The CyberWire Daily Briefing for 7.17.2013
South Korea provides more information on its attribution of the Dark Seoul cyber campaign to the North Korean regime.
Another Android vulnerability is discovered. Android's success in the consumer market is also stoking a thriving criminal black market in exploits.
Marriott Rewards members are advised to change their passwords after Marriott detects a spike in attempts to hack into user accounts. Kaspersky offers some timely advice on cyber safety for vacation travel (start by being less forthcoming in social media).
Waterholing appears to be displacing spearphishing in state-sponsored cyber attacks.
Mandiant reminds people that "Unit 61398" is part of China's People's Liberation Army, not "just a collection of some guys working in someone's basement."
Oracle's July patches closed eighty vulnerabilities in the firm's products.
Quantum Dawn, Wall Street's cyber defense exercise, starts tomorrow. In the meantime the financial sector worries about vulnerability to cyber attack, and works to come to grips with an emerging cyber risk regulatory regime.
Booz Allen, CACI, SAIC, Honeywell, and General Dynamics are among thirteen winners of a US Navy cyber IDIQ contract worth up to $900M.
US universities, particularly research universities, are increasingly becoming targets of industrial espionage. (Coincidentally or not, more universities are partnering with cyber companies—General Dynamics and Rensselaer Polytechnic, for example, announce a new research arrangement.)
Cyber cooperation among the US, UK, Australia, Canada, and New Zealand is unlikely to be impeded by public reaction to leaks, observers note.
Snowden has requested asylum in Russia. The Manning trial nears its conclusion.
Today's issue includes events affecting Afghanistan, China, European Union, Germany, Israel, Republic of Korea, Democratic People's Republic of Korea, Malaysia, Russia, Switzerland, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Seoul blames North Korea for June cyber attack (Globe and Mail) South Korean investigators on Tuesday blamed rival North Korea for a cyber attack last month on dozens of South Korean media and government websites, including those of the president and prime minister. The biggest piece of evidence linking Pyongyang to the attacks on June 25, which marked the 63rd anniversary of the beginning of the Korean War, was a North Korean Internet protocol address found in some of the websites and malicious codes, South Korea's Ministry of Science said
Anatomy of another Android hole — Chinese researchers claim new code verification bypass (Naked Security) Hot on the heels of the so-called "master key" bug in Android comes what Chinese Android researchers are calling "a similar vulnerability." They've definitely found a bug, and an another embarrassing one for Google's coders, too
New Android malware lowers the bar for cyberciminals (CSO) Discovery the latest example of a growing market in commoditized services for mobile like those available for infected Windows machines
CSRF Still Armed And Dangerous (Dark Reading) Cross-site request forgery may not get the same attention as SQLi or XSS, but it still poses considerable risk to Web apps. While they may not pack the same punch or crop up at the same frequency as injection or cross site scripting attacks, cross site request forgery (CSRF) attacks should still be very much on the radar of application developers. This year, CSRF may have gotten bumped down a few notches on the OWASP top Web app vulnerability rankings, but it still remains on the top ten and, according to some, CSRF attacks may well be accelerating
Marriott Rewards Members Urged to Change Passwords Following Hack Attempts (SecurityWeek) Members of the Marriott Rewards program were notified on Tuesday of attacks attempting to gain access to user accounts, and asked to change their passwords as soon as possible
I Know Where you Checked in Last Summer (Kaspersky Lab Daily) It's summer, that time of year where we go on vacation, take lots of pictures — and, of course, upload them to Facebook, Instagram and Twitter. And because we want people to know where we are taking this beautiful picture of the fabulous time we're having, we also like to 'check in' at various locations, or to tag the geographic locations in the pictures we took, right down to the exact address of the restaurant or hotel we're at right that moment
A look at Point of Sale RAM scraper malware and how it works (Naked Security) A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.. In this article, Numaan Huq from SophosLabs takes a step back from the technical details and looks at the evolution of these PoS RAM scrapers
Water Hole Replacing Spear-Phishing as State-Sponsored Weapon of Choice (Infosecurity Magazine) Spear-phishing is an attack that attempts to ensnare a specific individual or group of victims via email; water hole attacks wait for the victim to come to the trap. Attackers - especially state-sponsored attackers - are increasingly turning to the latter as their weapon of choice
