The CyberWire Daily Briefing 07.26.13

Cyber Trends

The rise of sophisticated malware (Infosecurity Magazine) A recent Enterprise Strategy Group (ESG) research study focused on advanced malware protection and detection. The study revealed that enterprise organizations are seeing an increase in more sophisticated malware and are making it a strategic priority to add new layers of endpoint security to protect their organizations against advanced zero-day and polymorphic threats commonly used for targeted attacks

Executives lack confidence in their cyber security (Help Net Security) More than two-thirds of executives are concerned their companies will not be able to stop such threats, and one in five say their biggest concern is not knowing whether an attack is underway, according to ThreatTrack Security

Enterprises gain an 'F' grade in protecting themselves against cybercrime (ZDNet) In the light of increasing and sophisticated cyberattacks, are enterprise systems up to the challenge of defending themselves? According to new data released by security firm Malwarebytes, the Enterprise Strategy Group (ESG) research study, enterprises are responding to the emergence of more sophisticated malware -- and although adding strategic security layers is now often a priority, many businesses are still ill-equipped to protect systems

Interview: Iron Mountain's policy lead on confusion, inconsistency and double standards in information management in Europe (ITProPortal) ITProPortal interviewed Christian Toon from information storage and management company Iron Mountain, to discuss the results of a pan-European report by the firm and PwC which explored the state of information risk in mid-market businesses across Europe

The impact of weak threat intelligence on organizations (Help Net Security) A new Ponemon Institute study, which includes a survey of more than 700 respondents from 378 enterprises, defines what "live threat intelligence" is; how global enterprises are using it defend against compromises, breaches and exploits; and the financial damage that slow, outdated and insufficient threat intelligence is inflicting on them

Security experts Bruce Schneier and Mikko Hypponen on the NSA, PRISM and why we should be worried (TED) As Edward Snowden is linked to one country after the next, the media has its eye fixed on where he will next request asylum. (Today, it's Russia.) Meanwhile, back at US headquarters, as NSA officials speak in a House Judiciary Committee hearing, the agency is still doing what it's doing. To get more information on exactly what that means, the TED Blog wrote to two security experts, Bruce Schneier (watch his talk) and Mikko Hypponen (see his talk), to ask them about what it is we should be worried about. Turns out, pretty much everything

Cybercrime costs the US $20 billion each year. Or $70 billion. Or maybe $140 billion (Quartz) Studies that estimate the effects of any particular activity on the economy often shout out headline numbers and then spend a lot of time explaining the methodology used to calculate that figure

Legislation, Policy and Regulation

India moves to tackle cybersecurity concerns (Khabar South Asia) The country is looking to further safeguard its economy and important institutions from online hackers with collaboration among public and private entities

A Bipartisan Warning On Surveillance (New York Times) Lawmakers have given the Obama administration a bipartisan warning: patience is growing thin with its expansive and unwarranted surveillance of Americans

Spy Agencies Under Heaviest Scrutiny Since Abuse Scandal Of The '70s (New York Times) On three fronts interrogation, drone strikes and now electronic surveillance critics inside and outside Congress have challenged the intelligence establishment, accusing officials of overreaching, misleading the public and covering up abuse and mistakes. With alarm over the threat of terrorism in slow decline despite the Boston Marathon attack in April, Americans of both parties appear to be no longer willing to give national security automatic priority over privacy and civil liberties

'The Time Has Come' To Protect Your Phone Records (USA Today) Most fights in Congress these days are disturbingly partisan, but not all. This week, 94 Republicans and 111 Democrats found something on which they could agree that the government's intrusive program to seize and keep phone data on tens of millions of Americans should end

A Hasty And Drastic Overreach (USA Today) Members of Congress on both sides of the aisle recognize the value of the Foreign Intelligence Surveillance Act (FISA) and the significant role it plays in protecting our country from those who want to harm us

Lawmakers defeat anti-bulk metadata collection amendment (FierceGovIT) Lawmakers defeated a proposed amendment to the fiscal 2014 defense appropriations bill that would have restricted the bulk collection of telephone metadata records in a vote that privacy advocates say nonetheless expresses growing skepticism with an aggressive interpretation of the Patriot Act

