The CyberWire Daily Briefing for 7.16.2013
"Dark Seoul" didn't look like hacktivism or simple crime, and now the Republic of Korea has attributed the campaign to North Korea.
An email-based targeted attack probes Asian and European governments. Mounted from a Gmail account, it purports to be from the Chinese military; this is almost surely a false flag.
A new Android Master Key attack is found in the wild: it exploits Android's method of reading APK files to modify legitimate apps with malware.
Researcher Krzysztof Kotowicz reports that Amazon's 1Button browser add-on leaks user data in plain text. McAfee's ePolicy Orchestrator is vulnerable to exploitation (McAfee offers mitigation).
Dark Reading publishes a useful rundown of vulnerabilities in content management platforms. The landrush into disused Yahoo! accounts is on—analysts warn users of identity theft risk. Facebook's Graph Search is coming, and with it more identity exposure.
The cyber criminal black market's upscale offerings expand. The New York Times reports one criminal vendor charges $100k for an annual subscription, with additional fees for individual zero-days. One iOS zero-day seems to have gone for $500k. Insurance dossiers sell for about $1k.
Lloyd's finds cyber threats have risen to third place on its list of business risks. Companies fear insiders more than criminals. (What does this say about corporate culture?)
Start-ups develop privacy tools against government snooping. In-Q-Tel bankrolls HyTrust's insider threat protection.
Britain's GCHQ gets poor marks on internal oversight. Germany takes a tough line on data privacy. Russia's Putin calls Snowden an unwanted "Christmas present" from the US.
Today's issue includes events affecting China, Ecuador, European Union, Germany, Japan, Kenya, Republic of Korea, Democratic People's Republic of Korea, Russia, Taiwan, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
North Korea 'behind cyber attack' on South websites (BBC News) South Korea believes North Korea was behind cyber attacks against several websites last month, officials say. The attacks, which took place on the anniversary of the Korean War, hit the presidential office website, and several other official and media
Cyber War In The Korean Peninsula (Cyberwarzone) Over the past four years South Korea has been subjected to a growing number of Cyber War attacks, some of them quite damaging. In the last few months several teams of security researchers have concluded that nearly all these attacks were the work of one group of 10-50 people called DarkSeoul
Targeted Attacks Hit Asian, European Government Agencies (TrendLabs Security Intelligence Blog) Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name
Second Android Master Key Attack Surfaces (Threatpost) A second Android Master Key attack has been reported that takes advantage of the vulnerability in the way Android reads APK files, enabling hackers to modify signed legitimate apps with malware
Amazon 1Button Browser Add-on Leaks Data in Plain Text (Threatpost) Amazon 1Button, a browser add-on that provides users with easy access to the Amazon online marketplace, is leaking private information like a sieve, according to a security researcher
McAfee ePolicy Orchestrator exploitation tool (Help Net Security) US-CERT's latest advisory focuses on an exploit tool for McAfee ePolicy Orchestrator. The tool targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In order to exploit these vulnerabilities
Malware Using Mandiant Name In Scareware Scam, Company Says (CRN) Mandiant, the company responsible for connecting China to a string of lengthy targeted campaigns against U.S. companies, said it has been notified of a scareware campaign that attempts to extort money from victims
The PlugX malware factory revisited: introducing "Smoaler" (Naked Security) Popular SophosLabs writer Gabor Szappanos is back with more insights into the Tibetan-themed Advanced Persistent Threat (APT) scene. This time, he looks at Smoaler, a new cousin of the PlugX family that starts off like what we've seen before, before branching off in new ways
Mac Malware Uses Right-to-Left Override Technique to Disguise Executables (SecurityWeek) Researchers at F-Secure have spotted a malware attack using a trick commonly associated with Windows malware to go after Mac users
WordPress, Other CMS Platforms Give Attackers Room For Creativity (Dark Reading) The recent news about the role WordPress played in a pair of New York Times breaches and a string of other compromises has refocused the spotlight on how content management systems (CMS) offer attackers fertile ground for sowing the seeds of criminal intrigue online
Yahoo's ID Land Rush Begins Today With Updated Security Measures (Wired) Yahoo is set to recycle unused YahooIDs today, as well as the email addresses associated with them. The company is implementing some new security measures to try to prevent instances of identity fraud with a new email header that attempts
