The CyberWire Daily Briefing for 7.10.2013
McAfee attributes Operation Troy to two hacking groups, but demurely stops short of calling it a state-sponsored campaign against South Korean and US targets. The long-running cyber espionage effort (formerly called "Dark Seoul") teaches at least two lessons: the likelihood of distributed-denial-of-service attacks covering spy operations, and the extent to which apparent hacktivists can be sock puppets for intelligence services.
Al Arabiya has been under nuisance cyber attack since Egypt's coup d'état. Konami suffers login attacks similar to those affecting Nintendo. Some fairly obvious spam makes itself obnoxious but does little serious damage. Hackers compromise personal data in Michigan and California. Sloppy practices at the IRS expose tens of thousands of social security numbers.
British officials are unusually forthcoming with information concerning cyber attacks thwarted during last year's London Olympics. HM Government credits effective electronic surveillance with fending off the attacks.
Bitdefender warns that many free iOS and Android apps amount to spyware.
Apache, Adobe, and Microsoft all published security patches this week.
US Emergency Alert System vulnerabilities (which, by the way, may have been responsible for the notorious "zombie apocalypse" broadcast earlier this year) point out the extensive attack surface network devices present.
In industry news, US hosting firms continue to see customers shy away in fear of PRISM. Swiss and Dutch companies are among the beneficiaries of incipient customer flight.
As Edward Snowden figures out how to reach Venezuela, Latin American countries complain of NSA surveillance. Sino-American negotiations open this week with US complaints of cyber industrial espionage.
Today's issue includes events affecting Bosnia, Brazil, China, Costa Rica, Croatia, Egypt, European Union, Macedonia, Netherlands, Pakistan, Philippines, Russia, Serbia, Slovenia, Switzerland, United Kingdom, United States, and and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Cyberspies Posing As Hacktivists Waged Cyberattacks To Steal South Korean, U.S. Military Intel (Dark Seoul) Attackers long have used distributed denial-of-service (DDoS) attacks as cover for more nefarious hacking activity. But turns out the recent high-profile DDoS and data destruction attacks on major South Korean banks, media outlets, and other entities was also a glaring example of such subterfuge, as cyberespionage actors posed as hacktivists knocking websites offline and wiping hard drives--while in the background quietly stealing military secrets about South Korea and the U.S
Dissecting Operation Troy: Cyberespionage in South Korea (McAfee) South Korea was hit by a major cyberattack on March 20, 2013, at 2:00 pm local time. This cyberattack caused a significant amount of damage to the affected organizations by wiping the hard drives of tens of thousands of computers. McAfee Labs research provides further insight into the likely source of these attacks. Though not definitive, our analysis provides a much clearer picture. The research also indicates that there may have been two distinct groups, attacking different targets
Al Arabiya under cyber attack since Egyptian president's ouster (Al-Arabiya) Al Arabiya under cyber attack since Egyptian president's ouster. The attacks are aimed at slowing down publication of articles, downloading of pages and videos, and browsing speed at Al Arabiya websites
Cybercriminals spamvertise tens of thousands of fake 'Your Booking Reservation at Westminster Hotel' themed emails, serve malware (Webroot Threat Blog) Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they've received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the campaign
Konami follows Nintendo as victim of illicit login attacks in Japan (CSO) The game company said accounts containing private data including addresses and phone numbers were accessed by attackers
"Google account hacked" text scam puzzles researchers (Help Net Security) A curious spamming campaign continues to target Google users via their mobile phones, and researchers still don't know what it actually does. First spotted back in March, bogus Google messages warn potential victims that their account has been hacked and asks them to send a message to that number when they are ready to verify their accounts
Data of 50K Michigan residents compromised after website hack (SC Magazine) A website hack led to the exposure of sensitive files of tens of thousands of people in Michigan
IRS exposed 'tens of thousands' of Social Security numbers in online slip-up (Daily News) The sensitive information was online for less than 24 hours, but the mistake is, nevertheless, another black eye for the beleaguered tax agency
'Priyanka' yanks your WhatsApp contact chain on Android mobes (The Register) If that really is your name, nobody wants to know you right now. A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesn't cause much harm
Can Your Car's Computer Be Hacked By Terrorists? (Cheap Car Insurance) Cars have become rolling computers, with enough computing power to run the engine, brakes and play music and give you directions
