The CyberWire Daily Briefing for 10.16.2013

Cyber Attacks, Threats, and Vulnerabilities

Israeli PM's Twitter account caught following Iranian porn Twitter account (HackRead) The official Twitter account of Israeli Prime Minister Benjamin Netanyahu was found following an Iranian porn Twitter account before unsubscribing Sunday morning, about seven hours after The Times of Israel broke the story. On sunday morning, the verified Twitter account of Israeli prime minister @Netanyahu started following around 90 Twitter accounts, mostly belonging to Israeli government and its embassies

No evidence that NSA hacked Dutch telcos, say MPs (ZDNet) Three Dutch ministers have published an open letter stating that, unlike Belgium's incumbent telco, KPN hasn't been targeted by foreign intelligence services. Unlike neighbouring Belgium, the Netherlands' networks haven't received the unwanted attentions of foreign intelligence services, the government has confirmed

Islamic Websites Hacked In Russia (Radio Free Europe/Radio Liberty) The Council of Russian Muftis says its websites have been attacked by hackers just as Muslims around the world celebrate the Eid al-Adha holiday, which marks the end of the hajj

Yet another Bitcoin accepting E–shop offering access to thousands of hacked PCs spotted in the wild (Webroot Threat Blog) The never-ending supply of access to compromised/hacked PCs — the direct result of the general availability of DIY/cracked/leaked malware/botnet generating tools — continues to grow in terms of the number and variety of such type of underground market propositions. With more cybercriminals entering this lucrative market segment, on their way to apply well proven and efficient monetization schemes to these hacked PCs, cybercrime-friendly affiliate networks naturally capitalize on the momentum, ensuring a win-win business process for the participants and the actual owners of the network. In this post, I'll highlight yet another newly launched such E-shop, currently possessing access to

Vulnerabilities Discovered in Global Vessel Tracking Systems (TrendLabs Security Intelligence Blog) Trend Micro researchers have discovered that flaws in the AIS vessel tracking system can allow attackers to hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts and even permanently disable AIS tracking on any vessel

Lessons learned from sinkholing the ZeroAccess botnet (Help Net Security) ZeroAccess (or Sirefef) is a piece of malware that is very adept at hiding its existence from users, and brings in huge sums of money to its masters by performing click-fraud and Bitcoin mining

Hackers take control of Internet appliances (Daily Record) The plundering of the Internet of Things has commenced. From a command center in a non-descript high-rise here in the heart of Silicon Valley, security start-up Norse has been gathering shocking evidence of hackers usurping control of Internet-connected appliances, everything from web cams to climate-control systems

Security vendor admits mistake in website take down (ComputerWorld) Rapid7 has acknowledged that it waited too long to take the security actions needed to prevent a pro-Palestine hacking group from taking down two of its websites by sending a fax to the sites' registrar. The group, called KDMS, sent the phony fax Friday to Register.com, requesting a change to the IP addresses associated with the URLs of Rapid7 and Metasploit. As a result, visitors to the sites' homepages were redirected to a politically charged message

Black Bloc Rising: Social Networks in Brazil (SecDevFoundation) Brazil was convulsed by massive digitally-enabled protests between June and August 2013. While largely peaceful, a militant anarchist group emerged during this period – the Black Bloc – which seized the public imagination. Although preoccupying media and policy makers, comparatively little is known about what Black Bloc is, where it comes from, or how it operates. This latest publication from the Open Empowerment Initiative considers the presence of Black Bloc in cyberspace. It focuses specifically on Facebook, the dominant social media platform used by more than 80 percent of Brazilian internet users

Analysis of a Malware ROP Chain (Open Security Research) Back in February an Adobe Reader zero-day was found being actively exploited in the wild. You may have seen an analysis of the malware in a number of places. I recently came across a variant of this malware and figured it would be nice to provide a little more information on the ROP chain contained within the exploit

Adobe Source Code Theft Unlikely To Cause Spike In Exploits (Dark Reading) Access to the firm's code for Acrobat, ColdFusion, and Publisher products will make flaws easer to find, but experts disagree whether exploitation will also be easier

