fake Security Rogues of 2013 (Webroot Threat Blog) We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam. Although they use various tactics and convincing GUIs to get onto your computer, they all share a common goal: To get your money

A serious security breach could cost large firms $649k (Computer Business Review) Costs of a cyber-attack against small and mid-sized enterprises are less when compared to large organisations. The average cost incurred by large organisations when hit with a serious cyber attack could be about $649k, a new report has suggested

US under cyber - attack barrage as military and energy operations are threatened (ITProPortal) The USA's cyber-defences are coming under increasing strain, with fresh reports detailing efforts from foreign adversaries to expose the country's critical operations; including the military and energy industry. The latest blow to the military comes

Why business is losing the war against cybercrime (CSO) New State of Cybercrime survey finds lack of risk awareness means poor defenses in the enterprise

Privacy zealots say, 'Cookies for me, none for thee' (ComputerWorld) Establishment of Cookie Clearinghouse shows support for user choice to be little more than rhetoric

Online Security - Whose Responsibility? (Cyberwarzone) Since the early days, malware has been conditioned by the way we use technology. Until the turn of the century, this meant a threat landscape dominated by cyber-vandalism. Viruses might overwrite huge chunks of data, or slowly corrupt data, or display a message on the screen, or just spread - with no payload at all. Don't misunderstand me. I'm not suggesting that the problem was trivial. Individuals or businesses on the receiving end of an infection could suffer significant losses. But there was no way for malware writers to make money from what they did

U.S. Oil and Gas at Greater Risk for Cyber Attacks (Cyberwarzone) The U.S. energy sector, including oil and gas producers, was hit by more targeted malware attacks from April to September last year than any other industry, says a new Council on Foreign Relations (CFR) report, citing data from a Houston-based security company, Alert Logic

Organizations Confident in Sending Sensitive Data to the Cloud Despite Security Fears (SecurityWeek) According to the results of a cloud security survey conducted by Ponemon Institute, sponsored by Thales, a growing number of organizations are pushing sensitive and confidential data into the cloud. This movement of data happens with confidence, the study says, despite concerns over data protection

The Top Five IT Security Cyber Threats Are… (Infosecurity Magazine) As cybercrime expands and evolves, a new study categorizes and describes the top five threats: data breaches, malware, DDoS, mobile threats and the industrialization of fraud - and they're all interrelated

Mobile Attacks Will Continue to Increase and Grow More Sophisticated: Juniper Networks (SecurityWeek) A new report from Juniper Networks outlines the trends and the year-over-year growth of the mobile malware market, including the fact that criminals are making a tidy profit as a result of their efforts

Legislation, Policy and Regulation

Fact and Fiction in the NSA Surveillance Scandal (Slate) The whistle-blower's claims, revisited. For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. But in the past few weeks, its controversial spying efforts have been thrust into the international spotlight following an unprecedented leak of top-secret documents

NSA to implement 'two-man rule' in wake of Snowden leak (Infosecurity Magazine) According to reports, the US National Security Agency (NSA) will be implementing a two-person rule to prevent another leak by a system administrator like Edward Snowden, the contractor who exposed details of the Operation PRISM surveillance program

SASC calls for new oversight of Cyber Command (FierceGovIT) The Senate Armed Services Committee says it has concerns that oversight of Cyber Command and the cyber mission within the Defense Departments "is fragmented and weak," calling for creation of a Senate-confirmed position within the undersecretary of defense for policy to supervise and manage the funds of offensive cyber forces

White House should develop cyberspace deterrence policy, says SASC (FierceGovIT) The president should develop a deterrence policy for cyberspace, says the Senate Armed Services Committee. Current policy documents, the committee says in the legislative report (.pdf) accompanying its June 14 23-3 markup of the fiscal 2014 national defense authorization act (S. 1197), lack depth and breadth and fall short of an "integrated policy to deter adversaries in cyberspace."

