The CyberWire Daily Briefing for 10.30.2013
Anonymous claims to have taken down Interpol's Indonesia site.
The weekend attack on Buffer is now at least partially explained: a major security breach has been found at MongoHQ, the NoSQL database hosting service. An internal support application, open to the Internet and unprotected by a VPN, was compromised via an employee's use of a password shared with a private account. Buffer won't pass all the blame to MongoHQ, acknowledging that had Buffer encrypted its tokens, the damage would have been much less.
In an update on this month's breach, Adobe reports that Photoshop source code was stolen. The breach affected some 38 million users, and a file holding 150 million usernames and hashed passwords has been seen on the Internet.
A new mass injection campaign, "GWload," has infected some 40 thousand Web pages worldwide. Victims visiting the sites are induced to download unwanted software.
About ten thousand items in Apple's AppStore have been shown potentially vulnerable to redirection attacks.
Trend Micro releases an interesting vade mecum for the Chinese cyber criminal underground.
In industry news, Dell is now private. BlackBerry shops its pieces to Facebook.
Trend Micro offers advice on defense against Cryptolocker. Dark Reading mulls the risk of "shelfware."
As the US President and Congress woof about reining in NSA, DNI Clapper and Director NSA Alexander testify that (1) electronic surveillance of allies is internationally normal, and (2) European governments feed the US their own domestic surveillance product. Transatlantic embarrassment suggests Clapper and Alexander are on to something.
Today's issue includes events affecting Canada, Ecuador, European Union, France, Germany, India, Indonesia, Russia, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
#OpThrowBack: Official Interpol Indonesia Website Taken Down by Anonymous (HackRead) The official website of Interpol Indonesia has been taken down by Fu7ion who calls himself a supporter and part of online hacktivist group Anonymous. Fu7ion says that he has taken Interpol Indonesia website under the banner of an online operation ''#OpThrowBack''. The operation was launched by Anonymous hackers yesterday against FBI, NSA, Verizon, Microsoft and AT&T
Hack of MongoHQ exposes passwords, user databases to intruders (Ars Technica) Database provider goes into lockdown after breach of employee support system
Hosting Service MongoHQ Suffers Major Security Breach That Explains Buffer's Hack Over The Weekend (TechCrunch) NoSQL Database hosting service MongoHQ, a Y Combinator alum, has suffered a major security breach that appears to be a major factor in an attack over the weekend on Buffer, the social media scheduling service. The MongoHQ intrusion is affecting customers of the hosting service and potentially also their S3 storage accounts on Amazon Web Services (AWS)
MongoHQ compromised, Have you re–checked your Security Settings? (Kualitatem) MongoHQ is a private, Database-as-a-Service platform for securely hosting and managing shared and dedicated MongoDB instances. Buffer app hacked accounts led to compromise MongoHQ application as per MongoHQ initial reporting. All High-tech applications are based on heterogeneous structure where multiple applications have to integrate with each other in controlled fashion. Security is a continuous process; companies have to scrutinize their security parameters
Adobe security breach actually affected closer to 38 million users (ZDNet) UPDATE: Attackers are believed to have obtained access to invalid as well as inactive Adobe IDs along with test account data
Stolen Adobe account data goes public, Photoshop source code breached (CSO) In an update on the data breach disclosed earlier this month, Adobe has said that source code for Photoshop was stolen. Making matters worse, a file containing 150 million usernames and hashed passwords has appeared online, and the company says that 38 million accounts were directly impacted by the incident
New Injection Campaign Peddling Rogue Software Downloads (Threatpost) A mass injection campaign has surfaced over the last two weeks that's already compromised at least 40,000 web pages worldwide and is tricking victims into downloading rogue, unwanted software to their computer. The campaign, dubbed GWload by researchers at Websense, relies on a Cost Per Action scam that convinces users into thinking the page they've navigated to has been locked and that they need a special version of VLC Player to open it
AmEx users targeted with well–crafted phishing scheme (Help Net Security) A rather well-executed phishing campaign is targeting American Express users via fake "Fraud Alert: Irregular Card Activity" emails impersonating the AmEx Fraud Departement, warns Gary Warner
iOS apps can be hijacked to show fraudulent content and intercept data (Ars Technica) Some 10,000 titles in Apple's App Store may be susceptible to redirection hack. A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday
Security hole found in Obamacare website (CNN Money) The Obamacare website has more than annoying bugs. A cybersecurity expert found a way to hack into users' accounts. Until the Department of Health fixed the security hole last week, anyone could easily reset your Healthcare.gov password without your knowledge and potentially hijack your account
