The CyberWire Daily Briefing 01.25.13

Summary

By The CyberWire Staff

Czech antivirus company Avast fingers Chinese security services in the recent series of waterholing attacks that exploited Java and Internet Explorer vulnerabilities. Their attribution is based mainly on the nature of the attacks' targets: most victims share an antipathy to the Chinese government. Defense IQ publishes an analysis (or "deconstruction") of last year's Shamoon attack on Aramco. The analyst claims that Saudi dissidents and not Iran were behind the campaign, but his argument seems speculative and circumstantial. (Note that both attributions rely more on inference of intent than on any technical features of the exploits.)

Barracuda products are found to contain a backdoor that opens users' networks to compromise. (Barracuda promptly issues firmware updates to remediate the vulnerability.)

In industry news, Belkin is acquiring Cisco's Home Networking Business Unit, Microsoft and Dell continue to talk about taking Dell private, and Lenovo considers making an offer for RIM. Concerns about SCADA vulnerabilities have security and industrial control firms looking for new ways to close them. One of the biggest players in the sector, Siemens, may begin offering bug bounties. Wired's piece on Twitter's plans to introduce six-second videos offers an interesting study in how constraint can foster creativity.

Australia's opposition decries what it sees as a lack of detail in the Prime Minister's Cyber Security Center plans. (In recent elections both major parties competed in their toughness on cyber security.) California releases its mobile app privacy guidelines.

US prosecutors advance their case against hackers allegedly behind the Gozi banking fraud malware.

Notes.

Today's issue includes events affecting Australia, Austria, China, Czech Republic, France, Iran, Latvia, Romania, Russia, Saudi Arabia, United Kingdom, United States.

Selected Reading

Cyber Trends

IntraLinks Survey Finds Widespread Company Concerns Over Insecure File Sharing And Collaboration (Dark Reading) More than 90% of companies feel vulnerable as employees risk sharing sensitive documents outside of the firewall

Internet's Pace Of Innovation Will Force The Data Center To Open Up (TechCrunch) More hardware will open up — it's inevitable. Hardware in the data center is no exception. Hardware in the data center is no exception. As Tim O'Reilly said in his keynote at the Open Compute Summit, innovation in the data center is critical for keeping up with the Internet's pace of innovation. A first step is opening the hardware so people can hack it and adapt it to the data that flows at an

Survey finds most CIOs left behind in big data wave (Fierce Big Data) One can't make sense of disparate data sets if data isn't being collected in the first place. That's where 76 percent of CIOs find themselves in this new rush to perform big data analytics, lacking the data to analyze, according to a new survey by consulting firm and professional services provider Robert Half Technology

Big data overhype can't slow it down, Ovum says (Fierce Big Data) Many critics of both the terminology and the technology of big data won't like to hear this, but their negativity campaign has not slowed the big data train, according to Ovum. Market perception remains strong

Beware: The Black Hats are coming to data science (Fierce Big Data) The Internet has flourished despite the openness and foundation of loose consensus that both enables it and makes it vulnerable, said Alistair Croll, founder of Solve for Interesting and host at O'Reilly Media, in a Webcast this week. But big data is about to raise the bar of vulnerability and the more successful big data becomes, the more serious the threat to its integrity. "Big data is the Layer 8 protocol. It is where humanity's rubber meets technology's road and it has great power, but demands great responsibility. And it presents a great deal of risk unless we do it right," Croll said

Getting out in front of the Black Hats (Fierce Big Data) There doesn't seem to be any doubt in the minds of experts, at least those who spoke on O'Reilly's Webcast this week on Data Warfare, that the Black Hats are coming. Big data needs to brace for, prepare for and try to mitigate the inevitable carpet bombing it is about to take from nefarious abusers of technology

Legislation, Policy and Regulation

Top politician slams EU cybersecurity plans (NetworkWorld) The European Commission's promised cybersecurity strategy is "incoherent and lacking in focus," a member of the European Parliament who has read a draft of the proposal charged Thursday. The Cybersecurity Strategy is due to be published in the coming weeks, but leaked draft copies have been circulating in Brussels, prompting Sophie in't Veld, a Dutch member of the European Parliament, to comment that, based on what she has read of it, "there doesn't seem to be any real strategy.""It looks like almost every Directorate General [department] in the Commission wanted to write its own bit of the strategy. It bothers me that all these different policy areas are being lumped together in one document

Cyber Security Centre funding lacks detail: Opposition (Computer World) Plans to build an Australian Cyber Security Centre (ACSC) have been slammed by the Opposition for containing few details about how the ACSC will be funded or staffed. According to Shadow Minister for Defence, Science, Technology and Personnel Stuart Robert, Prime Minister Julia Gillards announcement was more about appearances than substance."There were no details about the costs involved, required funding, how many more public servants will be hired and no indication as to who will even be responsible for running the Centre, he said in a statement.

