The CyberWire Daily Briefing for 7.18.2013
As Quantum Dawn begins, Quartz publishes an interesting speculative narrative of what a destabilizing cyber attack on the financial markets might actually look like: APTs slowly corrupting data, with their activity masked by distributed-denial-of-service noise. Analysts try to assess the risk to exchanges; consensus remains that it's large.
The Times of India reports that BlackBerry has granted Indian law enforcement agencies access to emails and chats. A German researcher also claims BlackBerry 10 sends full email account credentials to its corporate home.
The Syrian Electronic Army is back (as Assad's position grows stronger) with a claimed hack of Sweden's Truecaller global phone directory.
Network Solutions is recovering from yesterday's denial-of-service attack. Tumblr warns iOS users to change passwords, and patches the vulnerability that prompted the warning.
The cyber criminal economy grows in sophistication and rapacity. Recent offerings include botnet BitCoin miners, fraudulent identity "Kitz" (sic), and a "binder" for Android exploits. Forum platform vBulletin is apparently becoming a favorite launching point for criminal exploits.
HM Government reveals that it's investigating Huawei involvement with an Oxfordshire cybersecurity center. Staffing, not hardware, is at issue, but the episode highlights, again, the need for Chinese firms and Western governments to reach a sensible security modus vivendi.
Palantir woos New Zealand intelligence services. Symantec opens a center in Ireland. The US Navy awards places on a large cyber contract.
Congressional hearings over NSA surveillance continue, as members receive the Intelligence Community's views. Russia's Putin wants to be sure Snowden doesn't jeopardize US-Russian good relations.
Today's issue includes events affecting China, Estonia, India, Ireland, Japan, Latvia, New Zealand, Romania, Russia, Sweden, Syria, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
This is what a destabilizing cyberattack on financial markets would look like (Quartz) Almost 90% of the world's financial exchanges believe that cyber-crime poses a systemic risk to the securities industry, according to a report (pdf) published by the International Organisation of Securities Exchanges (Iosco) and the World Federation of Exchanges this week. More than half of those exchanges have faced cyber attacks in the last year, and financial firms have had to invest huge sums of money to maintain their security. At least so far, they seem to have been mostly effective at warding off hackers
BlackBerry allows Indian government a direct access to emails and Chats (HackRead) Government agencies in India are now allowed to access your blackberry devices directly, allowing them to track conversations, emails and attachments sent between Blackberry devices on a real time basis. Times of India reports that according to a leaked government document, government agencies will be able to track and read every typed word on Blackberry devices This access will allow the agencies to spy on
Blackberry 10 Sends Full Email Account Credentials To RIM (Slashdot) How a phone manufacturer making a somewhat successful come-back can shoot itself in the foot: Marc "van Hauser" Heuse, who works for German technology magazine Heise, has discovered that immediately after setting up an email account on Blackberry 10 OS, full credentials for that account are sent to Research In Motion, the Canadian Blackberry manufacturer. Shortly after performing the set-up, the first successful connections from a server located within the RIM domain appear in the mail server's logs. (Most of the story in English, some comments in German.) At least according to German law, this is completely illegal, as the phone's user does not get a single indication or notice of what is being done. [Links to the original article for those who read German.