Fraudware virus targeting Android users in China and South East Asia (Help Net Security) NQ Mobile has identified, "Copycat App," a new fraudware virus threat targeting Android users in China and several countries in South East Asia

Mass security breach of fast food payment systems in SA (My Broadband) Numerous fast food payment systems in South Africa fell prey to a malware infection which stole credit and debit card information of customers

ATM Malware: Sign of New Trend? (BankInfoSecurity) A group of ATMs in Mexico was recently targeted by a new malware strain known as Ploutus as part of an attack that allowed hackers to remotely manipulate the cash denominations the ATMs dispensed

Security experts recommend safeguards with Chrome personal data store (InfoWorld) Browser stores data, such as credit card numbers, in plaintext in Web history on local storage. Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, into website forms, experts say

EasyJet website crashes and burns (Register) Barrel-scraping orange airline easyJet is apologising to staff over a "technical" error that has brought down its website worldwide, preventing punters from booking flights or checking in. The easyjet.com site has been down for several hours with the firm taking to Twitter to 'fess up to the unspecified gremlins affecting the systems "both on web and mobile"

Cyber attack briefly takes down 'Las Vegas Sun' website (Fox 5 KVVU-TV) An attack in cyberspace took down the website of the Las Vegas Sun on Tuesday morning. The southern Nevada newspaper first reported trouble with its website about 9 a.m. in a tweet and post on its Facebook page

Security Patches, Mitigations, and Software Updates

Oracle releases 127 security fixes, 51 for Java alone (Naked Security) Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it

D–Link begins fixing router backdoor (ComputerWeekly) Networking equipment company D-Link has begun releasing security patches to close the backdoor discovered on some of its routers. This come after researcher Craig Heffner of Tactical Network Solutions found a simple hack that would allow some D-Link routers to be breached, bypassing the authentication process

Kaspersky 2014 gets 'Patch B' release, essential for forthcoming Windows 8.1 (Beta News) Kaspersky has released updated installer versions of Kaspersky Internet Security 2014 and Kaspersky Anti-Virus 2014. Both updates include the recently rolled out "Patch B", which adds support for Windows 8.1 and Firefox 23/24

Cyber Trends

New Report Says Cyberthreats Multiplying Like Tribbles (IEEE Spectrum) Hackers have proven time and time again that they'll eventually find a way to defeat any single digital security method. Their motivation to do so is evident in the fact that, on average, more than 150 000 new, unique malware strains are unleashed each day. That's one of the startling conclusions drawn by analysts from the Aite Group in the report "Cyberthreats: Multiplying Like Tribbles" that was released earlier this week

A Q&A with Charlie Miller, Computer Security Researcher at Twitter (InfoSecurity Magazine) At the recent Hacker Halted conference in Atlanta, Infosecurity Editor Eleanor Dallaway, spoke to Twitter's computer security researcher, Charlie Miller, also known for his public hacks on Apple products and his tenure at the NSA. They talked about mobile threats, car hacking and the evolution of the information security industry's mindset

Indonesia Passes China to Become Top Source of Cyber–Attack Traffic (Bloomberg) The unexpected surge in cyber-attacks coming from Indonesia earlier this year wasn't a fluke. The country has overtaken China to become the No. 1 source of attack traffic in the world, according to a report by Akamai Technologies to be published later today

How Edward Snowden is nudging our privacy desires (USA Today) Here's some fresh empirical evidence that the continuing series of revelations leaking from the Edward Snowden documents may yet nudge the privacy pendulum back to where it was, pre-Facebook

Cost of cyber attack in Australia drops (Sky News) The average cost of a cyber attack in Australia has dropped by $100 over the past 12 months. The average victim now loses $200, down from an average of $300 just 12 months ago, according to the annual Norton cyber crime report from security firm Symantec