The Most Fascinating Votes on the Failed NSA Amendment (Slate) The roll call of the Amash amendment vote is up here, and a quick glance reveals a few groups and patterns

Roberts's Picks Reshaping Secret Surveillance Court (New York Times) The recent leaks about government spying programs have focused attention on the Foreign Intelligence Surveillance Court and its role in deciding how intrusive the government can be in the name of national security. Less mentioned has been the person who has been quietly reshaping the secret court: Chief Justice John G. Roberts Jr

Court Would Hear Opposing Views In Spy Cases (Yahoo.com) The new plan by Rep. Adam Schiff, D-Calif., would force the Foreign Intelligence Surveillance Court to hear both sides of classified cases

Cyber Law Must Focus on Voluntary Standards, Industry Says (Main Justice) Thursday's hearing focused on the partnership between industry and government to…Meanwhile, the Department of Homeland Security will be promoting the

DAA introduces mobile self-regulation guidelines to help protect consumer privacy (FierceCMO) The Digital Advertising Alliance, a consortium of media and marketing associations that says the industry would be better off policing privacy itself rather than adopting any current legislation being proposed, is directing its self-regulation standards to the rapidly growing mobile ad industry. The group released mobile guidelines designed to protect consumer privacy

Maryland and Estonian Civilians Take Up Arms Against Hackers (NextGov) Estonian Ambassador Marina Kaljurand said a close parallel to her nation's cyber reserve is the new Maryland program. Maryland has started a volunteer netwarfare squad that the Estonian ambassador likens to her country's groundbreaking civilian cyber reserve, which was assembled after neighboring Russia allegedly shut down the former Soviet state's Internet access in 2007

EU reevaluating data sharing agreement with US in wake of NSA leaks (Ars Technica) "Safe Harbor" tries to bridge gap between EU and US data privacy laws. In a two-page written response to formal complaints filed last month by Austrian students, Ireland's top data protection office said Thursday that Apple, Facebook, and other tech companies with Irish offices have met their obligations with respect to European Union (EU) law--despite all the newly disclosed PRISM and National Security Agency (NSA) related surveillance

David Cameron's internet porn filter is operated by Huawei (Quartz) The filtering system promoted by Britain's prime minister to protect sensitive eyes from the horrors of internet pornography is run by the controversial Chinese technology company Huawei, according to the BBC, in partnership with the UK telecoms provider TalkTalk

CIO council outlines privacy implications of social media use for situational awareness, operations (FiercGovIT) Beyond simply broadcasting information or promoting their mission, agencies can use social media for situational awareness and for mission operations, but there are privacy issues agencies must consider, says the Federal Chief Information Officers Council

Cyber Espionage Against India And Its Challenges, Solutions And Defences (Ground Report) If we analyse the Cyber Attacks Trends against India for the past few years it would be apparent that the frequency and sophistication of these Cyber Attacks has increased and developed a lot. The Cyber Attack by the Chinese Crackers at the computers in the Prime Minister's Office (PMO) of India in December 2009 is one such example

Products, Services, and Solutions

Solera Networks enhances advanced threat protection (Infosecurity Magazine) Solera Networks introduced the Blue Coat ThreatBLADES, making it possible for enterprises to protect against and resolve advanced targeted attacks

Bit9 Introduces enterprise Mac security (Infosecurity Magazine) Business users are driving demand for Macs across the enterprise. Until now, the few enterprise security products available for the Mac were dependent on malware signatures and behavioral patterns, which makes them ineffective against today's advanced threats and targeted attacks. Organizations and analysts are concerned that Macs now represent a growing vulnerability in the enterprise

IBM Expands Security Portfolio with QRadar Vulnerability Manager (eSecurity Planet) You've got lots of tools all scanning for security issues—but what do you do when you find them? Security in a modern enterprise is a complicated multi-headed beast. Many organizations have multiple layers of tools to keep the beast at bay by detecting vulnerabilities, but few have tools to manage

