The CyberWire Daily Briefing for 10.25.2013
Several hacks (in Spain, the US, and Africa) look like hacktivism but appear on closer inspection to be mere cyber vandalism (although the African site defacements have an Islamist style and Anonymous claims the Catalonian hack).
The Mevade botnet continues to roil through its largely European targets, with businesses, organizations and governments hit indiscriminately.
F-Secure finds interesting obfuscated code leading to an exploit kit. FireEye describes Terminator RAT's evasion techniques. The old criminal standby, Blackhole, seems to be disappearing from the black market, largely replaced by Cutwail.
Security analysts think LinkedIn's new features may prove a phisher's playground. Popular IZON security cameras are found vulnerable to hacking.
Insurers take note of the rising threat to US power infrastructure.
Mozilla offers a Firefox plug-in that shows how users' browsing is monitored, by whom, and to whom the monitors are connected.
Financial sector cyber drill Quantum Dawn 2's after action report is out. NIST's draft cyber security framework attracts criticism, but, on balance, good will.
Germany and France protest US electronic surveillance. Germany and Brazil want to elevate the matter to the United Nations, and many see new international norms emerging. Such norms won't be a Stimsonian gentlemen-don't-read-other-gentlemen's-mail, stopping intelligence collection being generally understood as irresponsible, but new restraints will certainly be considered. Inter alia the US warns allies their cooperation with collection may have been compromised.)
In the US, senior voices are raised in support of splitting Cyber Command from NSA. The Department of Defense releases its cyber threat sharing guidelines.
Today's issue includes events affecting Australia, Brazil, China, European Union, France, Germany, Iran, Ireland, Israel, Malaysia, Panama, Russia, South Africa, Spain, Taiwan, Tunisia, Ukraine, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
African Petroleum Producers' Association Website Hacked by Fallaga Team Tunisia (Hack Read) A Tunisian hacker going with the handle of TN_X2X from Fallaga Team Tunisia has hacked and defaced the official website of African Petroleum Producers' Association based in Lagos, Nigeria. The hack is a high profile where hacker left his deface page along with a message on the website, leaving an Islamic prayer
Northern Region Civil Air Patrol of U.S. Air Force Domain Hacked by KamiSecTeam (Hack Read) A group of Malaysian hackers from KamiSecTeam has hacked and defaced the official website of Northern Region Civil Air Patrol of the United States Air force. Hackers left an image as a deface page on the hacked website with team's name KamiSecTeam and official logo but reason for targeting the site was not mentioned anywhere
Official ESET Spain Domains Hacked and Defaced by Panamanian Hacker MrD0x (HackRead) A Panamanian hacker going with the handle of MrD0x has hacked and defaced 4 official domains of anti-virus company ESET distributor for Spain
Anonymous Hacks Systems of Spain's Catalan Police (Softpedia) Anonymous hackers claim to have breached the systems of Mossos d'Esquadra, the police force of Spanish community of Catalonia. The targeted website is the one of the Catalan police union, from which they've leaked the details of several individuals
'Massive' Russian Cyber Crime Campaign Hit Governments (TechWeek Europe) Handful of organisations in the UK hit by operation emanating from Russia and the Ukraine
Neutrino: Caught in the Act (F-Secure) Last week, we got a tip from Kafeine about hacked sites serving injected iframes leading to an exploit kit. We thought it was quite interesting so we looked at one of the infected websites and found this sneaky piece of code
Evasive Tactics: Terminator RAT (FireEye Blog) FireEye Labs has been tracking a variety of advanced persistent threat (APT) actors that have been slightly changing their tools, techniques, and procedures (TTPs) in order to evade network defenses. Earlier, we documented changes to Aumlib, the malware used in the attack against the New York Times, and Taidoor, a malware family that is being used in ongoing cyber-espionage campaigns particularly against entities in Taiwan. In this post we will explore changes made to Terminator RAT (Remote Access Tool) by examining a recent attack against entities in Taiwan
Blackhole Exploit Kit in retreat as criminals defect to rival exploit system (CSO) The crimeware empire built by the infamous Blackhole Exploit Kit appears to be crumbling with the news that a criminal group using the important Cutwail botnet has defected to a rival platform
"Your Apple ID Frozen" Phishing Emails Come as Users Upgrade to Mavericks (Softpedia) Apple users have reported receiving phishing emails entitled "Your Apple ID has been frozen temporarily," which attempt to trick recipients into handing over their personal details