California Bureau of Automotive Repair Admits Security Breach (eSecurity Planet) Smog check stations' bank account information may have been accessed. The California Bureau of Automotive Repair recently began notifying several California smog check station owners that their bank account numbers and bank routing numbers may have been accessed by an unauthorized individual
Morningstar Provides (some) Information About Breach (Infosecurity Magazine) Morningstar Inc, an investment research firm, has disclosed a breach that compromised 2300 credit card details and possibly 182,000 user names and passwords; but the company has provided little additional information
Government reveals cyber-attack alarm leading up to London Olympics (Infosecurity Magazine) When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the
Could a terrorist cyber attack set off World War 3? (Mirror.co.uk) That is the terrifying question faced by the West's intelligence agencies every day, and it was thrown into sharp relief by yesterday's revelation that Islamist terrorists attempted a cyber attack on the London Olympics. They planned to disrupt the
Did brainless flaw in US Emergency Alert System lead to epic zombie attack warning? (Naked Security) Emergency broadcast systems come packed with vulnerabilities, the most severe of which is the public disclosure of the default private root SSH key, a security firm has disclosed. Such flaws well may have been at the heart of a warning about the zombie apocalypse that proved, at the very best, to
No wonder China is worried about Android--the NSA helped write its source code (Quartz) Google's Android smartphone operating system uses source code contributed by the US National Security Agency. Especially in the post-Edward Snowden era, that's a red flag for Beijing, and helps to explains why China has been so eager to encourage the growth of non-Android smartphones within its borders
Google Android Vs. Apple iOS: The Mobile App Privacy War (Dark Reading) Using their Clueful app, researchers at BitDefender examined how apps for Android and Apple's iOS treated private data such as location information and contact lists. What they found may seem startling - of the 207,843 free applications for iOS
Free apps dubbed the "modern equivalent of spyware" (ITProPortal) Internet security firm Bitdefender has warned that the advertising framework used by free mobile apps is turning the software into the "modern equivalent of spyware" that can monitor users throughout the day. The company made the conclusion after
Who's Behind The Styx-Crypt Exploit Pack? (Krebs on Security) Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I'll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service
McAfee notes examples of organized cyber criminal services (SC Magazine) An interested consumer of cyber crime is not that different than, say, someone who wants to build a pool in their backyard. Rather than dig the hole themselves and fill it with water and chlorine, it's much easier to hire someone to do the work for them
What will it take to get you into a nice exploit kit? (FierceITSecurity) Cybercriminals are no longer lurking in the Internet shadows and hawking their wares in underground forums. They have come out in the open, advertising their exploit kits as "stress-test platforms," observed security researcher Brian Krebs on his Krebs on Security blog
Security Patches, Mitigations, and Software Updates
Denial of Service Vulnerabilities Patched in Apache CXF (Threatpost) Apache has patched a denial of service vulnerability in the Apache CXF framework
Adobe, Microsoft Release Critical Updates (Krebs on Security) Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks
Adobe Security Bulletins Posted (Adobe PSIRT Blog) Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com. Today, we released the following Security Bulletins
Microsoft Security Bulletin Summary for July 2013 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack (TrendMicro CTO Insights) [Video at the link]
Microsoft's new app security rules dubbed a paper tiger (CSO) One analyst said he believes giving developers six months to fix an app, so as to not scare away developers, is excessive
Cyber attacks hit 68% of Brazilian, Mexican firms - Kaspersky (Business News Americas) The business development service focuses on major projects, active companies, such as Kaspersky Lab; and business and sales contacts, providing networking opportunities with leading executives throughout Latin America. Tweet. To continue reading, take
More needs to be done to protect network devices (FierceCIO: TechWatch) Network devices are increasingly coming under attack, as the U.S. Emergency Alert System was found this week to be vulnerable to hijacking by remote attackers. In this case, application servers used to receive the emergency broadcast messages could be accessed by unauthorized users over the Internet--the result of improper SSH encryption key management--which inadvertently exposed it to the public
Searching for health info online? Beware of tracking (FierceHealthIT) There's yet another health privacy threat to worry about--health websites--as they share user search terms for advertising purposes, according to an article published online this week in JAMA Internal Medicine
