The CyberWire Daily Briefing for 10.3.2013

Cyber Attacks, Threats, and Vulnerabilities

Iranian cyber warfare commander shot dead in suspected assassination (Telegraph) The head of Iran's cyber warfare programme has been shot dead, triggering further accusations that outside powers are carrying out targeted assassinations of key figures in the country's security apparatus

Hindustan Times Hacked, Data Leaked (Softpedia) The website of the popular Indian English-language newspaper Hindustan Times has been hacked and defaced by a hacker calling himself Silent Hacker

Public Works Department India website hacked with several Indian Govt Sites (Hackers Post) H4x0r HuSsY, famous for hacking Indian govt sites hit again. This time The official website of Public Works Department, Punjab with 10 other Indian Govt sites hacked by H4x0r HuSsY. Anatomy of the attack on the Indian server is unknown. The hacked sites belongs to different name servers. Two weeks before, Indian BioResource Information Network was hacked by the same hacker

Behind the South Korean Government DDoS Attacks (Threatpost) In the last few years, there have been a series of DDoS attacks and intrusions on government networks in South Korea that have resulted in the loss of untold amounts of data. The four attacks haven't been linked together or attributed to the same attackers, but there are some similarities in the methods and results

Security Vulnerability in Django Could Allow Attackers Access to Cookies (Threatpost) Web app framework Django contains a vulnerability that puts session cookies at risk, but the group in charge has decided not to patch the flaw, and instead warn developers about the problem

DDoS for hire vendor 'vertically integrates' starts offering TDoS attack capabilities (Webroot Threat Blog) DDoS for hire has always been an inseparable part of the portfolio of services offered by the cybercrime ecosystem. With DDoS extortion continuing to go largely under-reported, throughout the last couple of years — mainly due to the inefficiencies in the business model — the practice also matured into a 'value-added' service offered to cybercriminals who'd do their best to distract the attention of a financial institution they're about to (virtually) rob. Operating online — under both private and public form — since 2008, the DDoS for hire service that I'll discuss in the this post is not just offering DDoS attack and

ZeroAccess: The Most Profitable Botnet (F–Secure) In March of this year, researchers on Symantec's Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the world's largest botnets. But then... in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots

India has third highest infection rate of ZeroAccess botnet (Zee News) ZeroAccess, which is one of the largest known botnets in existence, has infected more than 1.9 million computers globally on a given day in August this year with India having the third highest infection rate after the US and Japan, cyber security firm Symantec has said

WordPress Attacks: Time To Wake Up (InformationWeek) The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites. I wrote a Security 101 story in light of this news — outdated WordPress sites are used to launch malicious attacks on other websites — it would go something like this: Use strong passwords. Stay current on software updates and patches. Educate employees on security risks and fundamentals. Use anti-malware tools and other technologies. Wash, rinse, repeat

Potential Ripples of Stretched Cyber Support During Shutdown (Nextgov) With electronic infrastructure still up and running despite the government shutdown, the lack of staff support in information security shops is likely affecting the government's ability to respond to cyber threats and attacks and creating potential ripple effects for cybersecurity going forward

Clapper: Temporarily Out Of Work Intelligence Analysts Pose A Special Risk (Business Insider) The government shutdown has "furloughed," or placed on unpaid leave, up to 400,000 government contractors, thousands of whom work in the government's military intelligence and espionage programs

Enterprises risk data theft from old laptops (FierceMobileIT) Many companies turn in their old laptops to the computer firm that sells them their new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay

Security Patches, Mitigations, and Software Updates

Google Updates Chrome 30 for 50 Security Flaws (eSecurity Planet) Google doubles the number of vulnerabilities it has fixed in new browser release. Google is out with its latest Chrome stable browser release, providing one of the highest security fix counts in the history of Google's popular open source browser. The Chrome 30.0.1599.66 release, available

Cyber Trends

NCUA's Matz urges CUs to examine cybersecurity in honor of October awareness initiative (Bank Credit News) In honor of Cybersecurity Awareness Month in October, National Credit Union Administration Chairman Debbie Matz urged credit unions on Monday to implement cybersecurity controls to protect against cyber threats