The Ghost of Yahoo! Accounts Past (Fearless Web) Could your Yahoo! account be up for grabs? Yahoo! recently announced that it will make inactive Yahoo! accounts available for the public. Starting today July 15, anyone can grab Yahoo! IDs that have been unused for the past 12 months
Verizon Hack Turns Femtocells into Mobile Spy Stations (Inforsecurity Magazine) Femtocells are nice-to-have mini-cells that boost cellular coverage indoors, to prevent consumers from going down to one, slow bar inside a house or store. Verizon Wireless offers femtocells for home use, but it turns out they can do more than supercharge one's 3G - the $250 gadgets can also be turned into mobile spy stations
New OS X malware holds Macs for ransom, demands $300 fine to the FBI for 'viewing or distributing' porn (The Next Web) A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users
Crooks hack into export company's email ids, dupe client of $31,000 (Times of India) A leading export house in the city has approached the cyber cell of Delhi Police after some unidentified crooks hacked into the company's email ids and duped their clients by sending them mails on their behalf. The crooks have even managed to get $31,000 from one of its clients
Dell SecureWorks Reports Hackers Selling Health Insurance Dossiers (Dark Reading) Earlier this year, Dell SecureWorks' Incident Response Team was called into a large healthcare company to investigate a possible cyber intrusion
Zero-day exploit in Apple's iOS operating system "sold for $500000" (Graham Cluley Security News) One of the most eyecatching claims of the article is that a highly-coveted zero-day exploit in iOS (the operating system used on iPhones and iPads) sold for $500,000, according to two unnamed people that reporters spoke to. It's easy to imagine how
Black market for software security flaws reaches new highs (ComputerWeekly) The black market in previously undiscovered vulnerabilities in commercial software is now so established, the average flaw sells for up to $160,000. One supplier of such so-called "zero-day" vulnerabilities charges customers an annual $100,000 subscription fee, and then further charges per sale, according to the New York Times (NYT)
FBI Agents Find Texas County's Personnel Files in Vietnam (eSecurity Planet) 16,000 current and former Harris County employees' names, birthdates and Social Security numbers were exposed
Texas Health Harris Methodist Hospital Acknowledges Data Breach (eSecurity Planet) Sheets of microfiche containing patient data were found in a park and other public areas in May 2013. Texas Health Harris Methodist Hospital Fort Worth recently began notifying patients who were seen between 1980 and 1990 that sheets of microfiche containing patient data, which had been given to document shredding vendor Shred-it to destroy, were found in a park in May 2013
Online Accounts of Jersey Shore Actors Highjacked by Hackers of TeamHype (Softpedia) Over the past days, the actors of the Jersey Shore TV series mentioned on Twitter that their online accounts were hacked. However, they haven't provided many details
The New Facebook Graph Search: How You're Helping Hackers Gather Information (infosec island) Over the next several weeks, Facebook will begin rolling out a large change in the way you search for information through their platform, starting with users that have their language set to U.S. English. When this feature is enabled on your profile, Facebook will notify you on your profile page and you will see the new Graph Search by looking at the top left side of your Facebook profile (Figure 1). You will see a search area called "Search for people, places and things"
Homeland Security: Recent cyber attacks hacked into energy networks (FuelFix) A series of recent cyber attacks used basic tools to break into power company networks and threaten their automated systems, according to a memo sent by the Department of Homeland Security
Cyber thieves tricking hotel WiFi users (Cyberwarzone) Travelers love to stay connected, even it means logging on during summer vacation. But there's a problem security experts say could pop up during a hotel stay
Security Patches, Mitigations, and Software Updates
Problems with MS13-057 (Internet Storm Center) Inforworld is reporting that the WMV codec patch included in MS13-057 causes a number of video related applications to show partially blank screens. The applications include Techsmith Camtasia, Adobe Premiere Pro CS6 and others
Master Key Bug Patch — Webroot SecureAnywhere Mobile Update on Google Play Now (Webroot Threat Blog) Last Friday we blogged about the radical Android OS bug 8219321, better known as the "Master Key" bug, which was reported by Bluebox Security. Check out last weeks blog if you haven't already: "The implications are huge!" – The Master Key Bug. We mentioned how we have been diligently working on protecting those not yet covered by patches or updates, and finding a solution for older devices as well. We are happy to report we have the solution! The newest version of Webroot SecureAnywhere Mobile with a patch for the "Master Key" bug can be found on the Google Play store now: Webroot SecureAnywhere Mobile