Halloween Freebies Lead to Ghastly Survey Scams (TrendLabs Security Intelligence Blog) With Halloween just around the corner, everyone's thinking about costumes and candy - including cybercriminals. We found several scams taking advantage of the upcoming holiday on popular sites like Facebook, Twitter, and YouTube
How hackers could hijack HealthCare.gov (FierceHealthIT) President Obama may have tapped Jeff Zients, one of his economic advisers, and communications giant Verizon to start fixing the troubled HealthCare.gov, but a bigger problem may be on the horizon: hackers
Obamacare contractors had serious data security lapses (FierceITSecurity) Quality Software Services was cited by HHS for exposing data on more than 6 million Medicare recipients
Obamacare Data Hub Apparently Works Well, Mitigating Security Fears (Nextgov) For all the problems with HealthCare.gov, one very big, very important piece of Obamacare technology seems to be working well
Exclusive: Apple Store Favorite IZON Cameras Riddled With Security Holes (Security Ledger) It's another day, another face-palm moment for the home surveillance camera industry. Just one month after the Federal Trade Commission (FTC) settled a complaint with the maker of SecurView, a line of poorly secured home surveillance cameras, a researcher at the firm Duo Security has found a slew of even more serious security holes in the IZON Camera - a popular product that is sold in Apple Stores and Best Buy, among others. A review by The Security Ledger found dozens of such systems accessible via the public Internet, in some cases allowing anyone to peer into the interiors of private residences and businesses
LinkedIn Intro: Hack Here For Juicy Data (Forbes) LinkedIn's new Intro service has put up a big sign advertising to cyber criminals, nation states and others 'hack here, we've got loads of juicy data'. The architecture of its new service is innovative but compromises your security and privacy in ways you really should care about. Oh, and whilst I am at it, I'll have a dig at Apple AAPL +1.33% for putting LinkedIn in this position in the first place. So how does it work
What teenagers think about Facebook's new privacy controls (Guardian) Young people post vast amounts of information about themselves online often to the horror of adults. Here three teenagers affected by Facebook's new privacy settings discuss what they think about sharing information online
Cyber risk for U.S. power, utilities companies increasing (Canadian Underwriter) Critical infrastructure in the United States, and in the power and utilities sector in particular, is facing an increase in cyber attacks, leading to stronger regulation and the need for insurance coverage, according to a briefing from Marsh
Paper–thin security in SA 'makes country easy prey to cybercrime' (BDLive) A global report has ranked South Africa third in terms of cybercrime — after Russia and China. The 2012 Norton Rose Fulbright cybercrime report shows that the country loses about R1bn a year because of cybercrime
Lockheed Martin Establishes Continuous Monitoring Lab and Workshops to Support Department of Homeland Security (MarketWatch) Lockheed Martin LMT +0.57% is inviting government organizations interested in learning how to strengthen their network security to its new continuous diagnostics and mitigation (CDM) lab and associated workshops
The Snowden case: U.S. data and security industries weakened (DigitalJournal) The World Association Cloud Security Alliance, which brings together the main stakeholders, interviewed in July targeting its 207 member companies, non-US
Internet Privacy Company Ends Service To Avoid Government Surveillance (Reason) Remember Lavabit and Silent Circle, the encrypted email providers that closed their doors because they faced government pressure to enable government snooping on their customers (Silent Circle still offers other privacy services)? Well, you can add CryptoSeal to the mix. The company has ended its CryptoSeal Privacy virtual private network (VPN) service (it still offers enterprise-lever services), which was advertised as "keeps prying eyes off of your internet usage while you're at home, in a coffee shop or even another country," also over concerns about the legal environment and government snooping
Will Huawei be the NBN's Saviour…or a Threat to National Security? (Counting Pips) Huawei is one of the biggest communication companies in the world. They do everything you can think of that has anything to do with communication. Mobile phones? Yes. Cellular Towers? You bet. Internet infrastructure? It's a specialty. When it comes to communication Huawei is a global leader. They've rolled out their services all over China, Europe and Asia. But not the US and not Australia. You can buy their consumer products in Australia and the States…but you won't find anything else branded Huawei. What's worthy of note is the UK has just given Huawei the green light to build a £125 million R&D facility. And the UK is renowned for being US 'yes men'