Security concerns prompt subpoena for Healthcare.gov data (ComputerWorld) U.S. House committee chairman orders QSSI to turn over contract and data on Healthcare.gov-related communications
Allina Health Admits Data Breach Affecting Over 3,000 Patients (eSecurity Planet) Names, contact information, birthdates, clinical data, health information, and the last four digits of Social Security numbers may have been accessed
Yusen Logistics Acknowledges Security Breach (eSecurity Planet) Current and former employees' names, addresses, Social Security numbers and payroll benefit deduction amounts may have been exposed
When the phone call is more dangerous than malware (Help Net Security) During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses
Firm calls out consistent rise of "madware" in Google Play (SC Magazine) In the first half of the year, 23.8 percent of all free Google Play apps were plagued with ads that could potentially become a privacy concern for users, if not a serious nuisance, a security firm found. The "Mobile Adware and Malware Analysis" report, published on Tuesday by Symantec, revealed that the percentage of apps containing "madware" — defined as apps using overly aggressive ad libraries — has consistently increased since 2010
A Tour Through The Chinese Underground (TrendLabs Security Intelligence Blog) The Chinese underground has played host to many cybercriminals over the years. In the research brief titled Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market, we provide some details of the current state of the Chinese underground economy. Last year, we looked into this underground sector, and this brief is a continuation of those efforts
Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market (Trend Micro) After taking a grand tour of the Chinese underground market last year, let's revisit it and see what has changed since then. In the past, we noted that Chinese cybercriminals adapted well to their environment, trailing their sights on online gamers and mobile users, the majority of the Internet users in the country. They continue to adapt well, as the market has now reached a similar level of maturity as the rest of the global cybercriminal underground
Attackers Crib Exploit Code, But Net Benefit For Defenders (Dark Reading) A researcher finds that the top 20 crime packs copy exploit code from security researchers and sophisticated attackers, but doing away with public disclosure is no solution
Security Patches, Mitigations, and Software Updates
Cisco patches remote code execution, DoS flaws in enterprise products (FierceITSecurity) Cisco has issued critical security patches for a number of products, including its Identity Services Engine and IOS XR software
Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems (Naked Security) A brief reminder for Firefox users: version 25 is out. As usual, there are some new and tweaked features, plus a fair number of security fixes. Paul Ducklin takes a quick look
SIR v15: Five good reasons to leave Windows XP behind (Internet Storm Center) No, it's not because I work for MSFT and want you to upgrade for selfish reasons. :-) It's because it really is time
Enterprises struggle with access control rights (FierceITSecurity) More than one-quarter of IT pros have retrieved corporate data not relevant to their jobs
BYOD, cloud fueling demand for mobile encryption products (FierceITSecurity) Market is forecast by ABI to reach $230 million by end of 2013
Microsoft report finds decline in disclosed software vulnerabilities (FierceITSecurity) Finally there is good news on the IT security front. Software vulnerability disclosures declined 10.1 percent in the first half of 2013 compared to the same period last year and 1.3 percent compared with the second half of 2012, according to the Microsoft Security Intelligence Report released this week
IT security leaders debate their cyber threat challenges (ComputerWeekly) The IT industry is caught in an increasingly tough battle against cyber crime and the professionals tasked with looking after information security face an onslaught of challenges and attacks
Information security: From "bored" to "board" (ComputerWeekly) Increasingly, I hear information security professionals citing a lack of interest from the board room as a critical reason for their failure to address IT risk and security concerns
Control system security: safety first (Help Net Security) Every large utility, pipeline, refinery and chemical plant has a cyber security program, but most are IT-centric. Anti-virus programs, software update programs and programs of integration with corporate active directory controllers are all managed by IT teams, along with some degree of convergence and consultation with operations technology (OT) teams. While we have seen few large-scale cyber attacks in these industries, IT-style defenses invite such attacks. Cyber-sabotage is a real threat and it will take more than yesterday's firewall-level protections to ensure the safety and reliability of today's industrial sites