Android mega flaw fixed but phones remain vulnerable (CSO) Handset makers are slow to push fix to users, and fragmentation is not helping in the enterprise
Why privacy regulators are ineffective: an anthropologist's view (Light Blue Touchpaper) Privacy activists have complained for years that the Information Commissioner is useless, and compared him with captured regulators like the FSA and the Financial Ombudsman. However I've come across a paper by a well-known anthropologist that gives a different take on the problem
"Cyber Hell" According to Eugene Kasperky (SC Magazine) Eugene Kaspersky, head of Kaspersky Lab, visited Israel for the 3rd annual International Cyber Security Conference, sponsored by Tel Aviv University to discuss what he describes as "cyber hell"
Lloyds: Cybersecurity is the No. 3 Global Business Threat (Infosecurity Magazine) What a difference a year and a few high-profile hacking incidents makes: According to Lloyd's third annual Global Risk Index, cybersecurity is now a top-of-mind concern for businesses, having leapfrogged from 12th to third place on the threat scale
Much Security Spending Focused on Network Instead of Database: Survey (SecurityWeek) A new report shows that while the majority of enterprises believe a database security breach would be the greatest risk to their business, most IT security resources in today's enterprises are aimed at protecting network assets
Speakers discuss cyber security, protecting critical U.S. infrastructure at Rocket City TakeDownCon (All Alabama) The U.S. intelligence community is forecasting a future in which cyber technology is developed and implemented before the proper security measures are in place, according to (Ret) Lt. Gen. Ron Burgess, the former director of the U.S. Defense Intelligence Agency
Employees bigger cyber security threat than dedicated criminals (Information Daily) Over half of business leaders see their own employees as a bigger threat to cyber security than external attackers, according to the survey 'Boardroom Cyber Watch 2013'
BYOD makes compliance with financial phone recording rules challenging (FierceMobileIT) The increasing use of BYOD by financial firms is making compliance with financial phone recording rules—put in place following the global financial meltdown—much more difficult
Snowden points finger at Microsoft as Fed Buddy, while security pros point to public reaction as 'mass naivete'' (FierceBigData) According to a recent report in The Guardian, Edward Snowden, a former government contractor and self-proclaimed whistleblower, revealed that Microsoft gave government agencies pre-encryption access to email in Outlook and Hotmail; to web chats in Outlook; to its cloud storage service SkyDrive; and, to Skype calls. The revelation is one of many pertaining to government access to--and collection of--data from Internet giants such as Google, Facebook and Apple via a program called PRISM
Can hosting startups save us from government snooping? (FierceBigData) "It could be that we will see a whole new set of startups that will stake their claim to fame on their refusal to share data with U.S. law enforcement and federal agencies," says John Dickson, CEO of the Denim Group, an enterprise application security consultancy and software development company. "In all likelihood those startups will host your data in other countries in order to avoid U.S. laws that demand they comply"
Perimeter security managers are in demand (SC Magazine) There is increased demand for defensive-minded security pros with the ability to manage perimeter security technologies. These roles can be found in security teams that manage their own infrastructure
TCC to Provide Secure Voice Systems and Services for North African Program (MarketWatch) Technical Communications Corporation (nasdaqcm:TCCO) has been selected to supply the secure radio and telephone encryption solutions, and customized cryptographic services and tools for a domestic prime contractor supporting a government customer in North Africa. Initial orders totaling $800,000 have been received with follow-on potential of up to approximately $1 million over the next two years
In-Q-Tel, HyTrust Fight Insider Threats (InformationWeek) CIA's investment arm cuts deal with HyTrust, maker of virtual appliance that monitors virtualized and cloud-based environments to spot insider abuses. The actions of Edward Snowden, the National Security Agency contract employee who has been leaking information on vast classified data-gathering programs carried out by the agency, has raised fresh questions about how to guard against risks from insiders exposing government secrets
GSA to Issue Final $60B OASIS Vehicle Solicitations (GovConWire) The General Services Administration has set a timeline to launch final solicitations for its potential $60 billion multiple-award One Acquisition Solution for Integrated Services contract, Federal News Radio reported Friday