Hacker group says it acquired databases of global phone directory Truecaller (SC Magazine) Swedish-based Truecaller, the company that says it maintains the largest global phone directory, has become the latest target of the Syrian Electronic Army after the hacker collective made the announcement via Twitter less than 24 hours ago
KakaoTalk Targeted By Fake and Trojanized Apps (TrendLabs Threat Intelligence Blog) Instant messaging apps are battling it out and trying to become the next popular means of communication that people will use. For example, in Japan, both Line and KakaoTalk – two popular chat apps – both claim to have more than 100 million users in Japan
DDOS Attack Knock Network Solutions Website, Clients Offline (Threatpost) A distributed denial of service attack knocked the website of the domain name registrar Network Solutions LLC offline this morning and affected an unknown number of its clients' sites as well
Tumblr security lapse — iPhone and iPad users update your passwords now! (SecurityWeek) Tumblr has released a "very important" update for their iPad and iPhone apps following what they describe as a "security lapse"
Mac Ransomware Deviating from the (java)script (Infosecurity Magazine) Jerome Segura has blogged for Malwarebytes about a ransomware attack of sorts that poses a potential problem for OS X users. We've become all too familiar with malware that targets Windows users, telling them they have to pay the FBI or the police a fine for some infraction, often involving pornography. In fact, to some extent this type of malware has replaced fake anti-virus. We're less accustomed to seeing it as a problem for Mac users, though
Researchers To Highlight Weaknesses In Secure Mobile Data Stores (Dark Reading) At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices
vBulletin Forum Becomes Target for Cybercriminals, Warns Sucuri (Spamfighter) Sucuri, a known security firm, warns that vBulletin is a renowned forum platform which is becoming a favorite target for web-based attacks launched by unscrupulous cyber crooks, reported blog.sucuri.net in the first week of July 2013
Botcoin: Bitcoin Mining by Botnet (Krebs on Security) An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I'll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots
Cyber-Criminals Selling Fraudulent Identity 'Kitz' on Web Black Market (eWeek) Researchers at Dell Secureworks find criminals combining drivers' licenses, health insurance and credit-card accounts into counterfeit documents, or "kitz," which are then sold online
For about $40, "binder" tool weaponizes Android apps for you (SC Magazine) A tool that "trojanizes" legitimate Android apps may be a dream come true for criminals with ill intent but little skill or patience to craft their own malicious code. According to researchers at Symantec, for just $37, saboteurs can buy the AndroRAT APK Binder, currently being sold on underground forums. Andrea Lelli, a Symantec researcher, wrote in a Tuesday blog post that binders are the "first tools that easily allow users to repackage and trojanize legitimate Android applications with AndroRAT," a remote access trojan (RAT) for Android devices that was made freely available online last November by online crooks
Long Beach Memorial Medical Center announces data breach (Health IT Security) Long Beach Memorial Medical Center alerted 2,864 patients who received treatment from September 2012 to last month that it has experienced a health data breach. PressTelegram.com reports that it was an internal employee who compromised the data, but there are no details as to how they breached the information. The organization only referred to the Long Beach Police Department when asked about the employee
Anonymous exposes details of FEMA contractors as payback (SC Magazine) Hundreds of Federal Emergency Management Agency (FEMA) contacts had their information accessed and leaked late Wednesday following a breach for which hacker group Anonymous took credit
Why help desk employees are a social engineer's favorite target (CSO) Help desk staffers, by the very nature of the position's title and name, are too helpful; and that makes them a perfect target for a social engineering criminal
Cloud Security Risks Lurk In Big Data Projects, Auditor Says (CRN) The Cloud Security Alliance and other organizations have outlined the potential risks with cloud computing. Experts told CRN that an abundance of improper cloud deployments offers potential business opportunities to solution providers in the channel
Does NSA know your Wi-Fi password? Android backups may give it to them (Ars Technica) EFF technologist says "back up my data" exposes users' data to government spies. If you're using Google's "back up my data" feature for Android, the passwords to the Wi-Fi networks you access from your smartphone or tablet are available in plaintext to anyone with access to the data. And, as a bug report submitted by an employee of the Electronic Frontier Foundation (EFF) on July 12 suggests, that leaves them wide open to harvesting by agencies like the NSA or the FBI
Security Patches, Mitigations, and Software Updates
Vendors patch security vulnerabilities within 3 weeks (Help Net Security) High-Tech Bridge Security Research Lab released its statistics on web application security for the first half of 2013. The statistics is based on HTB Security Advisories that are released on a weekly
Tumblr Patches its iOS App After Password Vulnerability (Inforsecurity Magazine) A brief statement from Tumblr late on Tuesday confirmed that its iPhone and iPad apps had been updated to patch "an issue that allowed passwords to be compromised [sniffed] in certain circumstances."