Software Security Maturity Plods Along (Dark Reading) While there is certainly room for improvement, the software vendor and financial services communities are making a steadily improving progression in maturing their software security practices according to a new study out today by the Building Security In Maturity Model (BSIMM) project. BSIMM today released the fifth version of an industry-wide study that examined in depth the secure development practices of many of the globe's most influential firms. "Here's the real take-home lesson: we know how to do software security on planet earth and now we just have to do it," says Dr. Gary McGrw, CTO of Cigital and one of the scientists in charge of the study. "There's a lot of people who say you should do it this way or that way and there are opinions and conjecture. But what we've done is collect a set of facts so that people can refer to them and know how to approach software security as grown-ups
The Battle for Power on the Internet (Schneier on Security) We're in the middle of an epic battle for power in cyberspace. On one side are the traditional, organized, institutional powers such as governments and large multinational corporations. On the other are the distributed and nimble: grassroots movements, dissident groups, hackers, and criminals. Initially, the Internet empowered the second side. It gave them a place to coordinate and communicate efficiently, and made them seem unbeatable. But now, the more traditional institutional powers are winning, and winning big. How these two side fare in the long term, and the fate of the rest of us who don't fall into either group, is an open question -- and one vitally important to the future of the Internet
How much custom would you lose from a data security breach? (IT Governance) We take it for granted nowadays that we can work pretty much wherever we are. The majority of us use laptops, tablets and smartphones for work as well as for leisure, Wi-Fi is by and large available wherever we go, 3G and increasingly 4G service is the norm, and cloud computing means we can access our data on the move. But an increasing reliance on virtual networks means sensitive data is more and more vulnerable to targeted attacks. Web-based applications may be convenient for you and your workforce to operate wherever you are, but they are also convenient for cyber criminals, as your and your customers' information is more exposed
Perception of Huawei is changing in India: John Suffolk (Economic Times) Huawei's global cyber security officer John Suffolk says that concerns raised by the US against the Chinese telecom gear maker has not had a lasting impact as the company's perception in markets like India is changing, albeit slowly. Speaking to ET, he denied all accusations of espionage, adding that 70% of its gear is made from parts manufactured in the US and only 30% is done in China
Dell (DELL) Go–Private Deal is Complete (Street Insider) Dell, Inc. (NASDAQ: DELL) completed its go-private tranaction by Michael Dell, Dell's Founder, Chairman and CEO, and Silver Lake Partners, a leading global technology investment firm
NCR to Help TSA Deploy Mobile Boarding Pass Scanners (Executive Biz) NCR Corp. has been awarded a delivery order for mobile technology designed to help the Transportation Security Administration speed-up and secure passenger identification at U.S. airports
Rodney Joffe of Neustar Picked for FBI Cyber Investigation Award (GovConWire) Rodney Joffe, a senior vice president and fellow at Neustar, has been selected to receive an award from the FBI recognizing his work to help resolve a malware case that crossed more than 32 countries and resulted in 55 arrests
Brussels to set up security, business networks in push for European cloud (EurActiv) The Commission is setting up new expert groups to advise on security and business related-issues to accelerate the establishment of a unique "European cloud" capable of challenging global rivals in a sector where the EU has been lagging behind
ProvenSecure Solutions Awarded Cyber Fast Track Research Grant (PRWeb) ProvenSecure Solutions, LLC (PSS), a private New Jersey based Custom Cyber Security Solutions firm, has been awarded a task order to support the Defense Advanced Research Projects Agency's (DARPA) innovative Cyber Fast Track Program (CFT)
Q&A with the Cyber Security Challenge participant who landed a cyber role at PwC (Computing) The Cyber Security Challenge UK (CSC UK), a series of national events designed to encourage talented professionals to join the UK IT security industry, is a government- and industry-backed initiative that has enabled 40 participants to secure IT security roles
Thales launches £2m cyber security 'battle lab' in the UK (Computerworld) Defence company Thales has announced a new Cyber Integration & Innovation Centre that aims to help improve the security of the UK's critical national infrastructure and government organisations
How crazy would it be for Facebook to buy Blackberry? (Quartz) Apparently BlackBerry has been hawking its wares to cash-heavy Facebook
PwC to bulk up with Booz & Co merger deal (Financial Times) PwC is planning to absorb Booz & Co in the latest move towards consolidation in the management consultancy sector. The two groups announced on Wednesday that they had signed a conditional merger agreemen
Interview: Javvad Malik and the Power of Social Media for Security Professionals (Infosecurity Magazine) Drew Amorosi recently caught up with Javvad Malik, senior security analyst with 451 Research, and an emerging supernova within the information security universe
Products, Services, and Solutions