Unpatched Vulnerabilities Disclosed in Asus Home Routers (Threatpost) Asus home routers are open to a number of potential remote attacks because of vulnerabilities in the AiCloud service bundled with the hardware. Security researcher Kyle Lovett posted on Sunday to the Full Disclosure mailing list today a follow up to a June disclosure of a directory traversal bug in the RT-N66U routers
Chinese hackers identified (Federal News Radio) Earlier this year information security firm Mandiant identified a previously unknown group hackers thought to be in China. "People referred to China or Chinese hackers, but there was plenty of wiggle room there to assume it could be a collection of guys working in someone's basement without a tie to the government," Richard Behtlich chief security officer for Mandiant. The group the identified is called Unit 61398. Bejtlich says, "we showed pretty conclusively that at least this one group is part of the PLA" AKA The Chinese People's Liberation Army
Post Liberty Reserve Shutdown — What's Next? (TrendLabs Security Intelligence Blog) After Liberty Reserve's shutdown, small or big–time cybercriminals had to scurry for an alternative currency. Some cybercriminals exclusively used Liberty Reserve (LR) as an e-currency to fuel their businesses, but its sudden shutdown took the underground scene by surprise. While many of them had a hard time believing this was indeed happening, others thought that LR would be back any time soon
Security Patches, Mitigations, and Software Updates
Facebook fixes critical flaw, cites as example of bounty's success (CSO) Bounty programs can buy goodwill with bug hunters with very little downside, said one security expert
HP to release fix this week for backdoor in StoreVirtual SAN product (FierceITSecurity) HP is releasing this week a fix to a backdoor in its StoreVirtual storage area network appliance that could enable a remote attacker to get root access to the system, the company announced in a security bulletin
Oracle Critical Patch Update Advisory — July 2013 (Oracle) A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes
Oracle plugs 90 security holes in hundreds of products (FierceITSecurity) Oracle is releasing security patches on Tuesday for 90 new vulnerabilities across hundreds of Oracle products, the software giant said in a pre-release announcement for its quarterly critical patch update
Cyber security threat to US ports (Port Strategy) Low cyber-security awareness and culture in US port facilities leave the nation's key hubs vulnerable to crippling cyber attacks, according to a new report
Regulators Cite Cyberattack Risks for Financial Firms (Wall Street Journal) The report, by staff of the International Organization of Securities Commissions, warns that cyber-crime has become significantly more sophisticated, making it more challenging to defend against. Hackers are increasingly focusing on destabilizing
Cyber Attack Should Be Deemed Systemic Risk, Exchange Study Says (Businessweek) About 53 percent of exchanges surveyed have been hit by a cyber-attack in the last year. American venues were most likely, with 67 percent saying they had to fight them off, the joint study by the International Organization of Securities Commissions
Cybersecurity Exercise: Quantum Dawn 2 (SIFMA) Quantum Dawn 2 is a cybersecurity exercise to test incident response, resolution and coordination processes for the financial services sector and the individual member firms to a street-wide cyber attack
Cyber attacks on stock exchanges put markets at risk: report (Reuters) Around half of the world's securities exchanges were the target of cyber-attacks last year, according to a paper based on a survey of 46 exchanges released on Tuesday
Chrome, Linux users more likely to ignore browser security warnings (FierceCIO: TechWatch) Chrome users are far more likely to ignore security warnings than users of the Firefox browser. The findings were outlined in a new study titled "Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness" that can be downloaded here
The cyber arms race is already in full swing (FierceCIO: TechWatch) The New York Times last Friday ran a report titled "Nations buying as hackers sell flaws in computer code" that detailed a new arms race that looks to be in full swing. In a nutshell, these hackers and security researchers have a single-minded focus to find novel security bugs and weaknesses--or "zero days"--and then develop a way to exploit them
NSA Surveillance: IT Pro Survey Says What? (InformationWeek) To understand the relationship between security and privacy, we should pay more attention to IT professionals and spend less time asking loaded questions
Big Brother in our health and fitness apps (FierceMobileHealthCare) This week, the Privacy Rights Clearinghouse, a California nonprofit dedicated to empowering individuals to protect their privacy, issued a study on mobile health and fitness apps based on a technical risk assessment they performed to determine what data the apps collected, stored, and transmitted. After studying 43 popular apps (both free and paid) from a consumer and technical perspective, the group found "considerable privacy risks for users" and that the privacy policies for those apps that have policies do not describe those risks