Verizon Creates Public Security Database (Light Reading) One of the most effective ways to fight cyber-attacks is through the open sharing of information. This is why Verizon, as a leading voice in the

Onapsis Further Empowers Information Security Professionals to Protect Their SAP Platforms at Black Hat USA (BWW) Onapsis Inc., the leading provider of solutions to assess and protect ERP systems from cyber-attacks, today announces extended support to the Information Security community by showcasing a new version of Onapsis X1 and hosting a SAP Security Training at Black Hat USA. With the growing concern in the market regarding increasing cyber-threats to SAP Platforms, Onapsis continues to empower Security professionals with cutting edge education and SAP-certified products to mitigate these threats, helping them protect their organizations from espionage, sabotage and financial fraud attacks

HBGary launching new cyber-security software (Sacramento Business Journal) It shows what has been fixed and what hasn't been fixed," said Ken Silva, president of ManTech Cyber Solutions International Corp. Inc., which owns HBGary

Technologies, Techniques, and Standards

How well does "defense in depth" really work? (NSS Labs) "Defense in depth," or the layering of multiple security products is a commonly employed security strategy and best practice. Central to the concept of layered security is the idea that attacks that are able to bypass one layer of security will eventually be caught by a subsequent layer of security

Red Team Testing: Debunking Myths and Setting Expectations (Cyberwarzone) The term "cyber" seems to be overused in every corner of the information security industry. Now there is a new buzz phrase in computer security, "red team engagements." Supposedly (to get "cyber" on you), you can have a red team test, and it will help move your organization in the correct "cyber direction." But what is red team testing really? And what is it not? In this post I'll try to make some sense of this potent term

Seeking answers with NAC (SC Magazine) Corporate bring your own device (BYOD) growth is prompting enterprises to take a closer look at their networks and their approach to security. As this initiative grows, along with the increased need for keeping the network and its data secure, more IT professionals are reconsidering network access control (NAC). In fact, a recent Ogren Group research report titled "Network Access Control: A Strong Resurgence is Underway" estimates the NAC market has grown to $392 million (£254 million) in 2012 and will sustain a strong 22 per cent CAGR through 2017, taking the market to more than $1 billion per year

Information Security Isn't just About Computers — Be Careful When Talking To Strangers (SecurityWatch) With the economy how it is and more people having to be in the work force for longer hours it can seem like work is all that you are about. You might have other interests but you spend so much time at work that you do not have time to do them! All you can do is go to work, watch a little bit of TV when you get home, and then go to sleep to get ready for work the next day. With this kind of schedule it is understandable that so many people can only think about work related topics when they are with their friends. Since it is the thing that takes up most of your life you are most likely going to want to talk shop with other people

Better Bug Bounties Mean Safer Software, More Research Demand (Dark Reading) Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness. The addition of new bug bounty programs and research showing their effectiveness will improve software security, raise the awareness of the importance of secure development, and create a more mature market for freelance security research, say vulnerabilities experts

A Couple of SSH Brute Force Compromises (Internet Storm Center) One common and stupidly simple way hosts are compromissed is weak SSH passwords. You would think people have learned by now, but evidently there are still enough systems with root passwords like 12345 around to make scanning for them a worthwhile exercise. As a result, one of my favorite honeypot tools is kippo, and we have talked about the tool before. I figured it is a good time again to write a quick update on some recent compromises

Critics urge end of passwords, but alternatives not ready for prime time (CSO) FIDO Alliance is one hopeful that Google has joined, but until passwords are replaced security experts suggest using password managers

How to Fail at Black Hat (Threatpost) Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. But fear not, Threatpost has your back

Help a sysadmin: Common ground for security professionals and system administrators (Naked Security) A natural conflict often arises between System Administrators and the Security team. So how can you make a sysadmin happy today? Despite the conflicting priorities, look a little deeper and you'll find plenty of shared goals

How to avoid a social engineering attack at Black Hat and Def Con (CSO) Some of the world's most skilled social engineers and hackers head to Las Vegas next week for Black Hat and Def Con. Heed these nine tips and avoid becoming a victim yourself while at the events