Skybox Security Adds Several New Partners to its North America Channel Program (Virtual Strategy) Skybox Security, the leading provider of risk analytics for cyber security, today announced a number of new North American channel partners, including: CipherTech, Creative Breakthroughs Inc. (CBI), CR&T, GigaNetworks, Namtek, NuTech and Tevora. Skybox Security's Channel Program provides value-added resellers (VARs) and system integrators with the industry's most advanced and effective security risk and compliance solutions
CRGT Completes Integration of Big Data Provider Guident (GovConWire) CRGT announced it has fully integrated Guident, a big data and analytics technology provider it acquired early this year, into CRGT's information technology services portfolio
Serco CEO quits after government contract scandal (Reuters) Serco, the global outsourcing firm battling to save its relationship with the British government after a series of scandals, said its chief executive had quit as part of a major reorganisation aimed at restoring its reputation
Products, Services, and Solutions
Fingerprint–based biological cryptography tech could spell end to PIN codes (ITPro) Breakthrough the technology equivalent of "curing cancer", chairman claims. Authentication technology firm Primary-Net has taken the wraps off its new fingerprint-based cryptographic technology
Wikipedia sockpuppet saga threatens users' trust of the service (Naked Security) PR firms willing to make a buck by gaming Wikipedia's editing processes are starting to threaten users' trust of the service, to the extent that alarmed watchers are predicting that, in a few years, a significant portion of Wikipedia's content could well be spam
Secure file sharing for Mac with native OS X integration (Help Net Security) Infrascale released FileLocker for Mac, with native OS X integration. OS X users now have direct access to File Locker's Ultrasafe features as well as Private Cloud deployment options
Firefox plugin reveals how your internet browsing is being monitored (Engadget) If someone screams "they're watching you!" into your face, then you're either starring in a horror movie or living in these surveillance-conscious times. Still, if it's the latter, at least now you can put a name to the faceless entities observing your every move. Mozilla has released Lightbeam, a Firefox plugin that visualizes which sites are tracking your browsing history and how those sites are connected
Procera Networks and Skyfire Announce Deployment–Ready Partnership (MarketWatch) Procera Networks, Inc. PKT +1.33% , the global Internet Intelligence company, and Skyfire, a fully-owned subsidiary of Opera Software, today announced a joint solution and partnership to tackle the rapid growth of video traffic on global mobile networks, based on an open, scalable ICAP architecture. The two companies have partnered to create a flexible, deployment-ready solution around PacketLogic™ Intelligent Policy Enforcement platforms that enables mobile operators to accelerate their move toward virtualized, software-defined network architectures, and to provide deeper functional integration for advanced traffic steering of video content. The interoperable solution is already being field-trialed by a major European operator
Technologies, Techniques, and Standards
To Determine Threat Level, Context Matters (Dark Reading) Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
A (relatively easy to understand) primer on elliptic curve cryptography (Ars Technica) Everything you wanted to know about the next generation of public key crypto
Quantum Dawn 2 report reveals plot twists of high–action mock cyber attack (FierceFinanceIT) The after-action report of this summer's Quantum Dawn 2 simulated Wall Street cyber attack is out, revealing the multiple plot twists of the industry-wide simulation that did justice to the exercise's Hollywood-like name
Spear–Phishing: What Banks Must Do (Bank Info Security) The Federal Bureau of Investigation recently warned of an uptick in spear-phishing attacks targeting employees across numerous industries
NIST's latest cybersecurity framework reveals a lot of goodwill amidst continued criticism (CSO) After delays due to the government shutdown, the National Institute of Standards and Technology (NIST) released on October 22 its latest version of a comprehensive cybersecurity framework for critical infrastructure as mandated by President Obama's February cybersecurity executive order (EO). This preliminary framework is subject to a 45-day public comment period, after which NIST will make revisions and then produce a final framework for publication in February
Research and Development