Security dangers in big data mining (FierceBigData) The only time security is at the forefront in a big data project appears to be when the project is about security. Otherwise, security is most often an afterthought or done poorly. On the security front, big data projects are proving incredibly advantageous for security organizations, such as the NSA, and protection industries, such as the anti-virus, anti-malware producers. An example of how well these types of projects have done to affect security can be found in an eWeek article describing the big data visualizations from Japan's National Institute of Information and Communications Technology and its Daedalus Cyber-attack alert system
Mobile devices, cloud computing: What healthcare CIOs fear most (FierceMobileHealthCare) Although mobile apps that share files through the cloud are gaining in popularity in the consumer market, these apps can be unsafe in a clinical setting according to a recent study by the Ponemon Institute
Europe Wants To Put $32B Into Reviving Its Hardware And Electronics Industries (TechCrunch) Europe has been focusing for a while on trying to revive its flagging hardware and manufacturing industries, and today the European Commission decided to put its money where its mouth is. It's proposing a new investment package worth ?25 billion ($32 billion) over the next seven years to drive more production and innovation in the areas of electronic components and systems design, including
Study: Bug bounty programs provide strong value for vendors (CSO) A study of Google's and Mozilla's browser bug programs shows it is money well spent
There's a 'giant market' for cyber-security firms (Louisville Biz Blog) In terms of tech, cyber security is the field to be in. At least, that's according to Joey Rivera, president of Sellersburg, Ind.-based Rivera Consulting Group
Secunia and VLC Get into Argument over Vulnerability (Softpedia) Secunia has decided to stop all collaboration with VLC and publish all VLC vulnerabilities as soon as they're found. The decision comes after the two sides got into an argument over the details of a vulnerability. According to Secunia, security researcher Kaveh Ghaemmaghami has identified a vulnerability in VLC 2.0.4 and has published its details on the Full Disclosure mailing list. He believed the vulnerability was a buffer overflow issue when parsing SWF files
Dell buyout drama far from over (FierceFinance) So is Michael Dell inching closer to winning over shareholders in his bid to take his company private? He would appear to have some momentum. Following the news that Institutional Shareholder Services (ISS) had thrown his heft behind the founder's offer, two other proxy advisory firms did so as well. Glass Lewis and Egan Jones publically stated their support of the deal, advising shareholders to vote in favor of it at the July 18 special vote
Sprint completes Clearwire acquisition after a long, bumpy road (VentureBeat) Major wireless carrier Sprint has finally completed its acquisition of wireless high speed provider Clearwire, the company announced today
Equifax acquires TrustedID (Help Net Security) Equifax has acquired TrustedID, which will become part of Equifax Personal Solutions, Equifax's direct-to-consumer business unit offering credit monitoring and identity protection solutions
Spying could undermine European trust in U.S. cloud firms, warns EU official (FierceITSecurity) Allegations of widespread U.S. government surveillance could undermine trust that European firms and organizations have in U.S. cloud providers, resulting in the loss of billions of dollars for U.S. firms, warned Neelie Kroes, vice president of the European Commission
PRISM Sends Swiss Hosting Companies a Windfall (Infosecurity Magazine) In the wake of the Operation PRISM revelations, some are saying that they're benefitting from corporate privacy fears. Swiss data hosting company Artmotion says that it has witnessed 45% growth in revenue since the US surveillance program was exposed
The Netherlands — land of data centers (LeaseWeb) When you would ask an average EU citizen how the Internet works and where most websites and cloud services are hosted, most people will mention the U.S. as the main source of Internet technologies and services. And when you would ask an EU politician about the Internet, his or her first emerging thought would be a concern about taps, privacy, or cybercrime
Lynn Martin Appointed VMware Public Sector Group Head (GovConWire) Lynn Martin, who joined VMware (NYSE: VMW) last year, has been appointed vice president of the U.S. public sector group. Martin will oversee a team responsible for helping federal, state, local and education customers adopt cloud computing and virtualization technology, VMware said Monday
Products, Services, and Solutions
Super-scalable LDAP directory driven by big data (Help Net Security) Radiant Logic announced a commercial solution for distributed storage and processing for enterprise identity management. Based on Hadoop, this new highly-available version of the LDAP directory
Audit privileged access to Microsoft Online Services (Help Net Security) Xceedium announced Xsuite will include protection for Office 365, Exchange, Lync, and SharePoint. The additional protection for Microsoft online services complements Xsuite's existing hybrid-cloud security