Despite sequestration, cybersecurity funding growing (Washington Post) Bucking the trend set by most other areas in the defense budget, cybersecurity is widely regarded as a growth area for the near future
Donald Fulop, Suzan Zimmerman Join CACI Business Development Team (GovConWire) CACI International (NYSE: CACI) has hired Daniel Fulop, a 20-year veteran of Lockheed Martin (NYSE: LMT), and 25-year industry veteran Suzan Zimmerman to the business development team. Fulop was appointed executive vice president for business development and Zimmerman was named senior VP for strategic campaigns, CACI announced Tuesday
Products, Services, and Solutions
Viewfinity Launches Industry–First App Control and Managed Admin Privileges (Dark Reading) Viewfinity Application Control automates method for rating, restricting, and classifying unknown applications
The only Utah ISP (and one of the few nationwide) standing up for user privacy (Ars Technica) Giving metadata or traffic monitoring not "necessary to protect the safety of Americans."
Detecting Targeted Attacks With SPuNge (TrendLabs Security Intelligence Blog) Over the last number of years there has been a noticeable rise in the number of reported targeted attacks, which are also commonly referred to as advanced persistent threats (APTs). Notable examples of said attacks include the Red October campaign or the IXESHE APT
Data brokers are tracking, selling your car's location for $10 online (FierceBigData) Where there is a will to serve you up for a buck or ten, there is always a way to do so and an ambitious group of souls willing to do it. Adam Tanner at Forbes reports that a prominent data broker, TLO online investigative systems, is advertising its Vehicle Sightings, a mega-database of one billion vehicle sightings, for just $10 per search
All You Need to Know about Google Drive (Kaspersky Daily) A little over a year ago, most of us woke up one day and discovered that Google Docs was gone, replaced by this weird new thing called Google Drive. Then we learned that Google Drive was our old Google Docs, but supposedly bigger and better. Today nobody bats an eye at it, and really we shouldn't have been surprised anyhow, given how much Google loves rebranding its significant features
Virtualization startup puts desktop apps seamlessly in the cloud (Ars Technica) "Native as a service" offering strives to bring the best of cloud and desktop. For software developers, cloud services solve all sorts of problems. They make it easy to ensure license compliance, they keep customers running up-to-date software, and they skip the need for downloads and installations. But cloud services also have their issues. It's hard for cloud services to take advantage of local compute resources such as fast CPUs and powerful GPUs. A compute-intensive cloud service will need to buy a lot of computation. They also lack the vast array of rich, complex desktop applications that already exist
Panda Releases Gold Protection Suite (Softpedia) Panda Security announced today the launch of a new product called Panda Gold Protection. It is a protection solution that transgresses the OS limits as it
Panda Security expands antivirus protection for government clouds (GCN.com) To combat this threat, Panda Security has created Panda Cloud Systems Management (PCSM) that manages, monitors and supports all types of IT devices within
New computer is the size of a pack of index cards, costs $100 (VentureBeat) The Utilite computer, from CompuLab, will cost $100 and up for a full PC that's only slightly bigger than your phone. CompuLab, an Israeli maker of embedded computing products, has announced a tiny, bare-bones computer called the Utilite that will sell for $99 and up
Bitdefender debuts Photon technology with 2014 suite (ARNnet) Security vendor, Bitdefender, has launched the 2014 edition of its self-titled security package, which comes with the vendor's new Photon technology. The Photon update is designed to speed up scanning and boot time, as improve interaction with apps
Tortilla Tool Anonymously Routes Traffic Through Tor (Threatpost) Malware analysts are in a constant cat-and-mouse game with hackers when it comes to studying malicious code behaviors. Researchers handle malware samples gingerly, in a test network away from production machines and away from the Internet. Samples are opened in virtual machines and analysts observe not only malicious payloads, but communication with third-party servers
Technologies, Techniques, and Standards
SMBs Should Game Incident Response To Win (Dark Reading) Incident-response exercises are valuable at helping companies respond more quickly to security events, but they can also help educate businesses about the importance of being prepared