NEC calls it quits on smartphones after Lenovo deal falls through—is Huawei/HTC next? (Quartz) There was a time when NEC was the 500 lb. gorilla in Japan's cellphone market with a 27% market share—then came smartphones. Faced with competition from the likes of Apple and Samsung, NEC's share quickly shrunk to a measly 5%; after spending six months unsuccessfully trying to negotiate a partnership with China's Lenovo, the company has decided to exit the smartphone business entirely, according to a report by the Nikkei newspaper
Air Force 'carving out' more AF members for cyber (Air Force Times) Space Command announced earlier this year they would be standing up additional cyber mission teams between 2014 and 2016 in support of U.S. Cyber Command. "I think the future is very bright in space and cyber…there are challenges in budgets, there
World gripped by security skills crisis in face of cyber crime epidemic, says Dell SecureWorks CTO (Computing) One of the biggest challenges facing the IT industry is determining how to boost the number of skilled cyber security professionals in order to combat an epidemic of cyber crime. That's according to Jon Ramsey, CTO of Dell SecureWorks, the hardware manufacturer's information security division
Microsoft: We do not give the NSA keys to bypass email encryption (ZDNet) Microsoft says it does not provide the NSA or any U.S. government agency with the ability to bypass its encryption or give 'direct access' to user data
After Snowden, Booz Allen Wins Navy Cyber Work (Wall Street Journal) Booz Allen Hamilton Inc. was one of 13 companies to win part of a $900 million contract to provide the U.S. military with support for its expanding cyber operations, the Defense Department announced Tuesday. The award comes as Booz Allen is facing
Dell committee mulls delaying vote (FierceFinance) Is this a bad omen for Michael Dell's attempt to buy his own company? The board's special committee, tasked with overseeing the bidding process, has let it be known that it is considering a delay to the scheduled July 18 vote on the founder's $13.65 a share offer, which so far has been supported by the committee, which also evaluated a leveraged recap proposal from Carl Icahn
SCADA Vendor Offers Store Credit for Vulnerabilities (Threatpost) IntegraXor, a manufacturer of supervisory control and data acquisition (SCADA) equipment, announced last week that it would implement a bug bounty program offering points redeemable for company services to researchers that disclose security vulnerabilities in their IGX SCADA system
Fusion PPT Has Been Accepted as a Member of the Intelligence and National Security Alliance (Virtual-Strategy Magazine) Fusion PPT, a recognized cloud computing strategy and technology firm, announced today that the company has been accepted as a member of the Intelligence and National Security Alliance (INSA). Fusion PPT joins INSA's membership body in working to
Lockheed Selected for Israel's $279M Military IT Upgrade (GovConWire) Lockheed Martin (NYSE: LMT) has partnered with Bynet Data Communications for a potential $279 million multiple-award contract to modernize the Israeli Defense Ministry's military intelligence headquarters, the World Tribune reported Sunday
Deltek Buys Project Mgmt Software Maker Acumen (GovConWire) Deltek has bought project management software and services provider Acumen for an undisclosed sum in a move aimed at growing Deltek's enterprise-class offerings. Texas-based Acumen adds analytics, project planning and risk management products to Deltek's portfolio for government contracting and professional services organizations, the companies said in a joint statement
Products, Services, and Solutions
Waterfall Security Solutions and OPSWAT Announce Joint Solution For Protecting Critical Infrastructures (Dark Reading) Waterfall's Unidirectional Gateways are able to scan data using OPSWAT's Metascan engine
Viewfinity launches a new application control solution (Help Net Security) Viewfinity announced the availability of the Viewfinity Application Control solution, a homogeneous software solution that includes application whitelisting, managing trusted sources, forensic analysis
Barracuda Ties Up With VADS To Offer VADS Managed Web Application Firewall (Bernama) Barracuda Networks Inc is partnering VADS Bhd to offer the VADS Managed Web Application Firewall (MWAF) for small to large businesses as protection against cyber threats
EiQ Networks SecureVue Awarded Enterprise Certificate of Networthiness by U.S. Army (Wall Street Journal) Organizations within the DoD can deploy SecureVue to meet security monitoring, continuous monitoring and STIG auditing mandates
Trustlook Introduces the First APT Mobile Security Solution (Wall Street Journal) Unlike the traditional intrusion-prevention, anti-malware and anti-virus products, Trustlook provides the first APT (advanced persistent threat) mobile security solution to detect and address zero-day and advanced malware. While the mobile industry is
