The CyberWire Daily Briefing 11.05.13

Cyber Trends

1 million cyber crime victims in SA (BusinessTech) South Africans are getting hard hit by cyber crime, collectively costing victims billions of rands over the past 12 months, according to a new report by Symantec

Big data blues: The dangers of data mining (ComputerWorld) Big data might be big business, but overzealous data mining can seriously destroy your brand. Will new ethical codes be enough to allay consumers' fears

One Quarter of Data Breach Victims Go on to Suffer ID Theft (InfoSecurity Magazine) ID thieves are getting more successful at leveraging stolen data for ill-gotten gains. Of the 16 million victims notified in 2012 that their payment card information was compromised in a data breach, more than 25% of them also suffered identity theft, according to a new study

Convincing Customers Smartphone Shopping Is Safe (Baseline) Results from the "2013 National Online Safety Study," conducted by the National Cyber Security Alliance and PayPal, reveal that 36 percent of respondents had

Private military, security firms to earn $244B by 2016, UN says (Associated Press) The private military and security business is growing by 7.4 percent a year and on track to become a $244 billion global industry by 2016, the U.N.'s expert on mercenaries reported Monday. The United States is the biggest single spender on private security

Corporate bank accounts robbed of millions by Bonnie and Clyde hackers (Pittsburgh Tribune-Review, via Security Info Watch) The bank robbers drove around New York City for more than 10 hours, collecting some $2.4 million — from ATM machines. They posed for selfies with the cash

Legislation, Policy and Regulation

Report: Brazil spied on embassy personnel (SFGate) The Brazilian government confirmed Monday that its intelligence service targeted U.S., Russian, Iranian and Iraqi diplomats and property during spy activities carried out about a decade ago in the capital Brasilia

Will defense minister stay? (Korea Times) Defense Minister Kim Kwan-jin is in the hot seat because of recent scandals within the military

US intelligence officials: NSA reform bill is 'flawed' (TechWorld) A recent bill to stop the NSA's bulk collection of telephone records would hurt its ability to catch terrorists, officials say

Top Obama lawyers: Reforming the NSA could hurt Americans' privacy rights (Foreign Policy) As Congress considers legislation to reform the surveillance practices of the National Security Agency, senior intelligence officials have said publicly that they'd be willing to modify key aspects of how one of the most controversial programs is run

As U.S. weighs spying changes, officials say data sweeps must continue (New York Times) The Obama administration has told allies and lawmakers it is considering reining in a variety of National Security Agency practices overseas, including holding White House reviews of the world leaders the agency is monitoring, forging a new accord with Germany for a closer intelligence relationship and minimizing collection on some foreigners

Could General Alexander's retirement curb NSA surveillance powers? (Voice of Russia) The innumerable recent leaks about the extent of the NSA's massive global surveillance programs, gathering intelligence on Europeans' telephone calls and wiretapping the phones of 35 world leaders, including German Chancellor Angela Merkel and the Pope, seem to have prompted President Barack Obama and lawmakers to realize that something needs to be done to rein in the NSA's apparently unchecked spying powers

NSA chief likely to lose cyber war powers (The Hill) Senior military officials are leaning toward removing the National Security Agency director's authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions

Oversight board examining surveillance issues hears from lawyers for NSA, intelligence agency (Fox News) An independent board examining clandestine U.S. surveillance programs is hearing from senior lawyers for the National Security Agency and other government departments amid new concerns about the secret operations from Congress, technology companies and European allies

The downfall of the NSA (Bangor Daily News) Politicians and government officials rarely tell outright lies; the cost of being caught in a lie is too high. Instead, they make carefully worded statements that seem to address the issue but avoid the truth. Like, for example, Caitlin Hayden, the White House spokesperson who replied on Oct. 24 to German Chancellor Angela Merkel's angry protest at the tapping of her mobile phone by the U.S. National Security Agency

IG: DHS cybersecurity tools, training not up to par (Politico) The Department of Homeland Security has struggled to respond to cybersecurity threats and disseminate information about them because of lingering technical, funding and staffing woes, according to the agency's inspector general