Chipotle Aims High But Misses Low on Twitter (LinkedIn) One of the earliest definitions I heard about marketing spoke of building relationships with customers and prospective customers. But sometimes it feels like we are far from that, especially in social media

NIST plans to extend grant to NSTIC organization (FierceGovIT) The Identity Ecosystem Steering Group, which through a grant is overseeing the implementation of the National Strategy for Trusted Identities in Cyberspace, will not simply dissolve in November, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology

Can The NSA Really Track Turned-Off Cellphones? (InformationWeek) It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated

Marketplace

DHS to set up "cybersecurity shop" for govt agencies (Help Net Security) The US Department of Homeland Security has been tasked with setting up a centralized shopping hub to which all the other US federal, state and local agencies us to get the tools and expertise for all their cyber security needs

GDNexus™ Releases First Need Statements Connecting Customers with New Capabilities (MarketWatch) Need Statements offer new business opportunities in the government space for technology providers registered with GDNexus

Juniper Partners Have Mixed Feelings Over CEO Johnson's Departure (CRN) Juniper partners are expressing a range of reactions to the unexpected departure of Juniper CEO Kevin Johnson this week

Dell committee wants founder to bid even higher (FierceFinance) Ever since the Dell special committee came out in favor of the proposal put forward by founder Michael Dell and partner Silver Lake, it has seemed the two sides were teammates, jointly battling Carl Icahn and other dissidents. But the committee and the founder may be starting to slide farther apart. The committee has been openly suggesting for weeks that Michael Dell needs to hike its offer. Now, in the wake of the sweetened offer, it wants even more

Tactical military satellite comms need hardening, says CSBA study (FierceGovIT) Increasing military use of satellite communication for tactical operations means the Defense Department should create a new tier of protected space systems, says the Center for Strategic and Budgetary Assessments's Todd Harrison

Research and Development

Emergency Alert Study Reveals Metadata's Better Side (IEEE Spectrum) Scientific studies of anonymized cellphone-call information find potential public safety benefit

Cyber Attacks, Threats, and Vulnerabilities

#opIslam: Israeli hackers initiate Operation Islam (Cyberwarzone) #opIslam is an operation that has been initiated by the hacking group IsraeliElite. The hackers are going to launch the operation on the 26th of June. The Israeli hackers are asking the world to assist #opIslam in the fight against cyber terrorism

Threat of New Cyberattacks Against Banks Met with Shrug (American Banker) They're back. The Izz ad-Din al-Qassam Cyber Fighters are threatening banks with a new wave of distributed denial-of-service attacks

Massive cyber attack against Maduro's Venezuelan government (Miami Herald) From the stock market to the army, the air force and the national guard, web pages of almost a dozen Venezuelan state institutions were hacked by groups of

Possible cyber–attack on Turkey's Istanbul Atatürk Airport passport control system (Balkans.com Business News) The passport control system was locked at Istanbul Atatürk Airport's International departure terminal due to an alleged cyber-attack on July 26. Passengers stood in lines for hours and plane departures were delayed

Multiple Vulnerabilities in Symantec Web Gateway (Infosecurity Magazine) A security advisory issued today reports that multiple critical vulnerabilities were discovered in Symantec's award winning Web Gateway Appliance 5.1.0 in February 2013. These vulnerabilities allow attackers to take complete control of the appliance

From cruise offers to banking Trojans, SMS spam clogs channels (CSO) 'Over-the-top' services used to disguise text spam campaigns by sending a few messages from many phone numbers

Apple hack exploited with new phishing campaign (ZDNet) In order to make sure a phishing campaign works, the victim has to believe an email is legitimate. It's no surprise that the Apple security breach is the latest event to be taken advantage of

Intercessors for America Hacked (eSecurity Planet) 9,885 users' e-mail addresses and clear text passwords were leaked online. Members of Anonymous recently breached the Web site of Intercessors for America, which describes itself as a "group of like-minded people who recognized the need for God to intervene in U.S. governmental and cultural issues"