NSF grant funds UB communication research into anti-phishing models (University at Buffalo) "Phishing has become the attack vector of choice among cyber criminals and their incidence has gone up significantly" (Arun Vishwanath, associate professor of communication). Arun Vishwanath, PhD, associate professor in the Department of Communication at University at Buffalo, has received a three-year $320,000 grant from the National Science Foundation to launch a research project to learn just how people fall victim to cyber-phishing attacks and what tools can be used to protect them
Army looks to 'deep future' to ensure it stays ahead of technology curve (Federal News Radio) Following a dozen years of sustained combat, the Army has serious concerns about its ability to repair and modernize the gear it thinks it will need to get through the next few years, especially if sequestration stays in effect
Beaver alumnus wins Lockheed Martin Cyber Challenge (Penn State) David G. Walker, a 2003 graduate of Penn State Beaver's information sciences and technology baccalaureate degree program, is the winner of the inaugural Lockheed Martin Cyber Challenge. Walker is a senior systems engineer at the company
(ISC)² Names Inaugural Winners of USA Cyber Warrior Scholarships (InfoSecurity Magazine) The (ISC)² Foundation, the nonprofit charitable trust of (ISC)², today announced the inaugural recipients of the 2013 USA Cyber Warrior Scholarship, a program developed in partnership with Booz Allen Hamilton to help close the cybersecurity workforce gap by providing career training to qualified veterans who served in the US military
Coding: 'Suitable for exceptionally dull weirdos (The Register) Niche, mechanical skill, a bit like plumbing or car repair. Readers' corner Teaching all children to code software is daft and pointless to The Telegraph blogger Willard Foxton. In an article attacking the UK government's plans to update the ICT curriculum, the "investigative journalist and television producer", writes
Legislation, Policy, and Regulation
Germany and France warn NSA spying fallout jeopardises fight against terror (Guardian) Angela Merkel and François Hollande lead push at EU summit to reshape transatlantic spying and agree new code of conduct
EU Reconsiders Intelligence Cooperation With US After Spying Reports (TechCrunch) German Chancellor Merkel is angry with President Obama; so furious that she's publicly calling the European Union to reconsider its intelligence cooperation with the United States, after reports that the National Security Agency tapped her and 35 other leaders phones
Guy spies on what girl gets up to when he's not about. Old story? Just see who the guy and girl are. (Graham Cluley) Europe is furious with the United States over the extent of its spying activities. Earlier this week German Chancellor Angela Merkel accused the United States's National Security Agency (NSA) of tapping her mobile phone
Exclusive: Germany, Brazil Turn to U.N. to Restrain American Spies (Foreign Policy) Brazil and Germany today joined forces to press for the adoption of a U.N. General Resolution that promotes the right of privacy on the internet, marking the first major international effort to restrain the National Security Agency's intrusions into the online communications of foreigners, according to diplomatic sources familiar with the push
EU summit statement on US spying scandal (EUBusiness) The 28 European Union leaders agreed Friday a statement on relations with the United States after revelations of US spying sparked uproar. Leaders met for a summit otherwise devoted to the economy and refugees but it was largely overtaken by events after reports the United States had tapped the mobile phone of German Chancellor Angela Merkel
France feared US hacked president, was Israel involved? (France 24) France believed the United States attempted to hack into its president's communications network, a leaked US intelligence document published on Friday suggests
Of course the NSA spies on Angela Merkel. The problem is she can't spy back (TechWorld) Well-executed spying is an essential safety valve. But the NSA has got ahead of its friends. So the world now knows that the US has definitely been spying on the mobile phone calls of Angela Merkel, François Hollande, David Cameron and most probably the leaders of every other one of its closest allies. Everyone suspects these countries attempt the same back just as surely as do the US's strategic opponents, Russia, China, Iran and North Korea
Allies Aren't Always Friends (New York Times) To play the role it has played in the world for the last 70 years, the United States must be able to gather intelligence anywhere in the world with little or no notice. We never know where the next crisis will erupt, where the next unhappy surprise is coming from. It's the intelligence community's job to respond to today's crises, but its agencies live in a world where intelligence operations take years to yield success. That makes it a little hard - and very dangerous -- to create "intelligence-free zones."