Products, Services, and Solutions

CoverMe: Private texting, sharing and secure phone calls app (Help Net Security) CoverMe, a secure texting, document sharing and phone call app, launched today after a beta period

Technologies, Techniques, and Standards

How Vocative mines the "Deep Web" for Storytelling (Fast Company) Back in 2012, a group of digital journalists went hunting for Ugandan warlord Joseph Kony. They tried to track him using a trove of data--like mercenary chatter found on an obscure corner of the web. In the end, they weren't exactly able to string together enough information to triangulate his position. But Kony wasn't the only signal they were tracking

It's Not 'Mobile Security,' It's Just Security (InformationWeek) Mobility and BYOD are no different from any other IT security challenge, so it's time for an integrated approach across all the ways people work

11 sure signs you've been hacked (InfoWorld) In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable

Google's dreaded 'blacklist' (CNN Money) Small businesses are reeling from an increase in cybercrime, but a hacked website can have even greater consequences if Google lists you as "infected"

Beyond breach prevention: The need for adequate response (ComputerWorld) If there's been any lesson learned in the past decade, it's that despite tens of billions having been spent on anti-malware, firewalls, intrusion–detection and prevention systems, and other defensive technologies — it's just not realistic for enterprise security teams to expect to be able to stop every attack

New healthcare security and privacy certification from (ISC)² (Help Net Security) (ISC)² has launched a new certification, the HealthCare Information Security and Privacy Practitioner (HCISPPSM), the first foundational global standard for assessing both information security and privacy

How to address the main concerns with ISO 27001 implementation (Help Net Security) Recently I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I've summarized most common concerns into the following five areas and here's a detailed explanation on how I feel they should be addressed

Security Tip (ST13-003): Handling Destructive Malware (US-CERT) Destructive malware presents a direct threat to an organization's daily operations, directly impacting the availability of critical assets and data. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. This publication is focused on the threat of enterprise-scale distributed propagation methods for malware and provides recommended guidance and considerations for an organization to address as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices

Let Others Define the Security Challenge to Solve More Problems (CSO) How a confrontation between the head of security and the head trader revealed the pathway to better solutions involves less assumptions and more questions

Four Supply Chain Cyber Security Risks and Tips for Companies to Address Them (PRWeb) As the CEO of a leading supply chain management, e-procurement and financial productivity solutions company, Tim Garcia draws on real-life experiences to provide four tips for incorporating web security into companies' overall risk management strategies

It's Time to Secure Mobile Devices, Not Just Manage Them (SecurityWeek) As part of my job, I spend a good deal of my waking hours thinking about information security and sharing my findings with IT security practitioners. What are the latest techniques we see from attackers, and what sorts of techniques or policies work best to mitigate them? And as attacks have become more sophisticated, it has also become increasingly clear that security technologies and solutions absolutely must benefit from one another and work together as a platform. In isolation, any single technology is no match for sophisticated attackers

Marketplace

Dell Goes Private: 8 Things To Expect (InformationWeek) Dell CEO Michael Dell took the company private to gain more independence from Wall Street investors. Now that the buyout's cleared, what moves can customers expect

TeleCommunication Systems Receives $40.5 Million Contract to Deliver Communications Systems Support for U.S. Marine Corps (MarketWatch) TeleCommunication Systems, Inc. (TCS) TSYS +1.69% , a world leader in highly reliable and secure mobile communication technology, today announced that it has received a contract with CACI International Inc. CACI -0.43% to provide the U.S. Marine Corps (USMC) with Engineering Services for its Wireless Point to Point Link (WPPL) systems and commercialization effort

FishNet Security Buys Solutions Provider TorreyPoint (SecurityWeek) FishNet Security, a provider of information security solutions, announced on Monday that it has acquired of TorreyPoint, a full-service network and infrastructure consultancy based in Sunnyvale, California

BlackBerry's new CEO could help the troubled company get closer to China—but not too close (Quartz) John Chen, the newly-named chief executive of the downtrodden smartphone maker BlackBerry, is best known in the tech sector as an expert turnaround specialist. But he also boasts rich connections to China and years of encouraging US-China trade, which could potentially help BlackBerry find new customers and partners that it desperately needs