Infonetics Anticipates Steady Growth in DDoS Prevention Appliance Market (eSecurity Planet) According to Infonetics' new DDoS Prevention Appliances report, global DDoS prevention appliance revenue grew 30 percent in 2012 to $275 million, and is expected to maintain a 25 percent compound annual growth rate from 2012 to 2017
Report: Markets at risk due to cyberattacks against exchanges (CSO) Survey finds more than half of the world's financial exchanges fell victim to some kind of cyberattack in the last year
One in five UK businesses hit by DDoS attack in 2012 (Telegraph) DDoS is a type of cyber attack where multiple compromised systems – which are usually infected with a Trojan – are used to flood a single system with so much traffic that it crashes. In 2010 the technique was famously used by 'hacktivist' group
Cyber Terror Is the New Language of War (Huffington Post) Hardly a day passes without reading or hearing about another cyber attack against some target in the United States. Cyber terror is now the new language of war that we understand only vaguely. We know that more and more of our daily lives revolve
British business under attack by cyber-espionage operations (The Information Daily) The UK is only just beginning to realise how vulnerable our critical IT systems are to cyber attack, with an increase in organisations seeking insurance and security. The United Kingdom confronts an attack from up to 70 sophisticated cyber-espionage
Prolexic's Latest DDoS Attack Report (MarketWatch) Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012, are just two of many findings contained in the company's Quarterly Global DDoS Attack Report, which was published today
Cyber security spending in critical infrastructure to hit $46 billion (Help Net Security) The digitization of critical infrastructures has provided substantial benefits in terms of socio-economic developments — improved productivity, better connectivity, greater efficiencies
Email security: Perception vs. reality (Help Net Security) When it comes to email security in the workplace, 98 percent of employees believe they demonstrate either equally secure or more secure behaviors than their colleagues. SilverSky's study examines
US retains spamming crown (Help Net Security) Sophos has published the latest "Dirty Dozen" of spam relaying countries, covering the second quarter of 2013. As the US retains the top spot among spam-relaying countries, Belarus makes a significant
Infographic: Utilities traffic makes up close to 18 percent of mobile data usage in North America (FierceMobileIT) Did you know that utilities traffic makes up around 18 percent of the total mobile data usage in North America
Where and How am I at Risk in Today's Cyber Environments? (SecurityWeek) Ask a management team if cyber security is important to them and you'll get an immediate affirmative. In fact, many will tell you that security is one of their top priorities as an organization. Most can back up these claims by stating how much they've invested in security solutions in recent years and by what percentage of their IT teams are dedicated to improving cyber awareness and security across the enterprise. Ask them however for specifics on how and where they are at risk and you are likely to get some blank stares coming back at you
UK to probe Huawei staff's role at cybersecurity centre (BBC) The news follows a report by parliament's intelligence committee which raised concerns that staff working at the base in Oxfordshire were employed by the Chinese firm
Private spying company hosts conference for NZ intelligence community (New Zealand Herald) One of the world's largest private sector spying companies is funding a conference-and-cocktail gathering of the cream of the New Zealand intelligence community. But spy bosses won't say whether they contract the company in case its staff are "targeted by foreign intelligence agencies"
Why Crowdstrike's focus on attackers and active defense polarizes infosec pros (PandoDaily) I've been writing this story forever it seems, trying to arrive at a reasonable version of the truth. I've been sworn to secrecy, and have had so many off-the-record conversations I'm tempted to just leave part of this page blank as a symbolic defacement of my own work – a lulz by me, on me
US cyber security firm to create 400 jobs here (Irish Independent) It is also a testament to our talented and flexible workforce," he said, adding that the Government was "committed to working" with companies like Symantec to bring more jobs here. Symantec's senior vice president for its operations in Europe, the