Fallout from Snowden's sharing of NSA secrets (Washington Post) Congress and the courts will sort out the big questions about privacy and surveillance posed by Edward Snowden's disclosure of National Security Agency (NSA) monitoring programs. In the meantime, there are some nagging smaller questions raised by this hemorrhage of secrets

Worldview: For Snowden, odd bedfellows (Philadelphia Inquirer) The global hunt for Edward Snowden is damaging U.S. interests in ways that go far beyond the intelligence data he leaked

Al-Qaida Said To Be Changing Its Ways After Leaks (Yahoo) U.S. intelligence agencies are scrambling to salvage their surveillance of al-Qaida and other terrorists who are working frantically to change how they communicate after a National Security Agency contractor leaked details of two NSA spying programs. It's an electronic game of cat-and-mouse that could have deadly consequences if a plot is missed or a terrorist operative manages to drop out of sight

Defense Chief Says Snowden Leaks Were 'Serious Security Breach' (Reuters) U.S. Defense Secretary Chuck Hagel said on Wednesday that intelligence leaks by National Security Agency contractor Edward Snowden were a serious breach that violated U.S. laws and damaged national security

Former NSA leakers: We told you so (IT World) Recent leaks about surveillance programs at the U.S. National Security Agency show an agency with little regard for the U.S. Constitution and laws on the books, two past NSA leakers said Wednesday

Letters at 3AM: The Patriot Edward Snowden (Austin Chronicle) Edward Snowden is the American equivalent of the man who stood in front of that tank in Tiananmen Square. Disclosures by the patriot Edward Snowden will have at least one penetrating and unpredictable result: Even though Americans may not face what we've enabled two administrations to do to us, and we may go on denying that we've become the nation we've become – now the whole world has seen proof. The world will not forget, and the world will not let us forget

Edward Snowden Steps Into Secret U.S.-Russia Spy Scuffle (ABC News) As NSA leaker Edward Snowden is said to be spending his third day in hiding in a Moscow airport, the 30-year-old contractor may have unwittingly become the newest player in a relentless yet relatively little-known espionage war between the U.S. and Russia

The Cold War Is Back (Slate) Edward Snowden's long layover reminds us that Russia is not an ally. For those who think that Edward Snowden deserves arrest or worse, cheer yourselves with the thought that Sheremetyevo International Airport might possibly be the most soul-destroying, most angst-inducing transport hub in the world. Low ceilings and dim lighting create a sense of impending doom, while overpriced wristwatches glitter in the murk. Sullen salesgirls peddle stale sandwiches; men in bad suits drink silently at the bars. A vague scent of diesel fuel fills the air, and a thin layer of grime covers the backless benches and sticky floor. It's not a place you'd want to spend two hours, let alone 48

Snowden Watch: Why Putin is Loving It (National Journal) The Russian leader loves to humiliate Washington, and he now has the ultimate tool. During his 13 years in power, Vladimir Putin has demonstrated a fondness for detaining all kinds of dissidents: rich ones, like the imprisoned tycoon Mikhail Khodorkovsky; pop culture ones, like the band Pussy Riot. So Putin must be at least somewhat sympathetic to Washington's desire to arrest America's most prominent dissident, Edward Snowden. In remarks on Tuesday, Putin indicated that he didn't want the National Security Agency leaker to remain in a transit zone at a Russian airport, saying "the sooner he chooses his final destination, the better it is for him and Russia"

Cold War Remixed: Edward Snowden Moves Into Graham Greene Territory (Daily Beast) International communism isn't getting the band back together, writes Nick Gillespie, but old alliances are reasserting themselves as a counterweight to American power

FTC's 'Reclaim Your Name' Would Regulate Big Data (Threatpost) FTC Commissioner Julie Brill proposed a plan she called Reclaim Your Name that would regulate how data brokers collect and share consumers' personal information