Akamai: Malicious Internet traffic shifting borders (ZDNet) The latest report from Akamai on the state of the Internet shows that attack traffic is shifting geographically and at the TCP port level. Akamai's State of the Internet report for the second quarter of 2013 is out. It shows changes in the sources and methods of attacks worldwide on the Internet. Akamai, as the dominant content distribution network (CDN), is one of a small number of companies with a network presence throughout the world, close both to end users and major providers

Project 2020 (International Cyber Security Protection Alliance) Project 2020 is an initiative of the International Cyber Security Protection Alliance (ICSPA). Its aim is to anticipate the future of cybercrime, enabling governments, businesses and citizens to prepare themselves for the challenges and opportunities of the coming decade. It comprises a range of activities, including common threat reporting, scenario exercises, policy guidance and capacity building. The scenarios in this document are not predictions of a single future

Cyber criminals steal $1 billion according to Symantec's annual Norton Report (The Daily Telegraph) Symantec's annual Norton Report shows the cost of cyber crime in Australia plunged from $1.65bn last year to just over $1bn this year, as criminals skimmed

Era of Big Discrimination invisible to consumers and regulators (FierceBigData) Microsoft principal researcher Kate Crawford warned: "Personal data harvested by marketers is growing so vast and far reaching that it is threatening to unleash a new wave of digital discrimination, one that ordinary people won't even be able to see happening," according to an article in Yahoo! Finance

63 Percent of U.S. Adults Don't Know What Financial Data Is On Their Smartphones (eSecurity Planet) Still, according to a recent survey, more than half don't lock their mobile device with a PIN. A recent Zogby poll of more than 1,000 adults found that 63 percent of people don't have a clear sense of what financial information is stored on their smartphones, and nearly 70 percent believe that storing payment information on their smartphone is unsafe

UK businesses call for support to close virtual security skills gap (ComputerWeekly) A quarter of UK organisations do not have the knowledge to manage virtual security deployments, a study has revealed. More than half say this is due to a lack of training or funds available to train, according to the study by security firm Trend Micro in collaboration with Vanson Bourne

Marketplace

Cyber warrior shortage hits anti–hacker fightback (Economic Times) For the governments and corporations facing increasing computer attacks, the biggest challenge is finding the right cyber warriors to fight back. Hostile computer activity from spies, saboteurs, competitors and criminals has spawned a growing industry of corporate defenders who can attract the best talent from government cyber units

FireEye Coverage Initiated at Bank of America Corp. (FEYE) (WKRB) Analysts at Bank of America Corp. assumed coverage on shares of FireEye (NASDAQ:FEYE) in a research report issued to clients and investors on Tuesday, AR Network reports. The firm set a "buy" rating and a $50.00 price target on the stock. Bank of America Corp.'s target price would suggest a potential upside of 20.34% from the stock's previous close

NASDAQ OMX Leverages FireEye Threat Prevention Platform To Strengthen Defense Against Cyber Attack (MarketWatch) FireEye Inc. FEYE -1.66% , the leader in stopping today's new breed of cyber attacks, and NASDAQ, the inventor of the electronic exchange, today announced that NASDAQ OMX NDAQ -0.99% , the world's largest exchange company, will leverage the FireEye(R) Threat Prevention Platform to boost defenses against cyber attacks on its exchanges. The FireEye Multi-Vector Virtual Execution(TM) (MVX) engine will also be tapped to strengthen security against Web, email, and file attacks

LogRhythm Snags Channel VP From Kaspersky (TechRockies) Boulder-based cyber security software developer LogRhythm has bolstered its channel sales efforts today, with the hiring of a new VP. According to the company, it has hired Nancy Reynolds as its new Vice President of America Channels. Reynolds joins the company from Kaspersky Lab, where she was Senior Vice President of Corporate Sales, North America

CommVault, EMC, Symantec lead European data protection and recovery software market, says IDC (FierceGovIT) CommVault Systems, EMC and Symantec (NASDAQ: SYMC) are the top vendors in the data protection and recovery software market in Europe, according to IDC's latest MarketScape study

Federal IT spending to plateau for next 5 years, says TechAmerica Foundation (FierceGovIT) Total known and unclassified federal information technology spending will hover around $70 billion annually through fiscal 2019 when measured in today's dollars, predicts the TechAmerica Foundation in its annual near-term forecast