FireEye Uncovers Seven Zero-Day Vulnerabilities in First Half of 2013 (Broadway World) FireEye, Inc., the leader in stopping today's new breed of cyber attacks, today announced that the company has discovered seven zero-day
Senate Appropriations subcommittee markup would boost NIST spending (FierceGovIT) A Senate Appropriations subcommittee marked up July 16 a spending bill for the coming fiscal year that would fund the National Institute of Standards and Technology with $948 million, an amount approximately $14 million more than in the White House proposal
Navy NGEN contract under protest (FierceGovIT) Computer Sciences Corp. and Harris Corp. have protested the Navy's $3.45 billion contract award under the Next Generation Enterprise Network to incumbent HP Enterprise Services
Unisys Wins $460M to Maintain CBP Software Systems (GovConWire) Unisys Corp. (NYSE: UIS) has won a $460 million contract to operate and maintain software systems for the Customs and Border Protection agency
Navy Selects 13 for $900M Cyber, C5ISR IDIQs (GovConWire) The U.S. Navy has awarded 13 contracts worth up to $899,543,400 combined over five years for cyber equipment and services
Parsons-Internet Society Team Aims to Protect Domain Names (ExecutiveBiz) Parsons Corp. and the nonprofit organization Internet Society are partnering to deploy domain name system security extensions worldwide with the goal of protecting Internet infrastructure
Dell $24.4 Billion Buyout Plan Is a Nail-Biter as Vote Looms (Bloomberg) When Michael Dell announced a plan in February to take Dell Inc. (DELL) private, today was supposed to be anticlimactic -- the day when shareholders would easily bless the buyout of the computer maker he founded 29 years ago
Gregory Crawford, Mark Maybury Appointed MITRE Natl Security Center VPs (GovConWire) Gregory Crawford and Mark Maybury have been appointed vice presidents at MITRE Corp.'s Center for National Security. Crawford will serve as VP of programs and technology while Maybury will assume the roles of VP and chief technology officer, MITRE said Wednesday
Elliott Broidy Offers Homeland Security Experience as Newly Appointed Chairman of Threat Mitigation Company (Sacramento Bee) Threat Deterrence LLC, a recently formed company designed to provide threat mitigation services, has turned to a Homeland Security Council alumnus as its first Chairman. Elliott Broidy, an investment manager and philanthropist based in Los Angeles, has been appointed by Secretary Michael Chertoff. He is the President and founder of Broidy Capital Management. Elliott Broidy has a private industry and national defense background, which cinched the appointment as Threat Deterrence will serve business as well as sovereign nation clients
Products, Services, and Solutions
Defense Information Systems Agency Approves Brocade's 100 GbE (Converge Digest) The Defense Information Systems Agency (DISA) has approved the Brocade MLX and MLXe 100 Gigabit Ethernet (GbE) networking solutions to be added to the Unified Capabilities - Approved Products List (UC-APL), which tracks products that have completed Interoperability (IO) and Information Assurance (IA) certification. The newly certified Brocade networking solutions can be deployed by Department of Defense (DoD) agencies
New Check Point 13500 Appliance Combines Multi-Layer Data Center Security With Market-Leading Performance (MarketWatch) Check Point® Software Technologies Ltd., the worldwide leader in securing the Internet, today announced the launch of its 13500, the first in a new line of 13000 Appliances designed specifically to expand the company's data center network security offerings. The 13500 Appliance delivers blazing-fast security performance with 23.6 Gbps of real-life firewall throughput, 5.7 Gbps of real-life IPS throughput and 3,200 SecurityPower(TM) unit (SPU) rating
Anti-virus Cost Comparison (Opposing Views) In 2012, security firm Panda Security estimated that as many as a third of all computers worldwide are infected with some type of virus or malware
Modulo updates its Risk Manager solution (Help Net Security) New Modulo Risk Manager Version 8.2 features the first release of the new Enterprise Risk Management (ERM) module, as well as delivers over 150 product enhancements to the Business Continuity Management
Rapid7 updates Metasploit, Mobilisafe and Nexpose (Help Net Security) Rapid7 announced new innovations for its risk assessment and management portfolio. This simplifies remediation, testing and communication of security program performance to the organization
Microsoft COO: We Have 'The Most Secure Platform On The Plane' (CRN) Turner was basing this claim, at least in part, on data that security vendor Secunia released in March. It showed that 86 percent of vulnerabilities found