Cyber guardsmen could defend domestic networks (Army Times) Keith B. Alexander, the head of U.S. Cyber Command and the National Security Agency. A bipartisan Senate bill calls for "Cyber Guards" in every state, trained and prepared to respond to cases of cyber and network attacks. The bill suggests the Guard

Cyberspace is a Team Sport (Signal Magazine) Jennifer Napper, USA, director of plans and policy, U.S. Cyber Command, and other panelists at the AFCEA International Cyber Symposium in Baltimore said that cyber requires cooperation across the U.S. government, with the private sector and with other

Even Breach Notifications Are Bigger In Texas (SecurityWeek) If you lose a database with personal information of residents of different states, what state law or laws apply when it comes to notifying those people of the breach

RBI directs banks to be wary of cyber attacks (Economic Times) The Reserve Bank today directed banks to periodically check their preparedness to prevent any cyber attack. "Considering that cyber attacks could threaten the confidentiality, integrity and availability of data and the systems, it is imperative

Products, Services, and Solutions

Goodbye Passwords, Hello Login Freedom: Identity Startup Clef Leaps Out of Private Beta to Disrupt Online Authentication With the Release of the Clef Identity Architect (PRWeb) Turning passwords into unique visual patterns on your smart-phone, Clef leads the way in bringing military-grade login cryptography to the consumer market

FireEye Uncovers Key Characteristics to Identify Origin of Advanced Cyber Attacks (CMO) FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, today announced the release of "Digital Bread Crumbs: Seven Clues To Identifying Who's Behind Advanced Cyber Attacks," a report which details the most prevalent attack characteristics that can help security professionals identify threat actors and better defend organizations from future advanced cyber attacks. The report also identifies an attack tactic employed by the Chinese military group known as "Comment Crew," previously linked to targeted attacks against the U.S. government

Bitdefender drops the number and goes Photon on your PC (CNET) Bitdefender®, the award-winning provider of innovative antivirus solutions, has launched an even faster and more precise new line of products that form-fits to each computer for top speed, clads private data in iron protection and makes the internet a

Technologies, Techniques, and Standards

CSI: Cyberattack (Dark Reading) The attacker behind the keyboard is human, too: He's a creature of habit, and he sometimes makes mistakes. Identifying telltale patterns used in an attack can provide useful intelligence to help organizations better lock down their information and resources in the bull's-eye

Understanding deep packet inspection (Part 2) (Eetasia.com) Based on the discussion in Part 1, it can be seen that a DPI device must fulfil a variety of functions that are best distributed over several functional units that best support the respective required function. Additionally, it must be possible to

Most Android threats would be blocked if phones ran updated OS, report says (CSO) Android 4.2 contains protection against premium rate SMS apps, but has a very low distribution rate, Juniper researchers say

SSL Labs: Deploying forward secrecy (Help Net Security) With revelations about mass surveillance in the news everywhere, an obscure feature of SSL/TLS called forward secrecy has suddenly become very interesting. So what is it, and why is it so interesting

Tiller: NS2020 will facilitate ubiquitous IP (FierceGovIT) Federal agencies should in the coming years leave behind their time division multiplexing networks in favor of ubiquitous Internet protocol, urged Frank Tiller, acting director of network services at the General Services Administration, who derided TDM as "older generation networking technology"

Ten Questions Every Business Should Ask Before Developing a Cloud Security Policy (SecurityWeek) Scott Hazdra, principal security consultant for Neohapsis, has posed some interesting questions organizations need to ask when developing a cloud security policy. Given the growing need to protect data, cloud security policy development is a crucial first step in the process, but it isn't as easy as it seems

Backgrounder: Mobile app code of conduct (FierceMobileGovernment) Origins: In February 2012, the White House directed the National Telecommunications and Information Administration to convene stakeholders to develop codes of conduct that would specify how the Consumer Privacy Bill of Rights applies in certain contexts. In June 2012, NTIA announced that the first such process would address transparency in mobile application privacy