Decoy Personas for Safeguarding Online Identity Using Deception (Internet Storm Center) What if online scammers weren't sure whether the user account they are targeting is really yours, or whether the information they compiled about you is real? It's worth considering whether decoy online personas might help in the quest to safeguard our digital identities and data. I believe deception tactics, such as selective and careful use of honeypots, holds promise for defending enterprise IT resources. Some forms of deception could also protect individuals against online scammers and other attackers. This approach might not be quite practical today for most people, but in the future we might find it both necessary and achievable
The Security Pro's Guide To Responsible Vulnerability Disclosure (Dark Reading) A look at the changing nature of vulnerability disclosure -- and how it may affect your enterprise defenses. Since the early days of "ethical hacking" and security vulnerability analysis, researchers have followed a time-honored set of rules and traditions as to how to reveal the vulnerabilities they discover in a way that gives the bad guys as small a window as possible to exploit potential security holes in systems and software
SCADA Basic Security Considiration, Vulnerabilities ADVISORIES (Cyberwarzone) SCADA systems that tie together decentralized facilities such as power, oil, and gas pipelines and water distribution and wastewater collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure
Helping Kids Understand Their 'Digital Footprint' (McAfee Blog) It's easy to talk in general about an important topic and apply a catchy phrase to it without our kids really ever understanding it. When it comes to explaining the weight of their digital footprint kids can quickly glaze over and check out if we fail to speak in terms that matter to them
Big Data's Big Question: What To Keep (InformationWeek) Keep as much data as your budget will allow, advises security expert -- it may answer questions you haven't thought up yet. How much data should your organization save? Storing terabytes of digital information is not only costly, it also can lead to decision-making headaches such as, "What data do I need to keep?
UEFI secure boot: Next generation booting or a controversial debate (Help Net Security) One of the first initiatives for secure booting has been the Unified Extensible Firmware Interface (UEFI) Initiative. UEFI is a superior replacement of the Basic Input Output System (BIOS) and a security
Migrating to the cloud? Here's how to do it right (VentureBeat) Is moving to the cloud as simple as they say? Probably not. Organizations that host large, integrated systems in their own data centres will no doubt be approached by their application vendors for migration to the silver lining of the cloud
Cybersecurity: code-breakers try to keep up with hackers (Cyberwarzone) Cybersecurity is high on the agenda right now. With societies, businesses and governments ever-more reliant on the Internet, new technologies that ensure protection from malicious software need to be developed
ITL Issues Guidelines for Managing the Security of Mobile Devices (ITL Bulletin) The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently published revised guidelines for managing the security of mobile devices. Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise, will assist organizations in centrally managing the security of mobile devices such as smart phones and tablets. The document describes the security issues inherent in mobile device use and gives recommendations for selecting, implementing, and using centralized management technologies to secure mobile devices throughout their life cycles. While the publication primarily covers the security of organizational devices, the information can also apply to personally owned mobile devices
Research and Development
Uncertainty over the Uncertainty Principle (IEEE Spectrum) Eighty-six years after Werner Heisenberg first described his eponymous uncertainty principle, experts are still arguing over what, exactly, the infamous inequality really means. Briefly, of course, the principle says that the product of the uncertainties of position and momentum will always be greater than a constant —though a very, very tiny constant (see note below). The more tightly you tie one factor down, the more the other swings
Legislation, Policy, and Regulation
GCHQ spying programme: Spy watchdog 'is understaffed and totally ineffective' (The Independent) Watchdog's office consists of only 10 staff to monitor 10,000 working in spy agencies
Kenyan regulator looks to decommission domain registrar (IT World) The country's communications agency is looking to put in place a new registry, but the process is controversial. Kenya's telecommunications regulator is set to look for a new registrar for the country's .ke Top Level Domain, essentially decommissioning the Kenya Network Information Center (KENIC)
CCK set to duel with IANA/ICANN over .ke closure plans (Wanjiku) Few weeks ago, I got information that KENIC, the .ke registry was set to be wound up or sold. The first reaction was that the person was joking, given that KENIC is a multi stakeholder body, and it was not in debt