Products, Services, and Solutions

CipherCloud Delivers Searchable Strong Encryption (Dark Reading) Searchable Strong Encryption (SSE) solution enables encryption of information in real time before it's sent to the cloud

Capturing The Flag, SQLi–Style (Dark Reading) Black Hat SQL injection workshop instructor develops real-world SQL injection sandbox simulator, invites public for capture the flag event later this month

Review: HyTrust Appliance 3.5 (eSecurity Planet) Reviewer Matt Sarrel finds HyTrust Appliance 3.5 an easy-to-use, hardware-based solution for mitigating security risks associated with virtualization

Aaron Swartz's unfinished whistleblowing platform finally launches (Ars Technica) SecureDrop was heavily audited by Bruce Schneier, Jacob Appelbaum, and others

RemoteView 4 Geospatial Intelligence Software Improves Analysts' Productivity (MarketWatch) Overwatch Geospatial Solutions, an operating unit of Textron Systems, a Textron Inc. TXT +0.83% company, announced today the release of its RemoteView™ 4 geospatial intelligence (GEOINT) software, offering a slate of new features and capabilities that provide analysts enhanced productivity and performance

Lacoon Aims to Set New Benchmarks for Enterprise Mobile Security (MarketWatch) Lacoon Mobile Security today emerged from stealth with a mission of empowering enterprises to fully embrace mobility while remaining protected from cyber espionage and cybercrime. Lacoon is announcing general release of its MobileFortress product and a $8M Series A funding round led by Index Ventures and joined by existing angel investors including Shlomo Kramer, co-founder of Check Point Software Technologies and CEO and founder of Imperva

4 free tools for Cyber Security Awareness Month — and beyond! (Naked Security) It's Cybersecurity Awareness Month, so we've been urging you to get more serious about security. A number of you have replied, "Where do I start? What should I do?" Here are 4 free tools to help you on your way

Barracuda unveils new firewall models (Help Net Security) Barracuda Networks announced five new models of the Barracuda NG Firewall F600, which feature multiple port options and hot-swappable power supplies to accommodate varying network requirements

Social identity theft protection (Help Net Security) Riskive unveiled FriendGuard, a free app that leverages advanced math and science to protect individuals and families against social identity theft and malware attacking their social accounts

Yahoo (finally!) to make SSL encryption the default for webmail (Naked Security) Yahoo has confirmed it will finally enable encryption by default for its web-based email starting on 8 January 2014, according to The Washington Post - one year to the day after it rolled out the option of protecting users' webmail privacy with HTTPS

Deutsche Telekom plans to keep all web traffic in Germany to hide from PRISM spies (V3) Deutsche Telekom has moved to protect its customers from government spy agencies by changing its processes to only route local internet traffic through domestic servers

Technologies, Techniques, and Standards

Insider–led Data Breaches Drive a Need for Holistic Defense Frameworks (InfoSecurity Magazine) Despite the ongoing, headline-grabbing news that international spies are always trying to breach the cyber-castle walls at government agencies and businesses, it turns out that internal threats are the biggest cause of data breaches, according to new research. Industry experts say that's no surprise — and are urging considered approaches to the issue

Cyber expert Spafford calls for more manager, employee accountability (Federal News Radio) The one action that may make the most difference in how federal agencies secure their computer networks involves no new whiz-bang technology. It has no up-front real-dollar costs either

5 tips for hiring security–savvy IT professionals (Naked Security) How do you make sure your new IT recruits are security-aware? Ross McKerchar is Sophos's IT Security Manager and has been involved in hiring for five years. Here are his tips to winnow away the chaff and discover what your candidate really knows about security

WordPress security threats, protection tips and tricks (Help Net Security) Robert Abela is a WordPress Security Professional and founder of WP White Security. In this interview he talks about the main WordPress security risks, offers tips for website owners on how to protect themselves, and much more