EU Cyber Security Directive Could Cost Organisations Billions (Broadway World) EU Cyber Security Directive Could Cost Organisations Billions A study from Tripwire and the Ponemon Institute has revealed that many of the world's largest

Hackers get past anti–virus software (GoErie) At a time when millions of computer users face increasingly sophisticated cyberattacks, the anti-virus software they rely on to keep their information safe frequently fails to do the job. Of 45 pieces of malware that lingered on the New York Times computer systems for a third of a year, just one was spotted by its anti-virus software, the newspaper disclosed in January. That same month, security company Kaspersky disclosed a global data-stealing scheme had evaded detection by anti-virus products for five years

Is wireless the Trojan horse in your network security? (Help Net Security) According to Roger Klorese of WatchGuard technologies, smartphones and tablets now account for about 25% of devices used for work in the US. Wireless, mobility and BYOD are all part of an unstoppable

Four Questions To Ask About Every Cyber Risk Report (Wall Street Journal) Verizon's 2013 Data Breach Report said most breaches are perpetrated by outsiders but the Global State of Information Security Survey 2014 said most of the responsibility lies with current and former employees. Ponemon Institute's 2013 study has yet another take: that human error and system problems are major contributors

Marketplace

Lockheed Martin Cyber Security Programs Achieve Significant Milestones (MarketWatch) Lockheed Martin LMT -1.49% achieved several significant cyber security accomplishments in slightly more than a year, solidifying the corporation's position as a leader in cyber security

Death of a Cloud: IBM Partner Nirvanix Files for Bankruptcy (Wired) The company behind IBM's storage cloud is indeed on the way out. Last month, Nirvanix — the San Diego, California company that powered IBM's SmartCloud Storage service — told customers and partners that it was shutting down on September 30

Northrop to lay off 52 employees in Reston (Washington Business Journal) Some contract maneuvering from a federal agency will force Falls Church-based Northrop Grumman Corp. to lay off 52 employees working in Reston. The company filed a layoff notice to the Virginia Workforce Network, saying that the employees from the Intelligence Systems division within the Information Systems segment will lose their jobs by Nov. 29. One of Northrop's contracts is coming to an end, confirmed spokesman Randy Belote, who noted that it was unrelated to the federal shutdown

CISO Interview: Richard Bejtlich (SYS-CON) This is an interview with Richard Bejtlich, Chief Information Security Officer at Mandiant- a major player in the industry leader helping organizations detect, respond to, and contain computer intrusion

So I'm the guy who sent the t–shirt out as a thank you. (Yahoo! Developer Network) So, I am the guy who started sending t-shirts as a thanks to people when they sent us a potential vulnerability issue. What an interesting 36 hours it has been :) Here's the story. When I first took over the team that works with the security community on issues and vulnerabilities, we didn't have a formal process to recognize and reward people who sent issues to us. We were very fast to remedy issues but didn't have anything formal for thanking people that sent them in

Bitdefender injects aggressive changes to Partner Program (Techday NZ) Bitdefender has dramatically overhauled its partnership program as the company continues to expand within the global security industry. Bitdefender COO

James Koenig Named Booz Allen Privacy, Health Cyber Lead (GovConWire) James Koenig, formerly a practice lead at PwC, has joined Booz Allen Hamilton (NYSE: BAH) to lead the firm's privacy and identity theft practice and cybersecurity in the commercial health market

Security Startups: Interview with CyberARM CEO and Co–Founder Shay Zandani (SecurityWeek) SecurityWeek: How did you start out in the computer field and in particular, security? Shay: My background is with "Mamram" - the Israel Defense Force's technical unit. Later, I joined the Israeli Air Force as a programmer where I worked as a team leader and officer. After a few years, I was asked to establish the information warfare department which, generally speaking, means using the enemy IT systems on the defense's behalf. At that time all this was strictly confidential, not like nowadays where there's an information warfare department, and counter cyber-attacks. After proving the team's capabilities, I was asked to establish the "Blue team" which focused on protecting the systems. When I left the army, I gained industry experience with several start-ups. At one of the startups, we established the first Trusted Third Party (TTP). Unfortunately, the idea was ahead of its time - we had a great technical success but it was a marketing failure. After that, I joined PricewaterhouseCoopers (PwC). At PwC I became the CEO of the Global Risk Management Solutions (GRMS) Group. I spent more than 10 years there, running their risk management and IT practices. I left 1.5 years ago to establish CyberARM