California AG Releases Mobile App Guidelines; Industry Responds (infosec island) California Attorney General Kamala Harris released a set of recommendations titled Privacy on the Go directed toward the mobile app industry that seeks to educate the industry and promote privacy best practices. The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines

Senate Democrats propose tentative cybersecurity bill (Fierce Government IT) In what may be a placeholder action, a handful of Democratic senators led by West Virginia Sen. John Rockefeller (D) introduced Jan. 22 a new bill on cybersecurity. The bill (S. 21) doesn't propose action per se but calls on the legislative branch to affirm through a "sense of Congress" a number of creeds. Among them are that there should exist mechanisms for sharing cyber threat and vulnerability information between the government and the private sector, and that the two should develop a system to "assess cyber risk and prevent, detect, and robustly respond" to attacks against critical infrastructure

Products, Services, and Solutions

BeyondTrust Releases PowerBroker For Windows 5.5 (Dark Reading) PowerBroker for Windows 5.5 includes advanced analytics and reporting capabilities

Seccuris Launches Cloud-Based Information Security Service (Canada NewsWire) Seccuris Inc., today announced the release of its new OneStone Information Assurance Portal service, a transformative offering developed

RSA introduces disaster recovery and crisis management solution (Help Net Security) RSA, the Security Division of EMC, introduced two additions to its RSA Archer product suite designed to help customers meet ever changing and comprehensive business continuity, disaster recovery

Infoblox unveils new solutions for security, availability and automation (Help Net Security) Infoblox announced new products enable organizations to manage the demands put on their networks by BYOD, cloud computing, migration to IPv6 and the evolving cyber-threat landscape

Security intelligence solutions for mobile technology providers (Help Net Security) Webroot announced the availability of a portfolio of internet security solutions that give mobile technology providers – from carriers to device manufacturers to mobile device management (MDM) companies

New Cisco certifications validate Video-Voice-over-IP skills (Help Net Security) Highlighting the increasing use of high-quality video traffic over the network, Cisco announced the release of the Cisco CCNA Video and Cisco Video Network Specialist certifications

Technologies, Techniques, and Standards

Avoiding IAM's Biggest Blunder (Dark Reading) Leaving orphan accounts enabled due to poor deprovisioning processes leaves organizations open to fraud and makes it impossible to prove chain of custody. Poorly handling user accounts when people leave an organization or are fired is one of the most common and dangerous identity and access management (IAM) mistakes enterprises make today. Business process flaws, departmental silos and a lack of automation all stand in the way of streamlining this so-called deprovisioning process. And when organizations don't get a handle on the orphan accounts left behind by an ineffective deprovisioning process, they leave themselves open to fraudulent account use and a lack of visibility that will make regulatory auditors howl

SCADA Security 2.0 (Dark Reading) Siemens will consider whether or not to offer a bug bounty program as security experts look at new approaches to tackling SCADA security woes. No one disputes that there's a dire need for major change in addressing serious gaping security holes in SCADA/industrial control systems (ICS) today. Frustrated with the inertia associated with blatantly insecure SCADA/ICS systems in production at power plants and other sensitive operations in the U.S. and around the globe, security experts are now rethinking how to fix the SCADA/ICS security problem

Air Force software turns warplanes into wireless routers in the sky (IT World) A software upgrade called Net-T effectively turns U.S. military aircraft into giant airborne wireless routers, allowing ground forces to share information with each other and with their allies overhead

Active Defense Drives Attack Costs Up (Threatpost) While every corporate general counsel, CIO and anyone with a CISSP will tell you that hacking back against adversaries is illegal and generally a bad thing to do, there are alternatives that companies can use to gain insight into who is behind attacks, collect forensic evidence and generally confound hackers, perhaps to the point where they veer away from your network