Solving the dilemma of vulnerability exploitation disclosure (Help Net Security) The subject of software and hardware vulnerability disclosure has been debate time and time again, and most agree that, if possible, vulnerabilities should first be disclosed to the manufacturer

Security standard answers market worries over cloud (CRN Australia) The new Star Certification was developed by standards body BSI, incorporating NCSI, in partnership with the Cloud Security Alliance. The certification certifies a

Big data company detectives seek to catch cybercriminals in the act (FierceBigData) These days, finding cybercriminals is not just about looking for clues at the scene of the crime. Such an approach isn't acceptable because it's after the fact when harm has already been done. Antivirus and malware programs too can only be programmed to detect known attacks thus limiting their protection capabilities. Security pros are now using big data analytics and visualizations to catch cybercriminals red-handed and stop them in the act. But that is not to say that all security teams are succeeding at using big data in this way

Enterprises use old technology to combat new APT-style attacks (FierceITSecurity) Traditional IT security strategies, such as firewalls and antimalware software, will not stop advanced persistent threat attacks, warns a new book about APTs from the non-profit IT standards association ISACA

Three Simple Steps to Keep Hackers Out of Your Baby Monitor (Wired) For years, I've been telling new parents not to buy a dedicated Internet-connected baby monitor. These $200 cameras are wastes of money, I argue, because you can accomplish the same thing with an IP camera and smartphone apps for $75 or less. What's more, you'll probably get better pictures and sound to boot. Clearly, given the prevalence of IP cameras in Amazon's baby store, I'm not the only one espousing this anti-baby-industry dogma. But here's the thing: These cameras can be terribly insecure, especially right out of the box

Design and Innovation

Europe Invests €1 Billion to Become "Graphene Valley" (IEEE Spectrum) The European Commission (EC) last week announced a €1 billion ($1.3 billion) investment in graphene research and development that will be spread over 10 years. The aim of the huge funding initiative will be to smooth the path for pushing graphene from the research lab to the marketplace

Research and Development

New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks (Ars Technica) Crypto prof: "We have nearly, but not quite enough to get a serious audit done." For nearly a decade, TrueCrypt has been one of the trusty tools in a security-minded user's toolkit. There's just one problem: no one knows who created the software. Worse still, no one has ever conducted a full security audit on it—until now

Can you trust 'NSA–proof' TrueCrypt? Cough up some dough and find out (The Register) Fundraising drive to shove a microscope up mysterious encryption software. Security researchers are raising funds to conduct an independent audit of TrueCrypt, the popular disk encryption utility. TrueCrypt is widely used as a tool to strongly encrypt and decrypt entire drives, partitions or files in a virtual disk. It can also hide volumes of data and said to be easy to use

Security in quantum physics (The Verge) Cryptography is having a rough few months. On September 5th, leaked NSA documents revealed a systematic effort by the agency to undermine encrypted communications across the board, breaking accepted standards like SSL and systematically weakening others. But while the news has been unsettling for math-based cryptography, it's fueled interest in less conventional means of secure communication, particularly a fiber-optic technique called "quantum cryptography" that uses the properties of light to fend off would-be wiretappers. For years, it's been an object of interest for the cryptography scene — but after Snowden, it's becoming big business

Quantum computers, machine learning and big data (FierceBigData) I can see you thinking "yes but" already. Yes, but quantum computing is still a ways off, you're thinking. To which I would reply, yes, but not as far off as you probably think. Interestingly, big data is fueling its acceleration. How so, you ask? In many cases, such as the Large Hadron Collider at CERN, extreme big data has outgrown current computing capabilities and a new computing model is urgently needed soon

Academia

Lockheed Martin talks cybersecurity with high school students (Gazette.net) Teens look at college programs, future careers in cybersecurity. Terms like "advanced persistent threat" and "denial of service" might sound foreign to you, but these students can tell you exactly what they mean

Cybersecurity talent pipeline not being fed by high schools, new Raytheon survey finds (Yahoo! Finance) Survey finds less than one-quarter of young adults express interest in a career in this field