Bitdefender Mobile Security Update Now Identifies MasterKey Exploits (BWW) Bitdefender has issued an update to the Bitdefender Mobile Security & Antivirus suite and the Antivirus Free for Android to fight off an Android exploit uncovered last week by security researchers from BlueBox Security
BitTorrent Sync is cloud without risk (VentureBeat) In these days of NSA snooping and built-in backdoors, do you really want your entire digital life in the cloud? That's one of the key reasons that BitTorrent has launched BitTorrent Sync, a way to help you manage your personal files in a cloud-like Dropbox-ish way, without the threat of government surveillance
Sitefinity update adds basic DAM capabilities (FierceContentManagement) Sitefinity's latest release includes what they are calling light-weight digital asset management capabilities that they hope will help business users who deal with a lot of digital content
New Apperian governance tool gives IT control over enterprise apps (FierceContentManagement) Apperian recently released a governance and security tool that enables IT pros to apply policies and security to enterprise mobile apps
Technologies, Techniques, and Standards
What Every End User Should Know About Online Security (Dark Reading) What your end users don't know about security could hurt your business. Here are some tips that may help
Blog Spam — annoying junk or a source of intelligence? (Internet Storm Center) Can blog spam be of any real use to security teams? Here's my take on turning a piece of what some consider internet background noise in to information ripe to becoming actionable intelligence. I get waves of blog spam – comments that posted to a blog site advertising someone else's wares (including links to malware!), services or attempts to increase search engine rankings – to my small corner of the internet at infrequent cycles. To many of my fellow blog owners this is a source of constant annoyance, but for me I get a little, gleeful smile and promptly dump the user agent , body text (extracting any embedded URLs), and posting IP address in to my pile of "all things to observe and search on"
Meet Tor, The Military–Made Privacy Network That Counts Edward Snowden As A Fan (Huffington Post) When the U.S. Navy created Tor, a software that enables people to use the Internet anonymously, it didn't envision someone like Edward Snowden. Quite the opposite: military programmers originally built the software in the mid-1990s to support government spying operations
The Latvians have invaded LinkedIn. Can the NSA be far behind? (IT World) In the new surveillance state, who you know -- or somebody thinks you know -- is more important than who you are. Unlike most sane people, I spend a lot of time fretting over LinkedIn. More specifically, I think about LinkedIn's People You May Know feature. How does LinkedIn know I may know these people? What do my alleged connections say about me? And just where is LinkedIn getting its information? I have deep suspicions, but no proof
Dynamic data analysis trumps static analysis (FierceBigData) Analyzing static data is a lot like looking in a rear-view mirror--you can clearly see where you have been and you can even make an educated guess about what lies ahead. If, for example, you look back and see if the road is curvy or straight, odds are the road ahead is much the same. However, that is only a guess and if that guess is wrong or simply off a bit, you can crash your car
NIST closer to critical infrastructure cybersecurity framework (CSO) Recent workshops gained feedback to be used for preliminary draftwork
Quantum Dawn 2 will test Wall Street's cyber readiness (Computerworld) The exercise, being coordinated by the Securities Industry and Financial Markets Association (SIFMA), will involve about 50 organizations, including large financial firms, exchanges, the U.S. Treasury Department, the Department of Homeland Security and
Major Chain Loses PCI Compliance When Data Center Moves (StoreFrontBacktalk) One of the nation's 15 largest retail chains had done a tremendous job segmenting its network to reduce the scope of its PCI assessment. All of that was thrown away, though, during a simple data center transition, when Networking made a security change but no one ever bothered to tell senior IT management, writes PCI Columnist Jeff Hall. Late last year, the chain decided to move its data center from an in-house facility to a purpose-built data center campus in another part of the United States. The goal is to gain additional raised floor space, energy efficiency and to avoid significant natural disaster risks with the location of the existing data center