Belkin Builds on Cyber Security Strategy with the Introduction of New Secure DisplayPort KVM Switch for Federal and Defense Agencies (Wall Street Journal) Belkin, a trusted leader of technology solutions for cyber security and government agencies, today announced the expansion of its award-winning secure product line with the addition of the Belkin DisplayPort KVM Switch. The new switch offers the ideal solution for federal and defense users who handle sensitive or confidential information and need a seamless, coherent environment working on multiple networks with different security levels
Co3 Systems Helps Organizations Comply With EU Privacy Breach Laws (SecurityWeek) Co3 Systems, a maker of software that helps organizations prepare, assess, manage, and report on privacy breaches and security incidents, has expanded its Privacy Module with new coverage for privacy regulations in the European Union (EU)
SafeNet Partners with Senetas to Protect Data in Motion (CSO) SafeNet, Inc., a global leader in data protection, today announced an extended global distribution agreement with Senetas Security Pty Ltd., in which SafeNet will add Senetas's high-speed network encryption solutions, including the new CN6000 family, to its portfolio of products distributed around the globe. Senetas complements SafeNet's data protection solutions to provide persistent protection of sensitive information at critical points in its lifecycle, wherever and however that information is used. Government agencies and business organisations can reduce risk, improve compliance posture, and enhance governance and ownership of sensitive data across their business
Mobile security from Norton leads the stress test for Android (QR Code Press) There were 21 different apps tested on three separate occasions since January 2013. Among them, the highest detection rates were achieved by Bitdefender Mobile Security and Antiy AVL, achieving 99.8 percent. Norton's mobile security detection rate
Technologies, Techniques, and Standards
45 Percent Of Companies Fear More Complex Attacks On Their IT Infrastructures (Dark Reading) Of all new threats detected in 2012 by Kaspersky Lab's products, 87 percent were detected with the help of heuristic technologies
How to Secure Social Media Accounts (eSecurity Planet) While there is much debate over social media's impact on productivity, it clearly creates security risks. These simple practices should keep employees' social media use from endangering the enterprise
SMB Insider Threat: Don't Hire a Hacker (Dark Reading) Last month, Edward Snowden reminded us that the greatest threat to our critical systems and sensitive data is not the external hacker but the trusted insider. While leaks pertaining to large government agencies capture the headlines, the SMB insider silently threatens our organizations with devastating impact
Petition calls for an end to passwords (CSO) A public advocacy campaign called Petition Against Passwords claims passwords are a thing of the past, and that new methods of authentication are necessary to secure the future
Don't Ignore the Warnings (Symantec) Be honest. Do you really read the warning messages that your browser displays to you? Or do you blindly click the phishing site warnings or the SSL mismatch dialog away? Apparently most users don't seem to care too much about those warnings and click through them quickly. And I doubt that they have memorized the meaning of the warnings and reflect on the consequences each time
"Oh no, the suspect ran CCleaner to get rid of the evidence!" (Magnet Forensics) I recently received a few questions about the effects of running Internet history sanitation tools such as CCleaner, when examining a computer looking for internet related artifacts. CCleaner is a product from a company identified as Piriform (www.piriform.com), and a version is freely available online and commonly used to 'sanitize' user activity. From the online documentation, CCleaner is said to protect privacy by cleaning out Internet browsing history and temporary internet files
Enterprises need to COPE with flood of mobile devices, says NSS Labs (FierceITSecurity) A corporate-owned personally enabled, or COPE, policy is better from a security perspective than a bring your own device, or BYOD, approach to address enterprise mobility, observed Andrew Braunberg, research director at NSS Labs
Design and Innovation
The Screams of Crushed Startups Echo Across Silicon Valley (Wired) Startups valued richly just a year or two ago are having trouble now that the time has come to go back to the trough. They are being advised to swallow their pride
Research and Development
If A Network Is Broken, Break It More (Inside Science) From the World Wide Web to the electrical grid, networks are notoriously difficult to control. A disturbance to just one part of the system can spread quickly and affect the whole thing. But this problem is its own solution: by selectively damaging part of the network, we can bring the entire system to a better state