The National Security Agency, Narcissism, and Nationalism (Daily Beast) If the Germans were tapping our president's phone, Rush Limbaugh would be musing about fire-bombing Dresden. But since we're doing the spying, the right doesn't care. That indifference only weakens the U.S., says Peter Beinart
Snowden rebuts Feinstein's statement that NSA spying "is not surveillance" (Ars Technica) Former National Security Agency contractor Edward Snowden went into a relatively long silent period after being charged with espionage and fleeing to Russia. But it seems that he is becoming more comfortable about speaking out. Today, new Snowden comments emerged in which he directly took on Sen. Diane Feinstein (D-CA), who last week defended the NSA spying programs in a controversial op-ed in USA Today
Marco Rubio: Everyone spies on everyone (Politico) Sen. Marco Rubio dismissed the outrage from European leaders that the U.S. has been spying on them, saying, "everybody spies on everybody"
House Intelligence chairman voices frustrations on CISPA (FierceGovIT) The chairman of the House Intelligence Committee said the Edward Snowden leaks have dealt a further setback to attempts in Congress to pass cybersecurity legislation
Divide and Conquer (Foreign Affairs) As General Keith Alexander prepares to depart from the federal government early next year, it's important to note that he will be vacating not one job but two. He has earned plenty of attention for his role as director of the National Security Agency (NSA), the United States' signals intelligence operation. But Alexander has concurrently served as head of Cyber Command, the cybersecurity command that the Pentagon established in 2010. This overlap was not an oversight; in fact, it was quite the opposite. Policymakers assumed that it would be efficient to have the same person run the two organizations, given that they both relied on the same types of technical expertise and operated in the same virtual space (not to mention that they are both physically based in Fort Meade, Maryland)
NSA Needs a 12 Step Program (Nextgov) Since Edward Snowden started leaking details on how the National Security Agency gobbles up exabytes of data worldwide, it has become increasingly clear that it has an unhealthy addiction
DoD taking steps to protect data on unclassified contractor networks (Defense News) A new plan will ensure that the department provides a cohesive, comprehensive and cost-effective approach to protect priority investments and future defense capabilities while maintaining efficient business operations with our industrial partners, Hagel wrote
DoD finalizes cybersecurity two–way threat sharing program regulations (FierceGovIT) The Defense Department finalized regulations Oct. 22 for its cybersecurity threat sharing program with defense industrial base companies, making no changes to an interim final rule published in May 2012
Department of Defense (DoD)–Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) Activities (Federal Register) This final rule responds to public comments regarding the establishment of the DIB CS/IA program, a voluntary cyber security information sharing program between DoD and eligible DIB companies. The program enhances and supplements DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems
Voluntary industry cyber incident reporting necessary for global quantitative data, says report (FierceGovIT) The extent of the global cybersecurity problem is estimated to be large but data doesn't exist to make quantitative judgments, leaving discussions to be dominated by speculation and debate, says a new report from the East-West Institute
Measuring the Cybersecurity Problem (East-West Institute) Trillions of dollars of transactions fly across cyberspace every day that we know are riddled with cybersecurity problems, yet there is no sufficient way to measure their frequency or impact. The EastWest Institute's just-released report, Measuring the Cybersecurity Problem, highlights this global challenge and offers recommendations that, if implemented, would achieve a breakthrough for much-needed measurement of cybersecurity breaches
Andrew G. McCabe Named Executive Assistant Director of National Security Branch (FBI National Press Office) Director James B. Comey has named Andrew G. McCabe executive assistant director of the FBI's National Security Branch. Mr. McCabe most recently served as the assistant director of the Counterterrorism Division