There is a lot more to metadata than you know (Tripwire) We have been hearing a lot about metadata the last few months thanks to the revealing of NSA surveillance tactics and partnerships
How Can We Put an End to the Mass Java Exploit Era? (SecurityWeek) An exploit kit is a framework that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that can be invoked through the browser. These kits can be obtained on the cyber black market, where they are sold or rented
Research and Development
Cyber-security firm Cylance works to read hackers' minds (Los Angeles Times) Cylance, an Irvine cyber-security firm, is focused on creating an artificial intelligence system capable of blocking future threats
Fragility of entanglement no bar to quantum secrets (New Scientist) Entanglement, a quantum link between disparate objects, can enable ultra-secure cryptography, but even a slight jostle can destroy it, so systems that rely on it are not always useful in practice. Or so it seemed. A few years ago Jeffrey Shapiro, also
NSA and DHS Honor NOVA for Excellence in Cybersecurity Education (Virginia Connection Newspapers) Local students interested in a career in cyber security now have an academic option that has been lauded by the National Security Agency and the Department of Homeland Security. The agencies designated Northern Virginia Community College as a
Where are the kid coders? Not in U.S. schools (InfoWorld) United Kingdom becomes latest country to teach programming to kids as young as 5; will United States rise to the challenge? If you plan to help your kids with their homework in the future, better start boning up on your programming skills now. (And you thought new math was hard!
Legislation, Policy, and Regulation
Everything is relevant to terrorism, argues intelligence community (FierceGovIT) To find a needle in a haystack, you need an exact copy of the haystack, was the essential argument presented by intelligence community officials during a July 17 House Judiciary Committee hearing about National Security Agency collection of telephone metadata records. James Cole, a deputy attorney general, said that all metadata records are relevant "to the extent to that you need all of that information in order to do the query"
Lawmakers threaten to curb National Security Agency's authority (Fayetteville Observer) In a heated confrontation over domestic spying, members of Congress said Wednesday they never intended to allow the National Security Agency to build a database of every phone call in America. And they threatened
We need to develop cyber weapons fast – before our enemies turn them on us (Telegraph) I praised Edward Snowden when he first came forward. It was necessary to reveal the level of overreach at the NSA and our own GCHQ. Prism and the tentacles of the state are creeping into every aspect of our personal communications; that's something we should be worried about. As is the level of collusion between the security services and Silicon Valley. But as Snowden yoked himself to Putin's Russia and prostrated himself before any authoritarian regime that might take him, my enthusiasm cooled
How the US government uses information from spying on foreign companies (Quartz) There's no longer doubt that the US government spies on foreign multinational corporations as well as governments, thanks to the disclosures by former National Security Agency contractor turned international fugitive Edward Snowden. The NSA vacuums up mountains of classified information from a rich array of sources. The CIA assists by launching digital "black bag" operations aimed at manually penetrating the computer systems of some of the world's largest foreign multinationals
Trust me with your secrets (Help Net Security) For little over a month, revelations about NSA wiretapping schemes have been hitting the news and and rattling the world
Congressional Picks for DHS Head Include Backers of Mass Surveillance (NextGov) To fill the top job running the Homeland Security Department after Secretary Janet Napolitano steps down, lawmakers on the House Homeland Security Committee are suggesting individuals who have supported programs similar to National Security Agency digital surveillance initiatives. Napolitano is leaving DHS in September to lead the University of California
Putin: Snowden must not damage relations with US (The Seattle Times) Putin: Snowden must not damage relations with US. National Security Agency leaker Edward Snowden could leave the transit zone of a Moscow airport after Russian authorities review his asylum request, his lawyer said Wednesday. The Associated Press
DHS Puts its Head in the Sand (Schneier on Security) On the subject of the recent Washington Post Snowden document, the DHS sent this e-mail out to at least some of its employees