Samsung unveils Knox SDK to boost enterprise mobile security efforts (FierceMobileIT) End-to-end Knox solution provides security hardening from the device hardware to the application layer
Centrify launches tech partner program to secure mobile, cloud apps (FierceMobileIT) Program provides developers, cloud and mobile ISVs tools to jointly build integrated secure apps
Juniper unrolls MetaFabric, new switch (The Register) Juniper Networks has rolled out a fabric architecture and switch, along with other swag. To get a handle on it all, Vulture South spent some time talking with Dhritiman Dasgupta, Juniper's director of platform solutions, to get a handle on key aspects of the release
Sophos takes first step in rolling out cloud security strategy (NetworkWorld) Security firm provides cloud-based management and policy enforcement for endpoints, firewall UTM
Twitter Two–Factor Lockout: One User''s Horror Story (InformationWeek) Warning to users of Twitter's two-factor authentication system: Never, ever misplace your backup access code and then switch phones. Otherwise, you'll find yourself locked out of your Twitter account
Centralizing threat intelligence to feed network defense systems (Help Net Security) ThreatConnect announced the launch of a prototype that connects commercial security products with advanced threat intelligence through an open source standard known as the Structured Threat Information eXpression (STIX), created by The Mitre Corporation
CylanceV Exposes the Unknown Threats Lurking on Computers Worldwide (EON) Cylance, Inc., a global cybersecurity company, is reinventing the way companies think about security. The first to apply mathematical science to security in a scalable way, Cylance announced today the official worldwide release of CylanceV™, a new cloud and on-premise solution to find what others miss in detecting advanced malware
Avira Revamps Free Mac Security For OS X Mavericks (Dark Reading) New version of Avira Free Mac Security can perform quick scan of vulnerable directories on the computer even as the security software is being installed
Technologies, Techniques, and Standards
UK government provides advice to CIOs grappling with BYOD (FierceMobileIT) Need help assessing the strengths and weaknesses of commercial mobility platforms for your enterprise but can't bear the expense of hiring a consultant or purchasing a pricey analyst report
Why Do Big IT Projects Fail So Often? (InformationWeek) Obamacare's website problems can teach us a lot about large-scale project management and execution
What IT managers need to know about risky file–sharing (ComputerWeekly) There is a danger in employees being tech-savvy - they can use devices and means to transport and exchange files that are beyond the control of IT management. Employees may simply see webmail, file-sharing services, cloud storage, USB sticks and smart devices as easier to use than traditional corporate tools to transfer files
Obama, CEOs Meet on Cybersecurity Framework (GovInfo Security) As the National Institute of Standards and Technology began accepting public comments on the preliminary version of a cybersecurity framework on Oct. 29, President Obama met with a group of chief executives from information technology, financial services and energy companies to discuss efforts to improve the cybersecurity of the nation's critical infrastructure
Defending Against CryptoLocker (TrendLabs Security Intelligence Blog) Over the past few weeks, we've been seeing an increase in the number of spreading CryptoLocker malware. This new kind of ransomware has been hitting more users over the past few weeks, as seen in the 30-day feedback provided by the Smart Protection Network
Failure To Deploy: Aided And Abetted By Shelfware (Dark Reading) It takes more than technology acquisition to protect against the insider threat — just ask the NSA. Recent news reports indicate the NSA had acquired technologies to help prevent the leakage of classified data, but failed to deploy them before contractor Edward Snowden began working there. The technologies in question were purchased in the wake of the 2010 WikiLeaks scandal, but went uninstalled at NSA's Hawaii facility due to what was described as "bandwidth issues"
ICE Hacked Its Own Employees to Teach Self–Defense in Cyberspace (Nextgov) One federal agency is replacing workforce security awareness tutorials with real world hack attempts to test employee reflexes. So far, 80 percent of the personnel trained have successfully fought off potential cyberspies
Design and Innovation
Of course Apple is engaging in planned obsolescence (Quartz) Catherine Rampell at the New York Times wonders whether her iPhone, which became much less usable after she upgraded to iOS7, is being deliberately sabotaged by Apple, to encourage her to buy a new iPhone. This is a bit like asking whether or not Apple cares about design. Planned obsolescence has been part of how Apple, and just about every other PC maker, has operated since time immemorial
Research and Development
How quantum key distribution works (GCN) Quantum key distribution (QKD) uses individual photons for the exchange of cryptographic key data between two users, where each photon represents a single bit of data. The value of the bit, a 1 or a 0, is determined by states of the photon such as polarization or spin