CISO Challenges: The Build vs. Buy Problem (infosec island) In part 1 of this 2-part series we discussed a few things including when to decide whether to outsource or build in-house your security-related activities... this post continues by answering the question of what to outsource and how to know you're making the right decisions for the business... What to Build, What to BuyThe big question is what to outsource and what to keep in-house on your own expertise. While the question of when you should outsource depends heavily on talent, time, and priority, the question of what to outsource depends on 3 lightly overlapping questions

Video: Practical exploitation of embedded systems (Help Net Security) This video from Hack in The Box conference is an in-depth exploration of the reverse engineering and exploitation of embedded systems

Top five hurdles to security and compliance in industrial control systems (Help Net Security) For many decades, Industrial Control Systems (ICS) have been the operational systems relied upon to safely and reliably deliver the essentials of daily life

To Mark Data Privacy Day, AnchorFree CEO Offers 5 Online Privacy Tips to Protect You and Your Family (MarketWire) 11 Million Americans Are Victims of Identity Fraud Each Year; This Data Privacy Day, AnchorFree Advises How Not to Be One of Them. This Data Privacy Day on Monday, January 28th, AnchorFree is joining forces with the National Cyber Security Alliance to offer some simple tips and tools to empower consumers to protect their online privacy. "Americans are twice as likely to be victims of identity theft than they are to have their homes broken into," said David Gorodyansky, founder and CEO of AnchorFree, maker of Hotspot Shield, one of the world's most popular online privacy tools. "We spend billions every year on keeping our homes safe, yet relatively few are even aware of the growing threats they and their families face every time they go online." Every year, more than 11 million U.S. adults are victims of identity fraud

Marketplace

Debt Limits, General Dynamics, & Beyond: Defense Industry Braces For Sequester (AOL Defense) While the House has voted to extend the debt limit to May, the automatic federal spending cuts called sequestration still loom $90 billion large, half that bill for the Pentagon alone. Yet, as fourth quarter earnings calls begin, the defense industry and its stock values remain remarkably resilient

TSA looking to expand analytics war chest (Government Computer News) The big data company said its "server-based and mobile investigations software" was chosen by a branch of TSA's Information Assurance & Cyber Security

Mobility stymied in Pentagon by signal dead spots (Fierce Government IT) The spread of mobile devices throughout the Pentagon can face a basic obstacle: no signal. Tom Sasala, chief technology officer for the Army Information Technology Agency, said during a Jan. 23 conference that in his underground Pentagon office, his cellphone "hits what I call about half a bar--just enough to tell it that it can connect, but not enough for it to actually do anything, so it's completely useless." He spoke at the 2013 Federal Mobile Computing Summit in Washington, D.C

Cybersecurity: the 19,413-person industry in Md. and Baltimore, in 4 graphs (Technically Baltimore) A study released Thursday that analyzed some 340,000 cybersecurity jobs at 18,000 companies across the U.S. confirmed something we already know: Maryland, and Baltimore in particular, is a cybersecurity hub. (Not to be confused with a tech startup hub.) According to the first Maryland Cyber Jobs Report, 19,413 jobs in cybersecurity exist in this state, with more than 13,000 of those in Baltimore city. As Technically Baltimore has reported, GovWin has also placed the number of cybersecurity jobs in the Baltimore region above the 13,000 mark

Belkin to acquire Cisco's home networking business (Help Net Security) Belkin has entered into an agreement to acquire Cisco's Home Networking Business Unit, including its products, technology, Linksys brand and employees. "We're very excited about this announcement"

Another Potential Suitor For RIM As Lenovo Ponders An Acquisition (TechCrunch) Research In Motion is once again the target of a rumored acquisition. Lenovo's CFO Wang Wai Ming said in an interview with Bloomberg at the World Economic Forum meeting in Davos that the Beijing company is eyeing the BlackBerry maker as a potential acquisition target or strategic alliance partner. The news comes less than a week after RIM CEO Thorsten Heins told German newspaper Die Welt