Catonsville startup Light Point relishes national attention (Baltimore Business Journal) Cyber startup Light Point Security is feeling the warmth of being in the spotlight. Catonsville-based Light Point has made it to the top five contestants in a Wall Street Journal startup competition that attracted 500 applications. The company still has to make it through two more challenges to win, but already Light Point is experiencing the benefits of being a winner. Investors, potential clients and media have been flocking to Light Point

Products, Services, and Solutions

General Dynamics Fidelis Cybersecurity Solutions Continues to Strengthen Threat Intelligence, Detection and Prevention (Hispanic Business) General Dynamics Fidelis Cybersecurity Solutions announced its flagship network security solution, Fidelis XPS, now includes a new application of YARA technology, a rule-based malware identification and classification tool, that will increase the real-time prevention of malware attacks by analyzing threats in network traffic. Arming customers with another innovative method to detect malicious traffic as it flows on the network, the continued enhancements to Fidelis XPS help customers reduce remediation costs by blocking malware before it enters the enterprise

McAfee Offers Solution to Remediate Advanced Malware (Wall Street Journal) A centralized, multi-protocol malware analysis model eliminates appliance sprawl and eases integration with existing technology investments. Unlike standalone

Trustwave Launches On'Demand Pen Testing Service (SecurityWeek) Trustwave has launched a new subscription-based, penetration testing service that lets businesses schedule, manage and adjust penetration tests through a cloud-based portal

Technologies, Techniques, and Standards

Identifying And Discouraging Determined Attackers (Dark Reading) Enterprises are finding ways to identify targeted attackers and give them fits. Here's how. George S. Patton said, "Nobody ever defended anything successfully — there is only attack and attack and attack some more." So, is it possible to strike back at your attackers? And more importantly, is it the sensible thing to do

Attacks On Volatile Memory Can Be Detected, Researchers Say (Dark Reading) In-memory attacks create processing delays that give hackers away, Triumfant research says. Elusive attacks on a computer's volatile memory can be detected through a detailed analysis of processor behavior, according to new research. Researchers at security vendor Triumfant have discovered that in-memory attacks create a significant delay in system calls that is typically beyond the normal variance of processing time. The ability to detect such attacks — which have generally eluded most security tools because they attack data that is not stored — could enable enterprises to interrupt the attacks before they can do any damage, Triumfant says

Who owns this website? That information may soon be "need to know" only (Quartz) The governing body that oversees the internet's naming system is considering wide-ranging changes to the way domain names are registered. The changes are designed to protect the privacy of people who own websites, but critics argue that such a move would make cybercrime harder to fight and possibly even stifle future innovation

8 tips for safer online banking (CSO) Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things

Penetration Testing With Honest–To–Goodness Malware (Dark Reading) Popular fiction usually dictates that the primary cyberfoe of big business is a young, nerdish, and exceedingly smart computer hacker with a grudge against practically anyone and everyone. It may be this particular cliched (and false) stereotype of a hacker that many business analysts and executives have, in turn, used as justification for testing the defenses of their organizations in a particular way. While some may supplement this image of a hacker with concrete bunkers filled with uniformed cyberwarriors if they feel worthy of state-initiated attacks, it is a sad fact that many of the methodologies currently employed by organizations to evaluate their tiered defenses are tired and dated

Incident Response Teams: The MVPs Of Your Cyber Defense (Part 1 of 4) (ThreatTrack CSO) A recent study by ThreatTrack Security illustrated an ongoing paradox for many CISOs. On one hand, nearly 70% of the C-level participants in the study said they're concerned their organization might not be as protected as it should be against malware, Advanced Persistent Threats and other cyber espionage tactics. Yet nearly half also admitted that they don't have an incident response team in place or use advanced malware analysis tools such as sandboxes to further protect their companies