Simple Machines Website Hacked, Database Stolen (Softpedia) Representatives of Simple Machines, the provider of the open source community forum platform, reveal that their website has been hacked. The breach took place on July 20, but it was discovered only on July 22

Skrillex site defaced by infamous penguin hacker (The Verge) A hacker has taken down Skrillex's website, replacing it with the same page that was used in a widespread attack last year. Back in November 2012, the Turkish hacker "Eboz" targeted over 280 Pakistani domains, including the official sites of Apple, Microsoft, and Google in a massive DNS hack. The Skrillex attack, then, represents a change of pace for Eboz

Don't fall for 'Man of Steel' or 'Fast and Furious 6' free screening alerts on social media (Emirates 24/7) These movies, along with Iron Man 3, World War Z and After Eart are among hackers' pet baits

#Alert! #Facebook scam emails that will lead you to #Blackhole EK (162.216.18.169, GoDaddy/Linode) (MalwareMustDie) Note: I wrote this post as a quick note to raise this threat's awareness, a warning note for Facebook users; Thus a PoC to be used as verdict for shutdown purpose of the related domain and IP, so I am sorry if you did not find any deep analysis this time

Citigroup Acknowledges Massive Data Breach (eSecurity Planet) The bank mistakenly exposed the personal data, including birthdates and Social Security numbers, of 146,000 customers who had filed for bankruptcy

Haunted by the Ghosts of ZeuS & DNSChanger (Krebs on Security) One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing

New Trojan could create headaches for banks, customers (ComputerWorld) With the major developers of banking malware laying low, a new crook on the block has emerged gunning to be top dog in the market. The developer's new malware is called KINS, and he's selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is

Microsoft: 88 Percent of Citadel Botnets Down (Threatpost) Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques

OVH hack prompts calls for tigher system admin security controls (ITProPortal) The multi-stage cyber attack carried out against web hosting giant OVH has prompted calls for firms to tighten up security access to privileged accounts

Malware Evasion Techniques Dissected at Black Hat (Threatpost) Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis

Somebody's Watching You: Hacking IP Video Cameras (Dark Reading) Major holes in network video recorders (NVRs) could result in a major physical security and privacy FAIL

Car-hacking researchers hope to wake up auto industry (Phys Org) Computer geeks already knew it was possible to hack into a car's computerized systems and potentially alter some electronic control functions

Demonstration of cyber attacks planned (Upstream Online) Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry, according to a report

Key industries remain vulnerable to cyber raids (Arab News) Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry

Academia

McAfee teaches online safety to over 15,000 children in SEA (ComputerWorld) McAfee recently announced that its Online Safety for Kids programme in Southeast Asia has reached over 15,000 children to date. The free programme has been running for over a year in local schools across Malaysia and Singapore

Rose State College Cyber Security in Oklahoma City Now Offers Online Degree Option (BWW) Rose State College in Oklahoma City, the only community college in the country teaching all six federal cyber security certifications, is now offering a degree completely online

Litigation, Investigation, and Enforcement

Russian security agency FSB talking with the FBI over ‪#‎Snowden‬ (Cyberwarzone) Resources have provided the news that the Russian security agency FSB is currently talking with the FBI about the Snowden situation. A Kremlin spokesman said that he is sure that Edward Snowden - one of the ex-NSA contractors will stop harming the United States when he is granted asylum in Russia

Pfc. Bradley Manning's Trial Comes To An End As The Government Alleges He 'Aided The Enemy' (TechCrunch) While the world has become fixated on the NSA's domestic and foreign surveillance activities in the past months, the trial of Private First Class Bradley Manning is coming to a close. Concluding arguments were heard today. The government, as BoingBoing notes, is trying to convict Manning using the Espionage Act, and slap him with the charge of 'aiding the enemy.'