Breaking New Ground on Cyberdefenses (GovInfoSecurity) The Army Research Laboratory is collaborating with five universities to develop what's being characterized as a new science to detect, model and mitigate cyber-attacks
Case study: Class cloud — Rochester School Department and Dell (SC Magazine) A school district in New Hampshire needed to enable BYOD, while still protecting its network and the students and faculty using it
Legislation, Policy, and Regulation
White House: Review will address global NSA concerns (USAToday) U.S. surveillance policies aimed at allies have sparked strong reactions across the globe. Below is a sampling of reaction from leaders to the disclosure of National Security Agency spying programs in news reports
Exclusive: Obama orders curbs on NSA spying on U.N. headquarters (Reuters) President Barack Obama recently ordered the National Security Agency to curtail eavesdropping on the United Nations headquarters in New York as part of a review of U.S. electronic surveillance, according to a U.S. official familiar with the decision
France and Spain, not NSA, responsible for spying on phone calls abroad, say US officials (The Verge) US officials have told The Wall Street Journal that the NSA wasn't responsible for intercepting phone calls in France and Spain. Over the past two weeks, documents obtained by Le Monde in France and El Mundo in Spain showed that millions of phone calls in each country had been intercepted by the NSA. The unnamed officials, however, say that these calls were actually logged by French and Spanish intelligence agencies, then later given to the NSA. This corroborates a statement by Director of National Intelligence director James Clapper, who said that "the allegation that the National Security Agency collected more than 70 million 'recordings of French citizens' telephone data' [over 30 days] is false"
The spies on the roof (Economist) Location, location, location, the Americans were thinking when they moved into their new embassy in Berlin in 2008, right next to the Brandenburg Gate
NSA director Keith Alexander says European spying reports are false (Politico) National Security Agency director Gen. Keith Alexander on Tuesday called "completely false" press reports that the NSA had gathered information on millions of telephone calls in countries across Europe
'We're Really Screwed Now': NSA's Best Friend Just Shivved The Spies (Foreign Policy) One of the National Security Agency's biggest defenders in Congress is suddenly at odds with the agency and calling for a top-to-bottom review of U.S. spy programs. And her long-time friends and allies are completely mystified by the switch
Five Reactions To Dianne Feinstein Finally Finding Something About The NSA To Get Angry About (TechDirt) Dianne Feinstein, the NSA's biggest defender in the Senate (which is ridiculous since she's also in charge of "oversight") has finally had enough. It's not because she finally understands how crazy it is that the NSA is spying on every American, including all of her constituents in California. It's not because she finally realized that the NSA specifically avoided letting her know about their widespread abuses. No, it's because she just found out that the NSA also spies on important people, like political leaders around the globe. It seems that has finally ticked off Feinstein, who has released a scathing statement about the latest revelations
Clapper: NSA controversy creating 'erosion of trust' (The Hill) The firestorm of criticism facing the National Security Agency from Capitol Hill has created "an erosion of trust" within the U.S. intelligence community, according to the community's top official. The repeated criticism and second-guessing by Congress over the agency's operations has hindered intelligence community leaders from doing their jobs, Director of National Intelligence James Clapper told lawmakers on Tuesday
Anonymous NSA Officials Strike Back! (Slate) Ken Dilanian and Janet Stobart chip away at the White House's excuses—hey, we weren't told—on the NSA's monitoring of foreign leaders
Throwing the Intelligence Community Under the Bus (Washington Free Beacon) The outcry over NSA surveillance is reaching a critical breaking point. President Obama is having his options constrained by an avalanche of disclosures, and there might be only one, barely adequate way out of it
US legislators introduce bill to end dragnet phone data collection (Help Net Security) US Senate Judiciary Committee Chairman Patrick Leahy and Congressman Jim Sensenbrenner, chairman of the Crime and Terrorism Subcommittee in the House, introduced on Tuesday a legislation that seeks to restore Americans' privacy rights by ending the government's dragnet collection of phone records and requiring greater oversight, transparency, and accountability with respect to domestic surveillance authorities
Proposed USA FREEDOM Act Would Dramatically Curtail The NSA's Surveillance (TechCrunch) Senator Patrick Leahy and Representative Jim Sensenbrenner have introduced a new bill, called the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection, and Online Monitoring Act (USA FREEDOM Act), designed to dramatically curtail the ability of the NSA to collect information on the average United States citizen
Data privacy concerns could derail EU–US trade talks (CSO) EU citizens' data protection is non-negotiable, saysthe EU Justice Commissioner