4 Ways Microsoft-Dell Deal Could Benefit IT (InformationWeek) A common question following reports that Microsoft might invest upward of $1 billion in Dell's potential deal to go private has been: What's in it for Microsoft and Dell? Their business customers -- and the IT pros that keep them up and running -- would probably rather know: What's in it for us? There should be little risk to Microsoft and Dell shops, Forrester senior analyst David Johnson predicted in an email to InformationWeek. "I don't see any negative side of this for customers of either Microsoft or Dell yet, but we'll know more should it come to fruition," he said

KPMG Appoints HHS Vet John Teeter Managing Director in its Advisory Practice (Govconwire) KPMG LLP has named John Teeter a new managing director in its advisory practice, according to a Wahington Technology article. In his new role, Teeter will be responsible for assisting clients with health IT issues and serving in the company's health and human services practice. He was associate deputy assistant secretary for IT and deputy chief information officer

Lockheed Promotes Sondra Barbour to IS&GS EVP (Govconwire) Lockheed Martin (NYSE: LMT) has promoted 26-year company veteran Sondra Barbour and 13-year company veteran Rick Ambrose to the executive vice president ranks, the company said Thursday. Effective April 1, Barbour will serve as EVP for the information systems and global solutions business unit and Ambrose will hold the same title for the space systems

Accenture to Build Defense Contract Mgmt IT System (Govconwire) Accenture's (NYSE: ACN) federal business has won an eight-month contract to design an information technology system for the Defense Contract Management Agency to mange contracting activity, the company said Thursday. The company said it will focus on analytics, work flow and streamlining reporting with the goal of helping the DCMA address reviews that require manual

Hudson's Corero Seeks Sales Growth With New CEO (Worcester Business Journal) Corero Network Security (CNS), which got it first official CEO just 17 months…and capabilities of cyber-attack entrepreneurs and hacktivists," he said

Research and Development

11 Body Parts Defense Researchers Will Use to Track You (Wired Danger Room) If the latest crop of biometric systems work as advertised, they may be able to identify you without you ever knowing you've been spotted, with more accuracy, and from farther away. Here are 11 projects

Data storage meets DNA (Fierce Big Data) DNA may store the blueprints for life, which is amazing itself, but it just might be used in the future to solve another huge storage problem: the world's growing output of data. In the journal Nature this week, it was reported that scientists have successfully stored and retrieved, in a fragment of DNA--with 99.9 percent accuracy--Martin Luther King Jr.'s "I Have a Dream" speech, as well as a copy of Francis Crick and James Watson's scientific paper from 1953 on the double helix DNA structure and Shakespeare's 154 sonnets

Security Patches, Mitigations, and Software Updates

Barracuda Networks confirms exploitable backdoors in its appliances (Help Net Security) Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions

Cyber Attacks, Threats, and Vulnerabilities

China Accused Of Java, IE Zero Day Attacks (InformationWeek) Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says. Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving attackers direct access to the system, including all stored data

Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia (Softpedia) United States officials have insisted on numerous occasions that the Shamoon malware, the one used in the cyberattacks against Saudi Aramco, is the work of Iran. However, new evidence suggests that it could be the work of an extremist Islamist group based in Saudi Arabia. US authorities have said that a malware developed by amateurs couldnt have damaged around 30,000 computers, as Shamoon has done in the case of Saudi Aramco

'Backdoor' root log-ins found in Barracuda security, networking gear (ZDNet) A 'super-user' root-access account has been found in a number of Barracuda security and networking products, which may allow hackers to easily access company networks, albeit if their attacks are launched from a specific set of IP addresses. An Austrian security firm has warned of undocumented "backdoor" root log-ins to a number of Barracuda Networks' products, which could leave networks and data centers vulnerable to unauthorized access, data theft, or network hijacking

Web server hackers install rogue Apache modules and SSH backdoors, researchers say (Computer World) A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri said Wednesday in a blog post."I saw some SSHD [SSH daemon] backdoors in the past in very small scale or part of public rootkits, but not like this one," Daniel Cid, Sucuri's chief technology officer, said Thursday via email. "They do not only modify the ssh daemon, but every ssh binary (ssh, ssh-agent, sshd) and their main goal is to steal passwords

Do programmers understand the meaning of PRIVATE? (Naked Security) You've probably heard of public-key cryptography, because it's the basis of HTTPS, the system that puts the padlock in your browser. The mathematical detail behind public-key crypto is a little abstruse, but you don't need to be a mathematician to understand the principles that make it work