Mobile devices call for security solutions that don't apply to the PC world (SC Magazine) Information security is an ongoing game of cat and mouse between IT organizations and hackers. The way that organizations consume and protect information changes as frequently as the methods hackers use to attack it

Marketplace

British Cyber Defenses Receive Unexpected Boost (InformationWeek) British intelligence services and cybersecurity initiatives get increased investment, even amidst brutal government cuts. iDespite recent widespread concern over the reach of their powers, especially Internet monitoring, Britain's security services scored a financial victory Wednesday concerning the next few years of government spending: Britain's intelligence services left Chancellor George Osborne's 2013 Spending Review with a 3.4% boost in funding

Takai: DoD relies heavily on commercial spectrum (FierceMobileGovernment) Everything the Defense Department does depends on wireless spectrum, DoD Chief Information Officer Teri Takai said during a June 18 panel on spectrum supply and demand hosted by the Washington Post

Oracle announces nine year collaboration with rival Salesforce (Inquirer) Will bring CRM software to its cloud while providing database and Linux support. ENTERPRISE SOFTWARE VENDOR Oracle has announced a nine year partnership with the CRM software vendor Salesforce to use Oracle Linux, Java and Oracle's cloud services

Lunarline to Provide Full Range of Cyber Security and Continuous Monitoring Support to DOT FRA (Virtual Strategy) Cyber security company, Lunarline, Inc., is pleased to announce its award of a prime contract with the Department of Transportation's (DOT) Federal Railroad Administration (FRA). The contract consists of one base year and four option years

Security Patches, Mitigations, and Software Updates

Multiple Cisco security advisories (Internet Storm Center) Cisco has today released four vulnerability advisories…Affecting Cisco ASA Next-Generation Firewall, Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance

Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory (US_CERT) Digital Alert Systems' DASDEC and Monroe Electronics' One-Net E189 Emergency Alert System (EAS) encoder/decoder (ENDEC) devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU#662676

Chrome Web Store Apps Now Automatically Scanned (Symantec) Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market

14 Vulnerabilities Fixed in Firefox 22 (Threatpost) Mozilla has fixed 14 security vulnerabilities in Firefox, including four critical flaws that could allow remote code execution. There also are six high-severity vulnerabilities fixed in Firefox 22

Cyber Attacks, Threats, and Vulnerabilities

#OpIsrael Reloaded:102 Israeli Websites Hacked by Indonesian Hacker SultanHaikal (Hack Read) A well known Indonesian hacker going with the handle of SultanHaikal has hacked and defaced 102 Israeli websites for #OpIsrael yesterday. Hacker left his team's deface page along with a message on all hacked websites, expressing his anti-Israeli views, the deface message was expressed in following words: Hacked by SultanHaika

Website of Embassy of Nepal in Israel Hacked by CapoO_TunisiAnoO (Hack Read) CapoO_TunisiAnoO, Tunisian based hardcore anti-Israeli hacker has hacked and defaced the official website of Embassy of Nepal (nepalembassy-israel.org) in Tel Aviv, Israel yesterday. The website which is hosted on an Israeli server was left with a deface page along with an anti-Israeli message, threatening Israeli government to get ready for another cyber war on 7th July 2013

Bangladesh Ministry of Social Welfare website hacked by Abu Halil501 (Hack Read) A hacker going with the handle of Abu Halil501 has hacked and defaced the official website of Department of Social Services (DSS), directly under the Bangladeshi Ministry of Social Welfare. Hacker left a deface page along with a message on the hacked ministry site, yet the reason for attacking Bangladeshi government site was not mentioned anywhere

Official NASA Domains Hacked by Ecuadorian h4x0r Team (Hack Read) National Aeronautics and Space Administration (NASA) which is gaining popularity for its poor cyber security rather then it's actual work is again under attack, this time by hackers from Ecuadorian h4x0r Team who successfully hacked and defaced two official sub-domains of the agency yesterday. The hacked sub-domains belong NASA's Virtual Wave Observatory (VWO), providing uniform and robust access