Admiral Calls To Bolster Sub Commanders' Autonomy (Lexington Herald-Leader) It sounds like the premise of a Tom Clancy novel: A cyberbattle is fought to a draw, leaving U.S. submarines to continue fighting with limited contact to headquarters. But the three-star admiral in charge of the Navy's submarine force says the scenario is all too possible, and he is calling for a renewed emphasis on the independence ingrained in skippers during days of more primitive technology
Litigation, Investigation, and Law Enforcement
Lawyer for NSA leaker Edward Snowden hopes he will leave Moscow airport in days (Washington Post) A lawyer for Edward Snowden, who gave journalists secret documents describing the National Security Agency's surveillance operations, said Wednesday that the former contractor could soon leave the Moscow airport where he has been living for weeks
NSA: Harm to national security caused by Snowden disclosures is unknown (Washington Post) A top National Security Agency official says the disclosures by NSA leaker Edward Snowden could be very harmful, but it is too early to tell whether he has already damaged U.S. national security. Deputy Director John C. Inglis says it's
Apple, Facebook, Google, Microsoft ask President Obama for more PRISM transparency (VentureBeat) A coalition of some of the world's biggest tech firms have banded together to send an open letter to President Obama and the U.S. Congress asking for transparency on the NSA's surveillance programs, including PRISM
California Attorney General releases breach report (CSO) In the first report of its kind, California's Attorney General, Kamala D. Harris, had revealed that 2.5 million people — roughly 6.5 percent of the state's population — were exposed by data breaches in 2012
For a complete running list of events, please visit the Event Tracker.
AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, Aug 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information Assurance professionals from Tinker AFB are looking forward learning about the latest cyber security trends and best practices, networking with peers, and sharing remediation strategies.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
EAGB Summer Quarterly Webinar (Webinar, Jul 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore: State of the Market Report. The EAGB is pleased to welcomespecial guest Karl Gumtow, Co-Founder and CEO of CyberPoint International, to discuss trends in the Cyber Security market and the future of the industry.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.
AFCEA Global Intelligence Forum (Washington, DC, USA, Jul 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence Community can play in helping to ensure free and secure cyberspace operations -- from setting requirements, to collecting and analyzing data, to delivering insights and recommendations. In the end, the discourse will look at where industry can partner with the government to provide cyber situational awareness, indications, and warning. Eugene Kaspersky will deliver the keynote. As of July 17, twenty-five seats remain available.
International Conference on Cyber Security (New York, New York, USA, Aug 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit, is an unparalleled opportunity for global leaders in cyber threat analysis, operations and law enforcement to coordinate their efforts to create a more secure world. With the number of cyber threats escalating worldwide, the need for comprehensive security analysis, assessment, and actions has never been greater. Join those working on the front-lines of secure cyber networks at ICCS for the opportunity to learn useful knowledge and share critical intelligence on issues shaping the future of cyber security.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security Training Conference, CSTF is set to convene from Tuesday August 6, 2013 to Wednesday, August 7, 2013 at the DoubleTree by Hilton, Colorado Springs, Colorado.CSTF 2013 will bring together cyber experts from the DoD, federal government, business, research, and academia to address: the latest DoD and government cyber policies, remediation strategies and best practices, the growing impact, and evolution, of cyber threats and how to continue to protect and defend the Global Information Grid (GIG), mobility strategies, cloud & virtualization advancements, and emerging technologies. This will be accomplished through a number of in-depth cyber sessions, hands on live demonstrations, the yearly cyber challenge and government and industry exhibits. Don't miss this educational, and cost effective, cyber event in Colorado Springs, CO..
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.