UK ISPs Not Happy with Heavy–Handed Government Porn Filter Proposals (Infosecurity Magazine) Last month David Cameron's 'pornification' advisor Claire Perry announced that UK ISPs would introduce opt-out porn filters by the end of this year in a voluntary scheme being introduced by the ISPs. But the ISPs are not happy
UK Government And ASPs At War, Shows Leaked Letter (Cyberwarzone) I've written before on the dialogue of the deaf between politicians and the internet industry over child internet safety - and now the relationship seems to be getting even worse. A letter sent to the UK's four leading ISPs from the government has made them very cross indeed. So cross that someone in the industry has passed it to me - you can read it in full below
Spy scandal: Merkel Demands Commitments from US; Reding Lends Support; Britain Objects (Infosecurity Magazine) On Sunday German Chancellor Angela Merkel made her strongest comments yet on the NSA/GCHQ spying scandal; while on Monday EU Justice Commissioner Viviane Reding welcomed Merkel's commitment to support strong and uniform EU data protection rules
Snowden's Ecuador Flirtation Sinks Into Trade Feud (Bloomberg) Ecuador's spat with the U.S. over the fugitive whistleblower Edward Snowden cost exporters special access to the world's biggest economy and may make the country's planned bond sale more expensive
Leaks from Edward Snowden focus attention on NSA director Keith Alexander (Washington Post) The secret documents describing U.S. surveillance operations that Edward Snowden gave to journalists have focused new attention on the National Security Agency and its director, Gen. Keith Alexander. Alexander has worked tirelessly since taking charge
Why Prism Is The Right Investment (InformationWeek) Prism doesn't scare me. On 9/11, my office was on the 39th floor of One World Trade. I was one of the many nameless people you saw on the news running from the towers as they collapsed
This Week in Tech: House to examine NSA surveillance programs (The Hill) "In light of recent national security leaks pertaining to some of the National Security Administration's intelligence gathering programs, this hearing will afford Members of Congress and the American public the opportunity to hear from Obama
McAfee's Schneck likely choice for DHS cybersecurity chief (The Hill) Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee, is the likely choice to be the next deputy undersecretary for cybersecurity at the Department of Homeland Security, according to two sources familiar with the
Merkel Gets Behind Controversial European Data Protection Reform (TechWeek Europe) German Chancellor Angela Merkel has given her backing to controversial data protection reforms in the European Union, following the revelations of US surveillance whistleblower Edward Snowden
Draft bill would codify NIST cybersecurity framework into law (Cyberwarzone) A draft cybersecurity bill being circulated by the Democratic and Republican heads of the Senate Commerce, Science & Transportation Committee would codify in law the cybersecurity framework called for by President Obama in a Feb. 12 executive order
Nations Boost Cyber Defense Spending to Protect Critical Infrastructure (SecurityWeek) As concerns mount about the possibility of a cyber-attack against critical infrastructure, countries are focusing on boosting their security spending to include cyber-defenses
United Nations: Snowden affair is chance for truce in cyber war (Cyberwarzone) Edward Snowden's revelations about U.S. Internet surveillance have created a chance for countries to call a halt to a cyber war, a senior U.N. official said on Monday
White House, Google and Others Adopt Plan To Choke Off Ad Revenue From Pirate Sites (TechCrunch) The White House is in league with top Internet advertising companies to rain on everyone's free-software parade: a new industry standard has been adopted to remove ads from pirate websites in an attempt to choke off their revenue stream. The voluntary agreement says that companies will remove revenue sharing relationships with a website after users submit a complaint and an internal
States Seek Direct Messages For Health Data During Disasters (InformationWeek) 10 states recently entered a compact to exchange patient data in case of a natural or a man-made disaster. No solution covers the entire country, however
Litigation, Investigation, and Law Enforcement
DHS warns employees not to read leaked NSA information (Washington Post) The Department of Homeland Security has warned its employees that the government may penalize them for opening a Washington Post article containing a classified slide that shows how the National Security Agency eavesdrops on international
Yahoo wins motion to declassify court documents in PRISM case (CNET) Yahoo wins motion to declassify court documents in PRISM case. Ruling will allow the Internet company to publicly reveal it challenged a U.S. government order to participate in the National Security Agency's controversial data collection program