Chinese malware attack hit dozens of South Korean organizations (CSO) Over 1,000 computers were recently infected with a piece of malware used by Chinese-speaking hackers, researchers from Seculert said

PRISM 2.0: From 9 to 'thousands' of technology and finance companies (VentureBeat) When Edward Snowden leaked the news about PRISM, we thought it was just 9 U.S. companies that were sharing customers' data with the National Security Agency (NSA). Now it looks like literally thousands of technology, finance, and manufacturing firms are working with the NSA, CIA, FBI, and branches of the U.S. military

Is this PRISM 2.0? (NextGov) IThe U.S. intelligence community has been working with "thousands" of companies in key sectors of the economy to trade sensitive information on cybersecurity, including classified data, in ways that go beyond the revelations dropped by National Security Agency leaker Edward Snowden earlier this month

Opera Software Hit by 'Infrastructure Attack'; Malware Signed with Stolen Cert (SecurityWeek) Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware

HP Confirms Backdoor In StoreOnce Backup Product Line (SecurityWeek) Security response personnel at HP are "actively working on a fix" for a potentially dangerous backdoor in older versions of its StoreOnce backup product line

Facebook leaks are a lot leakier than Facebook is letting on (Naked Security) Remember last week, when Naked Security et al. told you that Facebook leaked email addresses and phone numbers for 6 million users, but that it was really kind of a modest leak, given that it's a billion-user service? OK, scratch the "modest" part

Facebook's 6-Million-User Breach A Frightening Reminder To Retailers About Data-Sharing Partner Risks (StorefrontBacktalk) Retailers who worry about data and PII security issues were reminded Friday (June 21) that they have to worry about not only about their own systems, but the security mechanisms of every data-sharing partner. And given the social media goals of most chains, the fact that it was Facebook fessing up to a 6-million-user data leak didn't help their nerves

More Questions For Facebook On Extent Of Ghost Profiles (Security Ledger) The security firm that disclosed a security hole in a Facebook feature that allows users to download their own data file says the social network giant still has questions to answer about the extent of the data breach

Stolen laptop containing info on victims, suspects, witnesses and police (Help Net Security) Some 2,300 individuals have been notified that they might become victims of identity thieves after a laptop and a personal hard drive belonging to an undercover officer of a Seattle sheriff's office

Researcher To Demo Spy-Phone At Black Hat (Dark Reading) Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users

How DDoS Attackers Turn Mitigation Devices Against You (Sacramento Bee) Backscatter from mitigation devices can cause collateral damage in SYN reflection attacks. Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, today shared information on a popular cyber attack technique, SYN reflection attacks, which can leverage the defense mechanisms of DDoS mitigation devices to increase the strength of the attacks

The Risk with Content Management Systems (Symantec) The federal Office for Information Security in Germany (BSI) together with the "Fraunhofer SIT" and "]init[ AG" released a study on the risk with common content management systems (CMS) for websites. A CMS is typically used to administrate websites and helps to update text and other content in a simple way, making this task doable for non-IT professionals. Unfortunately, it is also often a focus point for attackers who attempt to gain access to the Web server. When an attacker controls the CMS, it is possible for them to modify the website. In the past, many websites have been compromised through vulnerabilities in un-patched CMS and were then turned into drive-by download sites by inserting malicious iFrames into the content. For example, you might remember the Lizamoon case last year that resulted in a few hundred thousand websites being compromised by an SQL injection attack

US CERT: Default passwords make IT systems easy pickings for hackers (FierceGovIT) A new government alert warns computer and mobile device users about the risks of continuing to use default passwords. The warning by the U.S. Computer Emergency Readiness Team notes that hackers can easily attack connected systems such as embedded systems, devices and appliances, through their often publically available factory default passwords