What to Expect When You're NOT Expecting: 7 Steps of a Professional Forensic Investigator (infosec island) A bad day. You receive a letter from your favorite payment brand, which states that your organization has experienced a breach of Card Holder Data. A copy of the letter has also been forwarded to your merchant bank; as a courtesy. Typically you have a week to respond to their request to have a PCI Forensic Investigator (PFI) determine how the breach occurred. Notice that you are pretty much guilty until proven innocent, and to select your vendor of choice, you are directed to the PCI PFI list. Once you have chosen a vendor based on aligned interests and specialty, they'll get to work stepping you through to a report to the payment brands

Research and Development

Crowdsource Control (IEEE Spectrum) The idea of aggregating the opinions of online users to produce valuable results dates back to John Brunner's 1975 science fiction novel, The Shockwave Rider. Today, crowdsourced opinions are very much a fact of daily life

IBM research stakes its future on cognitive computing (ZDNet) IBM Senior Vice President John E. Kelly says the company has entered a new era in computing, and announces the company's plans for future partnerships

Academia

Carnegie Mellon Cyber Security Scholarships (Industrial Safety and Security Source) Seventeen Carnegie Mellon University (CMU) graduate students earned cyber security scholarships from the National Science Foundation, the Department of Homeland Security's CyberCorps Scholarship for Service (SFS) Program and the Department of Defense's Information Assurance Scholarship Program (IASP)

Legislation, Policy, and Regulation

Sen. Feinstein Claims The NSA Does Collect Phone Call Location Information, Contradicting The NSA (TechCrunch) Today Senator Feinstein stated that the NSA phone metadata program that collects records on the telephone calls of American citizens includes location information. Previously, head of the NSA, General Keith B. Alexander, stated that the NSA was not currently collecting call location data under the authority of Section 215 of the Patriot Act. It was left open that other authorization could allow

NSA Experimented With Cell Phone Location Tracking Program (TechCrunch) The National Security Agency experimented with a cell phone location tracking program in 2010, but eventually shelved the idea. Director of National Intelligence, James Clapper, declassified the program during a senate testimony today on Capitol Hill

NSA May Not Be Collecting Your Location Data From Telco Dragnet…Because It Gets It From Your GPS (techdirt) As we noted last week, Senator Ron Wyden has been repeatedly asking the intelligence community about whether or not they're tracking the location on any Americans, and the intelligence community has steadfastly avoided giving a straight answer (as they do). Specifically, he was asking about whether or not the NSA has in the past, or has plans to, get location data on Americans in bulk. The NSA's Keith Alexander did his "under this program" two step, in which he insists that they are not doing so under this program and at this time. That leaves open other programs and at other times

NSA Chief Denies Report on Social Network Spying (SecurityWeek) The head of the National Security Agency said Wednesday the secretive intelligence service does not compile data on Americans' use of social networks, dismissing a media report as "wrong." General Keith Alexander told a Senate hearing that a New York Times article "jumped to the conclusion this was done on Americans, that's not true."

Time to Split the Cyber 'Deep State' of NSA and Cyber Command (Huffington Post) Imagine if the commander of U.S. Pacific Command were the leading source of information on the Chinese military threat, had the ear of Congress on China policy, ran covert military operations against China, and could decide what information on China was classified. This perverse concentration of power is similar to where the United States has found itself on cyber policy. To restore balance, Congress and the president must ensure that new initiatives to control surveillance are more than just cosmetic by reforming America's current national security cyber organizations

NSA Hiring Civil Liberties Watchdog (Time) Whether or not the in-house overseer would be furloughed in a shutdown is not yet known. Times are tough for the US intelligence services these days, what with 70 percent of the intel workforce reportedly on indefinite furlough amid the government shutdown. Director of National Intelligence James Clapper is so concerned about the situation he warned

Barack Obama's SSL certificate, NASA and NIST among those to fall as government shutdown hits sites (Graham Cluley) Barack Obama's website may still be up and running, but no-one has paid for his SSL certificate to be renewed

Military Health System examines privacy, identity challenges (FierceHealthIT) As the U.S. Department of Defense and Veterans Affairs work toward an effective electronic exchange of healthcare records, issues of patient privacy and identity management remain

Cyber Failures in Obamacare Exchanges: Dangerous to Your Wallet and Privacy (Heritage) Yesterday marked the grand opening of the new Obamacare health insurance marketplaces, and the rollout did not go smoothly. Even more worrying is that these website errors are only the tip of the iceberg