Facebook's silence on PRISM could result in legal action (Daily Dot) After Facebook went public in 2012, the company was praised for its honesty about the risks facing potential investors. When any corporation makes an initial public filing with the Securities and Exchange Commission (SEC), it is required by law to disclose all the known risks to shareholders. But Facebook, it seemed, had gone above and beyond
Classified Programs Challenged In Court (Washington Post) The recent disclosure of U.S. surveillance methods is providing opponents of classified programs with new openings to challenge their constitutionality, according to civil libertarians and some legal experts
Snowden applies for temporary asylum in Russia (USA Today) Intelligence leaker Edward Snowden formally submitted an application for temporary asylum in Russia on Tuesday, his lawyer said
Putin: Snowden a dubious present (The Seattle Times) Russian President Vladimir Putin on Monday characterized National Security Agency leaker Edward Snowden's long stay at a Moscow airport as an unwelcome present foisted on Russia by the United States. In comments reported by Russian news agencies
Putin suggests Snowden may stop leaking documents (CSO) The former NSA contractor will leave Russia as soon as possible, Russia president says. Edward Snowden, the leaker of U.S. National Security Agency surveillance activities, may have changed his position about disclosing more information in the future, Russian President Vladimir Putin said Monday, according to news reports
Putin hopes Snowden will leave Russia soon (USA Today) Putin says the U.S., by revoking Snowden's passport, has kept him stuck in Moscow. Russian President Vladimir Putin said Monday that NSA leaker Edward Snowden would leave the country at the "earliest opportunity"
Sony drops PSN breach appeal after risk assessment (CSO) PlayStation creator decides to pay hefty fine for 2011 data breach, cites confidentiality of network security as reason for walking away from appeal. Sony, entertainment giant and the company most noted in the security world as the source of a massive breach that impacted millions of accounts in 2011, has said they will abandon the appeal that was filed with the Information Commissioner's Office (ICO) in the U.K., due to security concerns. The move means they will pay the £250,000 fine ($377,400) levied against the company earlier this year and walk away from the table
Class-action filed against convenience store over breach (SC Magazine) A man in Northport, Ala. is suing a convenience store chain that experienced a credit card breach this spring. Ian Yeager filed a class-action lawsuit against Brentwood, Tenn.-based Mapco Express
Mugshot-Removal Sites Accused of Extortion (Wired) The growing online mugshot-removal racket — where arrestees pay sometimes hundreds of dollars to remove their mugs — is being hit with extortion accusations in a novel lawsuit testing the bounds of the First Amendment
For a complete running list of events, please visit the Event Tracker.
EAGB Summer Quarterly Webinar (Webinar, Jul 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore: State of the Market Report. The EAGB is pleased to welcomespecial guest Karl Gumtow, Co-Founder and CEO of CyberPoint International, to discuss trends in the Cyber Security market and the future of the industry.
London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.
Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.
International Conference on Cyber Security (New York, New York, USA, Aug 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit, is an unparalleled opportunity for global leaders in cyber threat analysis, operations and law enforcement to coordinate their efforts to create a more secure world. With the number of cyber threats escalating worldwide, the need for comprehensive security analysis, assessment, and actions has never been greater. Join those working on the front-lines of secure cyber networks at ICCS for the opportunity to learn useful knowledge and share critical intelligence on issues shaping the future of cyber security.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security Training Conference, CSTF is set to convene from Tuesday August 6, 2013 to Wednesday, August 7, 2013 at the DoubleTree by Hilton, Colorado Springs, Colorado.CSTF 2013 will bring together cyber experts from the DoD, federal government, business, research, and academia to address: the latest DoD and government cyber policies, remediation strategies and best practices, the growing impact, and evolution, of cyber threats and how to continue to protect and defend the Global Information Grid (GIG), mobility strategies, cloud & virtualization advancements, and emerging technologies. This will be accomplished through a number of in-depth cyber sessions, hands on live demonstrations, the yearly cyber challenge and government and industry exhibits. Don't miss this educational, and cost effective, cyber event in Colorado Springs, CO..
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.