SafeNet offers new cryptographic hypervisor for cloud migration (Infosecurity Magazine) Ushering in what it calls a "new era of elastic encryption", Maryland-based SafeNet has announced it is now offering what it believes is the world's first crypto hypervisor for multi-tenant, high-assurance key vaulting for cloud migration
Watchful's Advanced Information Protection Suite Is Integral in Three-Way Global Alliance to Protect Critical SAP-Based Information (Wall Street Journal) Watchful Software, a leading provider of data-centric information security solutions, will feature live demonstrations of its award-winning cybersecurity technologies at the Microsoft Worldwide Partner Conference (WPC) 2013 this week, July 8-11. The company will showcase how RightsWATCH and TypeWATCH prevent sensitive data from being disclosed inadvertently and unauthorized users from accessing your systems. Watchful Software is also announcing a global collaboration with SECUDE and Foxit Corporation to offer enterprises running on SAP a powerful end-to-end approach to protect business critical information regardless of its form or location
Kaspersky Lab Kaspersky Security 10 for Mobile v10 (SC Magazine) Coupled with excellent support and documentation, the product fits perfectly into its target market space of small to midsized businesses
Technologies, Techniques, and Standards
Controlling The Big 7 (Dark Reading) With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
How to Make Your Sandbox Smarter (RSA) Sandboxes are a great tool with two primary uses: A tool to assist malware analyst during their analysis and A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident
Relying on Threat Actor Behavior Profiles Alone is a Great Way to get an Unwelcomed Outcome… (SecurityWeek) Over the past year, the buzz around tracking threat actors has been growing and in my opinion hitting the height of the hype cycle. I have had many conversations and debates with friends, colleagues and customers around what the industry is trying to accomplish by associating activity back to a specific cyber threat actor or actor group. I will share these thoughts and perspectives, but prior let us look at where the use of "threat actors" with reference to cyber originated
What Unix can teach you about big data (IT World) Big data may be a tech buzzword of the moment, but Unix admins who need to hunt through logs to figure out what's going with their systems have been grappling with huge data sets for decades. Here are tips on command-line tools and techniques that can make sense of seemingly overwhelming data sets
Preventing Data Theft from Lost or Stolen Devices on Vacation (Kaspersky Labs) If there's one group of people who love vacation more than the vacationers themselves, its thieves. Tourists and travelers have always made easy marks for criminals, but now that everyone has — and travels with — smartphones and tablets, they are even more lucrative targets
Selecting a cloud provider starts with exit planning (Help Net Security) Let's begin with a story: The first day of the new week started very ordinarily and nothing indicated this was going to be a very long and tiring day for Sarah, a CIO of a large HR agency "Jobs Are Us". After she finished her breakfast, she headed to the office to attend the CEO staff meeting at 9am. Such meetings have been stifling, almost bordering on boring, but that was not going to repeat itself today
Identity and access management tips for proactive compliance (Help Net Security) N8 Identity announced eight tips for proactive compliance through identity and access management (IAM) best practices. These tips offer advice to organizations seeking to achieve continuous compliance
How cryptography is a key weapon in the fight against empire states (The Guardian) The original cypherpunks were mostly Californian libertarians. I was from a different tradition but we all sought to protect individual freedom from state tyranny. Cryptography was our secret weapon. It has been forgotten how subversive this was
Why data encryption may not always help (FierceCIO: TechWatch) The use of encryption has long been hailed as a way for businesses to secure their data for use in risky locations, such as in the cloud and elsewhere. While encrypting data is definitely better than not encrypting it, companies need to know that encryption doesn't magically make it invulnerable
NIST Seeks Guidance on Incident Response and Forensics (Threatpost) The federal government is looking for some help in figuring out how to respond to security incidents. As attacks continue to escalate against both government agencies and private enterprises, NIST is developing a set of standards for best practices in incident response and computer forensics
Below The Application: The High Risk Of Low-Level Threats (Dark Reading) In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense. In all of the publicity around application attacks, cloud security and virtualization, many experts in the security field have let lower-level, more direct system attacks fall by the wayside. While there may be a reason to relax a little, given the huge leaps forward in network and computer system security, there are many good reasons to continue to pay special attention to these types of attacks