The right to be forgotten, or erased? (IT Security Guru) This week saw the announcement of the draft Data Protection Directive and among the significant changes was the wording from "right to be forgotten" to "right of erasure"
Litigation, Investigation, and Law Enforcement
Gardai asked to check if Kenny was bugged by US (Independent) The Government is understood to have requested that the gardai investigate whether it was being bugged by the US
Officials alert foreign services that Snowden has documents on their cooperation with U.S. (Washington Post) U.S. officials are alerting some foreign intelligence services that documents detailing their secret cooperation with the United States have been obtained by former National Security Agency contractor Edward Snowden, according to government officials
Euro Parliament axes data sharing with US — the NSA swiped the bytes anyway (Register) The European Parliament has voted to halt the Terrorist Finance Tracking Program (TFTP), an agreement to share data on financial transactions in the Continent with the US — after documents leaked by Edward Snowden showed the NSA was hacking the system anyway…In the wake of these allegations, the parliament voted by 280 to 254 (with 30 abstentions) to suspend the TFTP until a "full on-site technical investigation" of the hacking claims has been carried out by Europol's Cybercrime Centre
Lavabit encryption key ruling threatens Internet privacy, EFF argues (InfoWorld) Asking for private SSL keys could hurt the US economy and cause service providers to move to other legal jurisdictions
Silicon Valley 'no–hire pact' lawsuit gets class action status for tech workers (Register) Judge makes it easier for IT staff to get bigger payouts from über–rich firms
Ex–official: Treasury can be powerful force in counterterrorism (FierceHomelandSecurity) The Treasury Department deserves a major role in federal counterterrorism, said Juan Zarate, a former senior counterterrorism official at Treasury and the White House during the George W. Bush administration
For a complete running list of events, please visit the Event Tracker.
BREAKPOINT 2013 (Melbourne, Australia, Oct 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.
Ruxcon (Melbourne, Australia, Oct 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.
2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, Oct 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.
FIRST Energy Symposium (Leesburg, Virginia, USA, Oct 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been greater. Many control systems are already networked and are target of sophisticated attacks. Organizations will benefit from having a specialized team to work on detection and handling of cyber attacks, analyzing incidents and sharing information with other security organizations. The FIRST Symposium will focus on lessons learned from attacks and technology and sector specific security aspects. Strong emphasis will be given to organizational issues like creation and operation of incident response teams.
SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, Oct 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.
RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall.
NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.
Ahead of the Threat: Driving Innovation for Cyber Security (Bethesda, Maryland, USA, Oct 30, 2013) Sponsored by the Tech Council of Maryland, this conference will feature a presentation by Sondra L. Barbour, Lockheed Martin Information Systems & Global Solutions (IS&GS) Executive Vice President, will discuss the importance of understanding the adversary and staying ahead of the threat. Moving beyond the government, the need for intelligence-driven defense is becoming more critical across commercial industries such as oil and gas, finance and healthcare. The escalating landscape of cyber-attacks is forcing companies to take a closer look at their security posture to protect their assets, intellectual property and their customers' personal information.
TrustED 2013 (Berlin, Germany, Nov 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.
OKTANE 1 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.