Army CIO/G6 Susan Lawrence retires (FierceGovIT) Army Chief Information Office and G6 Lt. Gen. Susan Lawrence is leaving her position, posting a final message online on Oct. 1

Separate commands for spl ops, cyber security, space:IAF chief (Business Standard) The armed forces propose to set up three separate commands in the fields of special operations, cyber security and space, IAF Chief NAK Browne said

Litigation, Investigation, and Law Enforcement

How the feds took down the Dread Pirate Roberts (Ars Technica) The Dread Pirate Roberts, head of the most brazen drug trafficking site in the world, was a walking contradiction. Though the government says he raked in $80 million in commissions from running Silk Road, he allegedly lived under a false name in one bedroom of a San Francisco home that he shared with two other guys and for which he paid $1,000 a month in cash. Though his alleged alter ego penned manifestos about ending "violence, coercion, and all forms of force," the FBI claims that he tried to arrange a hit on someone who had blackmailed him. And though he ran a site widely assumed to be under investigation by some of the most powerful agencies in the US government, the Dread Pirate Robert appears to have been remarkably sloppy—so sloppy that the government finally put a name to the peg leg: Ross William Ulbricht

Lavabit got order for Snowden's login info, then gov't demanded site's SSL key (Ars Technica) Had e–mail provider given up key, all users' data would have been compromised. The American government obtained a secret order from a federal judge in Virginia demanding that Lavabit hand over its private SSL key, enabling authorities to access Edward Snowden's e–mail, and e–mail belonging to Lavabit's 400,000 other users as well. That sealed order, dated July 10 2013, was first published on Wednesday by Wired reporter Kevin Poulsen

Silk Road bust demonstrates feds penetration of Deepnet (CSO) Leader of website arrested by FBI, charged with conspiring to money launder and more

The Silk Road Shuts Down, But The Black Market Isn't Going Anywhere (Forbes) At 3:15PM Tuesday afternoon, the FBI arrested the alleged Dread Pirate Roberts, the operator of online black market site The Silk Road, at a public library in San Francisco

LOVEINT dominates NSA intentional misuse of surveillance powers (FierceGovernmentIT) Auditors from the National Security Agency say they know of 12 cases of intentional misuses of NSA surveillance powers that have been uncovered since Jan. 1, 2003

Tech firms' release of PRISM data will harm security — new U.S. and FBI court filings (Gigaom) The FBI and the US government say Google, Microsoft and other tech firms have no free speech right to declare how many data demands they receive under a controversial Foreign Intelligence Surveillance Act legal process

End Of The Silk Road: FBI Says It's Busted The Web's Biggest Anonymous Drug Black Market (Forbes) After two and a half years running the booming anonymous narcotics bazaar known as the Silk Road, the drug kingpin who called himself the Dread Pirate Roberts has allegedly been unmasked

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

NSU Hosts FBI Presentation on National Cyber Security Awareness (Fort Lauderdale, Florida, USA, Oct 3, 2013) GSCIS Hosts the Federal Bureau of Investigation (FBI) Special Agents special presentation on "National Cyber Security Awareness." RSVP at the link.

The Monktoberfest (Portland, Maine, USA, Oct 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.

Suits and Spooks NYC 2013 (New York, New York, Oct 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state aggressors in cyberspace. About twenty speakers will present briefings over two days on hackers, citizen militias, and other non-state entities operating in the Middle East, China, Russia, Pakistan, India, Iran, Africa, South America, the United States (yes - we have non-gov threat actors domestically), and other parts of the world. One of our panel moderators will be Joel Brenner (former National Counterintelligence Executive at the Office of the Director of National Intelligence and former Senior Counsel at the NSA).

Forensics and Incident Response Summit EU (Prague, Czech Republic, Oct 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to make the most of this event from attending the Summit to registering for one or more of the post-summit training classes taught by SANS' top-rated instructors and course authors. Additional events such as DFIR Netwars, evening talks and the SANS Community Night will be taking place during that week too. This event promises to bring together the leading minds in digital forensics and incident response in the EU, as well as many other practitioners from a wide cross section of industries and company sizes. You will be able to share with all of them your challenges and find out new solutions that work, techniques and approaches you didn't even know existed.