PSA: Don't upload your important passwords to GitHub (Ars Technica) The same goes for private SSH keys and other sensitive credentials

Press News UK Breached, 665 Login Credentials leaked by JokerCracker (Hack Read) The JokerCracker hacker has hit another site, this time has breached into the site of Press News UK (thepressnews. co. uk) and leaked 600+ login account information of admin, staff and daily users. The breach was announced by the hacker himself on his official Twitter account, while the data was left for pubic on Pastebin

The tactics behind a spear phishing attack (SC Magazine UK) Marketing tactics have changed. Marketers now target each individual customer, just like Amazon's recommendations page. Criminals have learnt the same lesson as phishing emails are no longer sent to thousands of people

Crapware Won't Crap Out (Slate) The horrifying persistence of annoying, privacy-invading, unwanted software. For a few years now, I've been expecting to write an obituary for crapware. Or not an obit, exactly—I was hoping to dance on its grave. Crapware is the annoying software that worms into your computer without your knowledge. You can get it when you buy your PC—software companies pay PC makers to install the stuff on new machines—or when you download some ostensibly useful program from the Web. You might download Adobe's Flash player, say, and only later discover that the installer also larded up your computer with a dubious "PC health check" program that tries to scare you into paying to "repair" your machine

Letter to Skype: Come Clean on Your Eavesdropping Capabilities and Policies (Slate) Every day, people across the world use Skype to communicate. But after the popular chat service refused to comment on whether it could eavesdrop on calls last year, security and privacy concerns have been mounting

Cyber criminals exploit Barack Obama in Twitter attacks (Herald Sun) Beware of tweets about Obama, the Australian Open and gun control this month - internet security experts say they're the top three buzzwords currently being used by cyber criminals to lure victims on social media. And keep an eye out for posts mentioning the Super Bowl, Playstation 4 and The Ashes, topics predicted to be popular with canny cyber crims throughout 2013

Napolitano warns of risk of major cyber attack (Newsday) Homeland Security Secretary Janet Napolitano on Thursday warned that a major cyber attack is a looming threat and could have the same sort of impact as superstorm Sandy, which knocked out electricity in a large swath of the Northeast

Litigation, Investigation, and Enforcement

Pentagon Watchdog Clears Darpa in Ethics Probe (Wired Danger Room) The Pentagon's blue-sky research agency is a classic revolving door between government and business. But an ethics review finds that it's not handing out contracts in a sleazy way

Feds Pile On More Charges Against Anonymous Agitator Barrett Brown (Wired Threat Level) Barrett Brown, a self-proclaimed spokesman for Anonymous, has been hit with new charges by authorities in Texas for concealing evidence

Cyber-Crime Ring Targeted U.S. Bank Accounts, Feds Say (Compliancex) A cyber-crime case brought by U.S. prosecutors in New York may add to the fears of anyone who banks online. The charges against three foreign nationals a Russian, a Latvian and a Romanian allege they were involved in creating and distributing a computer virus that infected more than 40,000 computers in the United States in an effort to steal customers bank-account data and other information. The so-called Gozi virus led to the theft of unspecified millions of dollars, court documents say

Twitter ordered to identify authors of French racist tweets (IT Proportal) A French court has ruled that Twitter must hand over data about users who posted racist or anti-Semitic tweets. The social network must comply with the court's ruling "within the framework of its French site," the AFP reported."We are currently reviewing the court's decision," a Twitter spokesman said. At issue are tweets posted last fall with the hashtags #UnBonJuif (a good Jew), #SiMonFilsEstGay (if my son is gay), and #SiMaFilleRamneUnNoir (if my daughter brings home a black guy)

Design and Innovation

Why Experts Think Twitter's 6-Second Videos Could Be Huge (Wired Business) Academics say the six-second constraint imposed by Twitter's new video system could unleash an unpredictable flurry of creativity

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.

Data Privacy Day (Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy Day (DPD), is collaborating with many educational institutions, corporations, government and non-profit organizations across the world to make Data Privacy Day on January 28th a success. Data Privacy Day is an international day of awareness to educate everyone to respect privacy and safeguard personal information.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.

North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.