NSA Spying Scandal: Ecuador's Correa Slams U.S. While Visiting Russia As Spain Opens Inquiry (Fox News) During a visit to Russia, Ecuadoran President Rafael Correa continued his criticism of the United States' National Security Agency, which is currently embroiled in a worldwide scandal over allegations that the agency spied on world leaders
US spying fiasco: Will 'additional' constraints ease European fury? (Christian Science Monitor) As news of the National Security Agency's spying on world leaders, allies, and citizens continues to leak to the public, the White House said this week that there is a need for "additional constraints" on US spying, a statement that some observers fear may do little to calm the diplomatic uproar spreading globally
NDP wants parliamentary oversight of government's intelligence and security activities (Northumberland View) In the wake of disturbing revelations about the activities of the Communications Security Establishment Canada (CSEC) - Canada's equivalent to the United States' NSA - NDP Defence critic Jack Harris (St. John's-East) wants greater Parliamentary oversight of the agency
Russia 'spied on G20 leaders with USB sticks' (The Telegraph) Russia spied on foreign powers at last month's G20 summit by giving delegations USB pen drives capable of downloading sensitive information from laptops, it was claimed today
Bill provides guidance on FDA mobile medical apps regulation (FierceMobileHealthCare) A bipartisan group of House members--three Democrats and three Republicans--has introduced a bill to "provide regulatory clarity regarding mobile medical applications, clinical decision support, electronic health records and other healthcare related software," according to an announcement
SOFTWARE Act gets mixed response from industry (FierceMobileHealthCare) Reactions from industry groups to the SOFTWARE Act, which seeks to "provide regulatory clarity regarding mobile medical applications, clinical decision support, electronic health records and other healthcare related software" have been quick, but not all positive
Bill to Bolster DHS Cyber Workforce Advances (Nextgov) The House Homeland Security Committee on Tuesday advanced legislation that would require the Homeland Security Department to take additional measures to improve and assess the cybersecurity workforce. The bill — the Homeland Security Cybersecurity Boots on the Ground Act (H.R. 3107) — sponsored by Rep. Yvette Clarke, D-N.Y., requires DHS to enhance efforts to bolster the cybersecurity workforce, in part by establishing occupations classifications and developing a strategy to address identified gaps in the cyber workforce
CNO Says Navy Needs Ground Forces' Help On Cyber, Electronic Warfare (Breaking Defense) Rivalries between the services are a favorite topic in this town, especially when budgets tighten. But when it comes to cyberwarfare, electronic warfare, and the wireless world where they intersect, the Navy's top man in uniform is more than happy to get help from the Army
Litigation, Investigation, and Law Enforcement
Privacy group doubles down on Supreme Court NSA phone spying case (PCWorld) The U.S. Supreme Court should review a U.S. National Security Agency (NSA) data collection program despite the U.S. government's argument that privacy group EPIC lacks legal standing to challenge the case, the group said Monday
Man charged in July cyber attack on DOE (Aiken Standard) An individual linked to the July 2013 cyber attacks to the Department of Energy, which affected employees at the Savannah River Site, was charged on Monday by the acting U.S. attorney for the Eastern District of Virginia
Not even two weeks after shutdown, BitTorrent search site isoHunt is back (Ars Technica) New anonymous creators tell TorrentFreak the site is a "file-sharing icon." Less than two weeks ago, IsoHunt, the notorious search engine site for BitTorrent files, agreed to shut down and pay $110 million in a settlement with the Motion Pictures of America Association. The site even shut down a day early as a way to avoid being part of an online archive
For a complete running list of events, please visit the Event Tracker.
RSA Conference Europe (Amsterdam, the Netherlands, Oct 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, Oct 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall.
NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, Oct 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.
Ahead of the Threat: Driving Innovation for Cyber Security (Bethesda, Maryland, USA, Oct 30, 2013) Sponsored by the Tech Council of Maryland, this conference will feature a presentation by Sondra L. Barbour, Lockheed Martin Information Systems & Global Solutions (IS&GS) Executive Vice President, will discuss the importance of understanding the adversary and staying ahead of the threat. Moving beyond the government, the need for intelligence-driven defense is becoming more critical across commercial industries such as oil and gas, finance and healthcare. The escalating landscape of cyber-attacks is forcing companies to take a closer look at their security posture to protect their assets, intellectual property and their customers' personal information.
TrustED 2013 (Berlin, Germany, Nov 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.
OKTANE 1 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.