Academia

Symantec Launches Growing Up Digital Initiative in Victorian Schools (WhaTech) Symantec Corp. (Nasdaq: SYMC) in partnership with Cyber Safe Kids, Common Sense Media (CSM) and the Victorian Department of Education and Early Childhood Development today launched a pilot digital citizenship initiative Growing Up Digital for

Litigation, Investigation, and Enforcement

Pulling a Snowden in China: Human rights lawyer demands surveillance info (Quartz) Inspired by NSA whistleblower Edward Snowden and his revelations about US spying operations, a Chinese human rights lawyer has sent a public letter (Chinese original) to China's Ministry of Public Security asking for full disclosure of the government surveillance on its citizens

Spanish judge Baltasar Garzon says his legal team won't represent NSA leaker Edward Snowden (Washington Post) Spanish judge Baltasar Garzon says he won't represent fugitive National Security Agency leaker Edward Snowden. In a statement Wednesday, Garzon said his legal firm had decided not to take on Snowden's case but gave no explanation

Ecuador Hints At Slow Process On Snowden Asylum (New York Times) Ecuador signaled on Wednesday that it may deliberate slowly on the asylum application from Edward J. Snowden, the fugitive former security contractor wanted in the United States, raising the possibility that he could spend weeks in legal limbo as he plots his next steps inside a Moscow airport transit area

In 2009, Ed Snowden said leakers "should be shot." Then he became one (Ars Technica) In Internet chat, Snowden opined on travel, short-selling--and national security. Ed Snowden was 23 years old when he moved to Geneva in 2007. Soon after arriving, he was looking for a taste of home

Breach: U.S. officials: China, Russia gained access to Snowden's secrets (Free Beacon) Intelligence agencies in China and Russia gained access to highly classified U.S. intelligence and military information contained on electronic media held by renegade former National Security Agency (NSA) contractor Edward Snowden, according to U.S. officials

State Department Cables Were Unprotected, Witness In Bradley Manning Trial Testifies (Huffington Post) They specify in intense detail, down to the vodka brand, the United States' observations of foreign powers. But the State Department took few steps to protect its classified diplomatic cables once they were handed over to the military, its former Chief Technology Officer Charlie Wisecarver testified in Bradley Manning's trial on Wednesday

WikiLeaks Volunteer Was a Paid Informant for the FBI (Wired) Sigurdur "Siggi" Thordarson served two masters, working for the secret-spilling website and simultaneously spilling its secrets to the U.S. government in exchange for $5,000

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Resilience Week 2013 (San Francisco, California, USA, August 13 - 15, 2013) The 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.

Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National Cybersecurity Education Interstate Highway".

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.

NASA National Capital Region Industry Days (Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.

ShakaCon (Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).

Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, June 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.

American Technology Awards Technology and Government Dinner (Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.

QUESTnet 2013 Conference (Gold Coast, Queensland, Australia, July 2 - 5, 2013) Queensland Education, Science and Technology Network (QUESTnet) is the Queensland regional component of the Australian Academic and Research Network (AARNet). The QUESTnet conference is an annual event aimed at ICT professionals who work closely with network technologies. A key focus of the event is to provide an opportunity for delegates to develop their professional and technical knowledge and to gain an appreciation of key strategic issues underpinning the development, deployment and maintenance of national and international telecommunications networks. The theme for this year's conference is "Clouds: In our way or enabling change?" The sub theme is "Adopting and Adapting to a new paradigm for supporting Research and Education".

Digital Forensics and Incident Response Summit (Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.

London Summer 2013 (London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.

GovConnects Business Breakfast: "Secured Space." What It Is - Who Has It - Who Needs It (UMUC, Dorsey Station, Elkridge, July 10, 2013) With today's Cyber threats, all businesses, institutions and the general public are at risk as never before. Learn about the lastest technologies, measures and solutions being used today and into tomorrow to protect your intellectual property.

3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.

cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.

Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.

2013 World Comp (Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

The CyberWire Daily Briefing for 6.27.2013