Legislation, Policy, and Regulation

NSA director misled Black Hat attendees — claims of PRISM's value overstated (CSO) Statistics provided by Alexander at conference proven false after true number of terrorist plots stopped by data collection program is divulged. Earlier this month, during a Senate Judiciary Committee hearing, Senator Patrick Leahy pressed the NSA's director, General Keith Alexander, on whether or not the figures that are used to support data collection programs, notably the bulk collection of phone records, were accurate

Shutdown misstep: How Obama administration plan put country at risk (Kansas City Star) It may be one of the most serious missteps of the federal government shutdown. After weeks of planning, the nation's spy chief sent home nearly three-quarters of the workers at the government's intelligence agencies when faced with the partial shutdown. The move, James Clapper later admitted himself, put the United States at greater risk of terrorist attacks. He then reversed course and brought thousands of employees back to work

Espionage is a fact of life. Oversight should be, too (Ottawa Citizen) Canadians ought not to be wringing their hands at the news that our electronic eavesdropping agency is spying on the Brazilian mining industry. Espionage — both for security and economic advantage — is a fact of international life

Litigation, Investigation, and Law Enforcement

Australian privacy commissioner slams telco for privacy breach (FierceITSecurity) Australian Privacy Commissioner Timothy Pilgrim has found that Australian telco AAPT, a subsidiary of Telecom New Zealand, violated the country's Privacy Act by failing to secure customer information prior to a July 2012 Anonymous hack that resulted in the theft of 40 GB of data

Big data privacy challenge requires due process response, says paper (FierceGovIT) Big data doesn't just utilize data: It creates data often of a highly personal nature, and that's a challenge to today's set of privacy protections, argues a paper by a Microsoft researcher and a law academic

McAfee exposes scope of digitally funded crime extends to contract killings (ComputerWeekly) Virtual currencies are being used to enable an extremely wide range of crime - including contract killings - a report by security firm McAfee has revealed. "The perceived anonymity of virtual currencies is helping drive crime at a scale not seen before," said Raj Samani, chief technology officer of McAfee Europe and co-author of the report

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, Oct 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.

SNW Fall 2013 (Long Beach, California, USA, Oct 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.

Hexis Exchange (Athens, Greece, Oct 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, Oct 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.

NSU Healthcare Cyber Security Summit (Fort Lauderdale, Florida, USA, Oct 17, 2013) In today's modern healthcare systems, data is everywhere, including sensitive patient data that needs to be secured and monitored. Join top healthcare security professionals from Nova Southeastern University, AccessData, and RSA to hear about current regulations that affect healthcare companies of all sizes, ways to protect sensitive data, and learn techniques to monitor access for suspicious activity. If you are responsible for the privacy or security of your company's healthcare data, you will benefit from presentations from these leading experts in the field. NSU's Chief Information Security and HIPAA Security Officer, John Christly, will examine the threats to the privacy and security of todays' modern healthcare operations. You will also hear from experts from AccessData and RSA on how to detect and prevent data breaches. RSVP at the link.

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, Oct 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.

Securing the Internet of Things Summit (San Francisco, California, USA, Oct 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.

Cloud Connect (Chicago, Illinois, USA, Oct 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, Oct 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, Oct 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.

Hack.lu 2013 (Luxembourg, Oct 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.

Joint Federal Cyber Summit 2013 (Washington, DC, USA, Oct 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.

NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, Oct 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security of information technology most of these products are not designed for the specific needs of small businesses. The techniques that will be discussed in the presentation are designed to address the most common threats encountered by small businesses without requiring significant expertise and expense. RSVP at the link.

BREAKPOINT 2013 (Melbourne, Australia, Oct 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.

Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.

FIRST Energy Symposium (Leesburg, Virginia, USA, Oct 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been greater. Many control systems are already networked and are target of sophisticated attacks. Organizations will benefit from having a specialized team to work on detection and handling of cyber attacks, analyzing incidents and sharing information with other security organizations. The FIRST Symposium will focus on lessons learned from attacks and technology and sector specific security aspects. Strong emphasis will be given to organizational issues like creation and operation of incident response teams.

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.

RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.