Poker player who won $1.5 million charged with running Android malware ring (Ars Technica) Contact-stealing Android malware allegedly used to fuel $3.9M spam operation

Feds Identify the Young Russians Behind the Top U.S. Cyber Thefts in Last 7 Years (Wired) Four Russians and one Ukrainian have been charged with masterminding a massive hacking spree that was responsible for stealing more than 160 million bank card numbers from companies in the U.S. over a seven-year period

U.S. agents 'got lucky' pursuing accused Russia master hackers (Reuters) The two Russians arrested in what prosecutors call the largest online fraud case brought in the United States were caught through a combination of high-tech tools, dogged detective work and sheer luck

Man falls for FBI "ransomware" attack, turns self into cops for possessing child porn (SC Magazine) A Virginia man, who believed a trojan scam on his computer was legitimate, essentially turned himself in to police and now faces child pornography charges

DoJ Accused of Illegally Withholding Info on Clandestine Cellphone Surveillance Tool (Slate) In the aftermath of recent revelations about secret NSA surveillance programs, the Justice Department is coming under renewed pressure to release information about a controversial cellphone tracking device. In a new Freedom of Information Act lawsuit filed in California earlier this month, the DoJ is accused of illegally withholding a trove of records related to a clandestine tool known as the "Stingray." The Stingray is a portable transceiver that sends out a signal that tricks all cellphones within a targeted area into hopping onto a fake network. The spy device, sometimes also described as an "IMSI catcher" or a "digital analyzer," is used by law enforcement agencies to covertly track down suspects. The FBI claims that it uses the device only to monitor the location of individuals and not to eavesdrop on text messages and phone calls. However, every time Stingrays are used, they inadvertently collect identifying data from all phones within a targeted radius--including those belonging to innocent bystanders--which is why civil liberties groups allege that they disproportionally violate privacy

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Regional Cyber Security Forum & IT Day (CSFI) - Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall.

NSA Hawaii - Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 31, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

Growing Maryland's cybersecurity industry: Technical.ly Baltimore Meetup (Baltimore, Maryland, USA, July 30, 2013) Join Technically Baltimore in at CyberPoint International on July 30 for a presentation about Maryland's rapidly expanding cybersecurity industry -- and how the Baltimore region's broad, general technology community can become better partners with the state's cyber sector. Local cyber experts, company founders, university faculty and Maryland state officials will be on hand to talk about what the next steps are in making Maryland the cybersecurity "epicenter," as Maryland Governor Martin O'Malley said at the 2012 CyberMaryland conference.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

AFCEA Global Intelligence Forum (Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence Community can play in helping to ensure free and secure cyberspace operations -- from setting requirements, to collecting and analyzing data, to delivering insights and recommendations. In the end, the discourse will look at where industry can partner with the government to provide cyber situational awareness, indications, and warning. Eugene Kaspersky will deliver the keynote. As of July 17, twenty-five seats remain available.

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit, is an unparalleled opportunity for global leaders in cyber threat analysis, operations and law enforcement to coordinate their efforts to create a more secure world. With the number of cyber threats escalating worldwide, the need for comprehensive security analysis, assessment, and actions has never been greater. Join those working on the front-lines of secure cyber networks at ICCS for the opportunity to learn useful knowledge and share critical intelligence on issues shaping the future of cyber security.

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security Training Conference, CSTF is set to convene from Tuesday August 6, 2013 to Wednesday, August 7, 2013 at the DoubleTree by Hilton, Colorado Springs, Colorado.CSTF 2013 will bring together cyber experts from the DoD, federal government, business, research, and academia to address: the latest DoD and government cyber policies, remediation strategies and best practices, the growing impact, and evolution, of cyber threats and how to continue to protect and defend the Global Information Grid (GIG), mobility strategies, cloud & virtualization advancements, and emerging technologies. This will be accomplished through a number of in-depth cyber sessions, hands on live demonstrations, the yearly cyber challenge and government and industry exhibits. Don't miss this educational, and cost effective, cyber event in Colorado Springs, CO..

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information Assurance professionals from Tinker AFB are looking forward learning about the latest cyber security trends and best practices, networking with peers, and sharing remediation strategies.

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.

Resilience Week 201 (San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.

Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.

National SCADA Conference (Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.

First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, August 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.

SANS Thailand 201 (Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.

Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.

Human Cyber Forensics Forum (Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.

The CyberWire Daily Briefing for 7.26.2013