In the Public Cloud Era, Is Your Organization Keeping its Data out of Harm's Way? (SecurityWeek) In the era of the public cloud, when employees (aka insiders) are frequently using consumerized applications such as Dropbox, Box and Google Drive to share and store data, security and risk professionals are at a tipping point. It is time for them to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself
Design and Innovation
Qualcomm: We need more standards to unlock the potential of "digital sixth sense" (VentureBeat) Our smartphones and tablets are filled with a slew of sensors -- things like gyroscopes, light sensors, and GPS -- but for the most part, they're all treated differently within every mobile platform. That makes it tough for developers to utilize those sensors, compared to standards-driven technology like Bluetooth
Watch Out For The Balkans (TechCrunch) We're fifty kilometers outside of Ljubljana, Slovenia, in Bled Castle, overlooking a clear blue mountain lake, a set of gilded clouds scudding overhead and the sun is shining bright over miles of untrammeled forests. On the water below tiny swimmers look as if they're floating in thin air, arms and legs swinging, making ripples in something invisible
Research and Development
Preparing For Possible Future Crypto Attacks (Dark Reading) Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
Documents Reveal How the NSA Cracked the Kryptos Sculpture Years Before the CIA (Wired) It took more than eight years for a CIA analyst and a California computer scientist to crack three of the four coded messages on the CIA's famed Kryptos sculpture in the late '90s. Little did either of them know it
Google patent: Background noise from phone calls could be used to target ads (GeekWire) You're attending a baseball game and call Google's 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google's system analyzes the background noise, takes into account your location, determines that you're at a ballgame and delivers related ads or links to your phone with sports scores and news
$3000 cyber security course for free (Whatech) IT Masters and Charles Sturt University are offering, free, a six week online course designed to prepare students for the Certified Information Systems Security Professional (CISSP) Security Certification that is comparable to other online courses that can cost up to $3800
Maryland Cyber Challenge opens for 'aspiring cyber warriors' (MDBiz News) Teams must then pass two qualifying rounds conducted online by SAIC's Cyber Network Exercise System. In conjunction with the CyberMaryland2013 Conference
Filipino wins in Kaspersky Lab contest (Rappler) A student from the University of the Philippines Diliman wowed the judges of Kaspersky Lab's international youth competition, "Cyber Security for the Next Generation (CSNG) 2013" held in London last June
Imperial College, Huawei team to develop new big data technologies (FierceBigData) The London-based Imperial College and China-based telecom supplier Huawei inked a deal to develop a new big data R&D center at the old BBC site in London, reports ComputerWeekly
Legislation, Policy, and Regulation
Snowden's Leaks Puts National Security Agency In A Bind (NPR) It's been four weeks since Edward Snowden leaked secrets about government surveillance. On Monday, The Guardian newspaper released more of an interview with Snowden. His actions have stirred up a lots of issues for the National Security Agency
Five things Snowden leaks revealed about NSA's original warrantless wiretaps (Ars Technica) Looking through call records? It was actually the telcos' idea
5 stubborn leak myths (Politico) The continuing saga of former National Security Agency contractor Edward Snowden -- along with revelations of aggressive Justice Department prying into reporting by The Associated Press and Fox News -- has resulted in a string of congressional hearings
Comey defends surveillance programs but says he's open to more transparency (Washington Post) James B. Comey, President Obama's nominee to be director of the FBI, defended the National Security Agency's surveillance programs Tuesday as a critical tool for counterterrorism but said he would be open to more transparency with the secret court that
Privacy advocates call on government to rein in NSA (PCWorld) A U.S. government board focused on privacy and civil rights should push Congress to rein in the National Security Agency's mass collection of telephone records and Internet communications, privacy advocates said Tuesday. The U.S. Privacy and Civil
NSA ''spied' on most Latin American nations: Brazil paper (Reuters) The U.S. National Security Agency has targeted most Latin American countries in its spying programs, with Colombia, Venezuela, Brazil and Mexico ranking among those of highest priority for the U.S. intelligence agency, a leading
Costa Rica named among the countries spied on by US National Security Agency (Tico Times) Ticos woke up Tuesday morning to news that the "Switzerland of the Americas" has been the target of electronic surveillance by the United States National Security Agency. Costa Rican leaders responded to allegations later in the afternoon from the
US Government, Industry Fed up with Chinese Cyber Theft; What's Being Done? (PBS) For the first time ever, it's on the agenda at a biannual meeting of U.S. and China leaders this week in Washington. Those talks come amid suspicion that China is stealing intellectual property by hacking into computer networks of U.S. companies