Ferris Designated a Center of Digital Forensics Academic Excellence (Ferris State Torch) Ferris' Information Security and Intelligence program courseware was certified as a "Center of Excellence" two years ago by the National Information Assurance Education and Training Program of the National Security Agency
Campuses Face Rising Threat From Hackers (New York Times) Americas research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen
Students, Start-Up Team to Create Android "Master Key" Patch (Slashdot) The saga of the application-signing flaw affecting Google's Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google's official patch
General Dynamics AIS, University Partner in Data Science Center Program (The New New Internet) A General Dynamics business unit has been selected the first industrial member of a university research center that aims to foster collaboration and information sharing between the public and private sectors
Legislation, Policy, and Regulation
The Tech Geeks Are Israel's War Heroes (Huffington Post) The Israel Defense Forces, the IDF, is making significant hardware cuts. The story was reported on the front page of the Wall Street Journal and in other papers around the country
5-Nation Spy Alliance Too Vital For Leaks To Harm (Yahoo.com) Britain needed U.S. intelligence to help thwart a major terror attack. New Zealand relied on it to send troops to Afghanistan. And Australia used it to help convict a would-be bomber
U.K. spy agency didn't break the law amid PRISM claims, MPs say (ZDNet) Signals intelligence agency GCHQ didn't break British laws when conducting its mass surveillance program in conjunction with the Americans, but MPs are instead looking at whether the laws should be updated
German Military Knew About PRISM: Report (SecurityWeek) The German military has known for years of the sweeping US online surveillance program PRISM, a newspaper reported Wednesday, citing a NATO document from the Afghanistan mission
U.S. Government Can No Longer Be Trusted To Protect The Internet From International Power Grabs (TechCrunch) In the wake of Edward Snowden's whistleblowing, the United States government can no longer be seen as a beneficent or even merely benign actor on the Internet. That could have disastrous consequences, first in reducing trust in the cloud and its American hosts and second in potentially upending Internet governance
Government secrecy undermines the good of federal programs (FierceGovernment) The federal government, I've argued before, is mostly a force for good in American society. It played vital roles in desegregation. Its social net programs ensure that the United States is more than a market of consumers, but a society that protects its vulnerable (something that's vital for the long-term survival of that market, as well, although those who would support poverty alleviation for utilitarian purposes only lack a soul). Its ability to regulate across the nation ensures modicums of basic safety and health standards at home and at work
Senate tries again on cybersecurity bill (FierceITSecurity) The U.S. Senate is again poised to tackle cybersecurity legislation, but this time it is expected to be more limited in scope
Litigation, Investigation, and Law Enforcement
Microsoft Asks Attorney General To Release Gag Order On NSA Spying (TechCrunch) Microsoft is tired of getting pummeled in the press over reports that it hands over emails and Skype conversations to the National Security Agency. Unfortunately, the federal gag order related to the NSA is so strict that companies can't even talk about the existence of the program. Today, Microsoft begged issued a strongly worded letter to Attorney General Eric Holder to release the gag
Meet the Snowden of Swiss Banking (Bloomberg Businessweek) Hervé Falciani blew a gaping hole in Swiss banking secrecy. The former systems engineer at HSBC (HBC)'s private bank in Geneva leaked details on thousands of client accounts to tax authorities in other countries, who say the data has helped them uncover some €200 billion ($260 billion) in tax fraud
Snowden's latest problem is that Putin despises turncoats (Quartz) Given Russian president Vladimir Putin's regular tirades against the US, you would think he'd be thrilled to be hosting Edward Snowden, the fugitive US intelligence contractor who on July 16 officially requested Russian asylum. But at least publicly, Putin is not restraining himself in this opportunity to goad Washington. Instead, he says he prefers that the American leave Moscow as soon as possible
Leaker Files For Asylum To Remain In Russia (New York Times) Edward J. Snowden, the former intelligence contractor on the run from the American authorities, on Tuesday formally requested temporary asylum in Russia, submitting an application that seemed aimed at insulating President Vladimir V. Putin from United States pressure and blame