CyberMaryland 2013 (Baltimore, Maryland, USA, Oct 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for networking and idea sharing amongst the many cyber leaders and professionals across the country, including: federal, state and local government agencies, academic institutions, cybersecurity entrepreneurs, and industry leaders of research and development. CyberMaryland 2013 will address the biggest challenges facing America, including future innovation to meet the security challenges facing our country; collaboration across industry, government and educational institutions; and the development of a generation of cyber-warriors. Surrounding all of these issues is a constantly evolving business framework to provide efficient and effective solutions in a time frame that anticipates and mitigates current and future threats.

2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, Oct 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school, college, and professional. Orientation sessions for teams in each of three divisions -- high school, collegiate and industry and government professionals -- will be held at UMBC in July and August. Two qualifying rounds will be conducted online using SAIC's Cyber Network Exercise System.

AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, Oct 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo some of the latest cyber security and information technology products/services available today..

NSU's Raising Savvy Cyber Kids with Ben Halpert (Fort Lauderdale, Florida, USA, Oct 10, 2013) Ben Halpert is an award-winning author of several books for diverse audiences. The Savvy Cyber Kids At Home: The Family Gets A Computer (October, 2010) is a picture book that teaches the concepts of online safety and privacy to preschool children. The Savvy Cyber Kids At Home: The Defeat of the Cyber Bully (October, 2011) teaches children how to appropriately respond to a cyber bully before playing in the virtual world. All Savvy Cyber Kids books are available in English, Spanish, German, and French. For those in the business field, Ben has published Auditing Cloud Computing: A Security and Privacy Guide (July 2011) through John Wiley & Sons. RSVP at the link.

International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, Oct 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through cyber-enabled data mining and knowledge discovery, distributed and parallel computing, cyber security, cloud computing, pervasive computing, mobile computing, Internet, wireless networks, cognitive systems, cyber information process, information discovery, e-health via cyber network, e-science, web technology, and network performance and tools. The research and development in these areas have received extensive attention in both the academia and industry to provide ubiquitous services for users. Various hardware and software designs, algorithms, protocols, simulations, and test-bed, and implementations are developed for distributed computing in an interconnected and distributed network environment. The purpose of CyberC is to provide a forum for presentation and discussion of innovative ideas, research results, applications and experience from around the world as well as highlight activities in the related areas.

VizSec 2013 (Atlanta, Georgia, USA, Oct 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, Oct 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, Oct 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit topics will focus on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security..

SNW Fall 2013 (Long Beach, California, USA, Oct 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.

Hexis Exchange (Athens, Greece, Oct 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, Oct 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.

NSU Healthcare Cyber Security Summit (Fort Lauderdale, Florida, USA, Oct 17, 2013) In today's modern healthcare systems, data is everywhere, including sensitive patient data that needs to be secured and monitored. Join top healthcare security professionals from Nova Southeastern University, AccessData, and RSA to hear about current regulations that affect healthcare companies of all sizes, ways to protect sensitive data, and learn techniques to monitor access for suspicious activity. If you are responsible for the privacy or security of your company's healthcare data, you will benefit from presentations from these leading experts in the field. NSU's Chief Information Security and HIPAA Security Officer, John Christly, will examine the threats to the privacy and security of todays' modern healthcare operations. You will also hear from experts from AccessData and RSA on how to detect and prevent data breaches. RSVP at the link.

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, Oct 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.

Securing the Internet of Things Summit (San Francisco, California, USA, Oct 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.

Cloud Connect (Chicago, Illinois, USA, Oct 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, Oct 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, Oct 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.

Hack.lu 2013 (Luxembourg, Oct 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.

Joint Federal Cyber Summit 2013 (Washington, DC, USA, Oct 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.

NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, Oct 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security of information technology most of these products are not designed for the specific needs of small businesses. The techniques that will be discussed in the presentation are designed to address the most common threats encountered by small businesses without requiring significant expertise and expense. RSVP at the link.

BREAKPOINT 2013 (Melbourne, Australia, Oct 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.

Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.

RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.