Parliament and Civil Liberties Respond to NSA Surveillance (Infosecurity Magazine) While national executives, including the EU's executive (the European Commission) seem intent on downplaying the impact of the NSA's PRISM program (possibly because there is increasing evidence that the majority of larger European states are either involved with the NSA or have their own 'prism projects'), parliamentarians and civil liberties groups are being more proactive
IAEA Member Countries Facing Cyber Threats, Agency should do more, Says Iran (SPAMFighter) Iran has indicated to IAEA (International Atomic Energy Agency) a world establishment, which caters to maintaining nuclear energy usage in a peaceful manner, to do more for tackling cyber assault threats lurking on nuclear plants installed in countries that are members of the agency, published tehrantimes.com in news on July 2, 2013
Iranian PRISM revealed (Cyberwarzone) Yes - you are reading it right. Iran has its own PRISM program that allows the Iranian government to track each step that is made in the Iranian domain but it is not limited to the Iranian domain
FTC "Reclaim Your Name" proposal would give consumers power over data brokers (FierceBigData) Recently, big data became a household name when the NSA's use of it sparked a huge conversation over consumer privacy
Network neutrality key to health information exchange (FierceHealthIT) Network neutrality is central to planning for health information exchange, and potential regulation has implications for healthcare providers that use or provide services, according to research published at the Journal of the American Medical Informatics Association
Commission report wants action against agencies, ISI (International News) The Abbottabad Commission report has strongly criticised Pakistan's intelligence agencies for their failure in detecting Osama bin Laden (OBL) in the country for nine years, urging the political leadership to institute a mechanism for proper accountability of the agencies including the premier intelligence agency ISI
Litigation, Investigation, and Law Enforcement
Snowden Seen as Whistle-Blower by Majority in New Poll (Bloomberg) A majority of U.S. registered voters consider Edward Snowden a whistle-blower, not a traitor, and a plurality says government anti-terrorism efforts have gone too far in restricting civil liberties, a poll released today shows
Snowden Agrees to Asylum in Venezuela: Top Lawmaker (SecurityWeek) Fugitive US intelligence leaker Edward Snowden, who has been holed up in a Moscow airport for more than two weeks, has agreed to an offer of asylum from Venezuela, a top Russian lawmaker said on Twitter on Tuesday before removing the post
Facebook troll jailed over threat to kill US schoolchildren (The Guardian) Briton Reece Elliott sentenced to 28 months for messages that resulted in lockdown of schools in Warren County, Tennessee
Judge Orders U.S. to Release Aaron Swartz's Secret Service File (Wired) A federal judge in Washington, D.C. on Friday ordered the government to promptly start releasing thousands of pages of Secret Service documents about the late activist and coder Aaron Swartz, following months of roadblocks and delays
Witness: No Harm To US From Leaked Gitmo Files (Yahoo.com) Secret threat assessments of Guantanamo Bay detainees that Pfc. Bradley Manning gave to WikiLeaks did not harm national security, a former chief prosecutor at the U.S. detention facility in Cuba testified Tuesday
Finjan Holdings Subsidiary Files Patent Infringement Lawsuit Against FireEye (Dark Reading) Complaint alleges infringement of Finjan patents relating to endpoint, Web, and network security technologies
For a complete running list of events, please visit the Event Tracker.
Cancellation: Cybergamut Tech Tuesday, July 16 (Columbia, Maryland, USA, Jul 16, 2013) Next week's Tech Tuesday has been cancelled due to unforeseen circumstances.
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
cybergamut Technical Tuesday: A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project.
cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, Sep 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With modern technology and tools, it's now possible for junior security analysts to gather detailed malware indicators to craft defense and alert signatures. More enticing, all of this can be done with free tools and applications, some written by this presenter.
Digital Forensics and Incident Response Summit (Austin, Texas, USA, Jul 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.
London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.
GovConnects Business Breakfast: "Secured Space." What It Is - Who Has It - Who Needs It (UMUC, Dorsey Station, Elkridge, Jul 10, 2013) With today's Cyber threats, all businesses, institutions and the general public are at risk as never before. Learn about the lastest technologies, measures and solutions being used today and into tomorrow to protect your intellectual property.
3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.
cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.
Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.