Why It Doesn't Matter If Edward Snowden Is A Hypocrite (TechCrunch) Anti-authoritarian data leaker Edward Snowden is officially seeking the warm embrace of Russia, a country known for disappearing journalists and running a propaganda arm in the guise of a public media station. He's also deliberately withheld the most damning information about how the National Security Agency actually operates. Yet, even if Snowden joined the Russian KGB, his exposé of highly
Snowden's Contingency: 'Dead Man's Switch' Borrows From Cold War, WikiLeaks (Wired) The strategy employed by NSA whistleblower Edward Snowden to discourage a CIA hit job has been likened to a tactic employed by the U.S. and Russian governments during the Cold War
Journalism On Trial as Bradley Manning Case Nears Moment of Truth (Daily Beast) As the defense and the prosecution rested their cases in the largest leak trial in American history, the defense argued Monday that the presiding military judge, Col. Denise Lind, should dismiss "aiding the enemy" and other
American Cyber jihadist sentenced Incited Violent Jihad Online (Cyberwarzone) A federal judge sentenced Emerson Begolly to eight years and six months in prison for soliciting others to engage in acts of terrorism within the United States and for using a firearm in relation to an assault on FBI agents
19 Groups Sue NSA Over Data Collection (SecurityWeek) Nineteen US organizations filed suit Tuesday against the National Security Agency claiming their constitutional rights were violated by the secret spy agency's data collection programs. The Electronic Freedom Foundation filed the action on behalf of a variety of groups including the First Unitarian Church of Los Angeles, the gun rights group Calguns Foundation, Greenpeace and Human Rights Watch
HHS fines WellPoint $1.7 million for exposing patient records on the web (FierceITSecurity) The Department of Health and Human Services is levying a $1.7 million fine on managed care company WellPoint for exposing health records of 612,402 individuals to the Internet in violation of the Health Insurance Portability and Accountability Act
British Border Police use Anti-Terror Laws to Seize Any Phone (Infosecurity Magazine) The parallels between US and UK intelligence grow. Snowden revealed the NSA's Prism project, then GCHQ's Tempora. The US border is well-known as a constitution-free zone for mobile device seizures; now the Telegraph reveals similar practices in the UK
College Student Gets Year in Prison for election fraud (Threatpost) A former Cal State San Marcos student was sentenced to a year in prison this week for election tampering by using keystroke loggers to grab student credentials and then vote for himself
For a complete running list of events, please visit the Event Tracker.
AFCEA Global Intelligence Forum (Washington, DC, USA, Jul 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence Community can play in helping to ensure free and secure cyberspace operations -- from setting requirements, to collecting and analyzing data, to delivering insights and recommendations. In the end, the discourse will look at where industry can partner with the government to provide cyber situational awareness, indications, and warning. Eugene Kaspersky will deliver the keynote. As of July 17, twenty-five seats remain available.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
EAGB Summer Quarterly Webinar (Webinar, Jul 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore: State of the Market Report. The EAGB is pleased to welcomespecial guest Karl Gumtow, Co-Founder and CEO of CyberPoint International, to discuss trends in the Cyber Security market and the future of the industry.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.
International Conference on Cyber Security (New York, New York, USA, Aug 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit, is an unparalleled opportunity for global leaders in cyber threat analysis, operations and law enforcement to coordinate their efforts to create a more secure world. With the number of cyber threats escalating worldwide, the need for comprehensive security analysis, assessment, and actions has never been greater. Join those working on the front-lines of secure cyber networks at ICCS for the opportunity to learn useful knowledge and share critical intelligence on issues shaping the future of cyber security.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security Training Conference, CSTF is set to convene from Tuesday August 6, 2013 to Wednesday, August 7, 2013 at the DoubleTree by Hilton, Colorado Springs, Colorado.CSTF 2013 will bring together cyber experts from the DoD, federal government, business, research, and academia to address: the latest DoD and government cyber policies, remediation strategies and best practices, the growing impact, and evolution, of cyber threats and how to continue to protect and defend the Global Information Grid (GIG), mobility strategies, cloud & virtualization advancements, and emerging technologies. This will be accomplished through a number of in-depth cyber sessions, hands on live demonstrations, the yearly cyber challenge and government and industry exhibits. Don't miss this educational, and cost effective, cyber event in Colorado Springs, CO..
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.