Cracking up: a brief history of BlackBerry's fall from smartphone dominance (Engadget) BlackBerry is in dire straits. The smartphone maker was riding high in market share and profits just a few years ago, but it's now having trouble securing rescue money. It's yet again pinning its hopes on a new CEO who's tasked with saving a struggling industry giant. How did BlackBerry decline so quickly, though? And what might happen to the company when seemingly every option is on the table? As it turns out, BlackBerry's descent into trivial market share figures and sustained losses stems from a mixture of hubris, sluggishness and misplaced effort -- and there's no clear solution in sight

In Wake of BlackBerry's Demise, CIOs Look to Samsung, Apple and Microsoft (CIO) BlackBerry's fall means CIOs must quickly develop a new mobile strategy. The big three of enterprise mobility are familiar names — Apple, Samsung and Microsoft. Who will win out

Acer CEO resigns as company plans restructuring and layoffs (IT World) Acer CEO J.T. Wang is resigning from his post at the Taiwanese PC maker and will be replaced by president Jim Wong as part of a corporate restructuring that will try to revitalize the company's sagging fortunes

Shadowy VPN firm says they've got industry's first transparency report (Ars Technica) But EFF lawyer says Proxy.sh has the "single worst policy I've seen"

CACI CEO: NSA leaks give newfound publicity to contractors (Washington Business Journal) What does the debate about the NSA's surveillance tactics mean for federal intelligence contractors? According to CACI International Inc. CEO Ken Asbury, it means newfound publicity

Hackers Collaborate, Now White Hats Can Share Cyber Crime Info (Forbes) Time for the good guys to work together in the fight against hackers, says Jason Polancich, a 20-year veteran of the U.S. intelligence community and an expert on complex internet security and cyber-defense problems

Following Controversy, Yahoo Officially Launches Bug Bounty Program (Threatpost) As promised, Yahoo formally kicked off its bug bounty program late last week, aiming to correct what many in the security industry viewed as misstep after it handed out a paltry $12.50 credit to a researcher for discovering a cross-site scripting error

Research and Development

Quantum 'sealed envelope' system enables 'perfectly secure' information storage (Phys.org) A breakthrough in quantum cryptography demonstrates that information can be encrypted and then decrypted with complete security using the combined power of quantum theory and relativity - allowing the sender to dictate the unveiling of coded information without any possibility of intrusion or manipulation

Chinese professor builds Li–Fi system with retail parts (IT World) The equipment is big and expensive, with the research costs at almost US$500,000. But by just using retail components, Chinese professor Chi Nan has built her own Li-Fi wireless system that can use LED lights to send and receive Internet data

DARPA Kicks Off Cyber Grand Challenge (SIGNAL) A new government-run competition seeks to advance the boundaries of computer network analysis and defense by developing autonomous cyberdefense capabilities

Security Patches, Mitigations, and Software Updates

Apple Turns on Safari BEAST Attack Mitigation by Default in OS X Mavericks (Threatpost) Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions

Linux 4.0 may have only bug fixes, no new features (IT World) Linux operating system creator Linus Torvalds has proposed that Linux 4.0, an upcoming release of the open-source software, should be dedicated to stability and bug fixing

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Protests Highlight Need for Cybersecurity (eSecurity Planet) Hackers collectively known as Anonymous plan to participate in a protest called the Million Mask March. Do organizations need to revisit their security strategies

Anonymous Philippines Pledge More Cyber Attacks (SecurityWeek) Some 100 masked members of the hacking group Anonymous Philippines marched on parliament Tuesday, denouncing corruption and pledging more cyber attacks, a week after 30 government websites were paralyzed

Singapore Govt on alert after Anonymous cyber attack (Technology Spectator) Singapore's government has been put on heightened alert for cyber attacks after people claiming to be from international hacking collective Anonymous defaced several web sites in the city-state and threatened further action

Govt websites down due to routing issue, hardware failure: IDA (Channel NewsAsia) IDA explained that maintenance work on government websites last weekend took longer than usual due to a technical glitch -- a combination of a routing issue and a hardware failure. It is believed the downtime was not due to cyber attacks or hacking

Hospital, charities hacked in Indonesian spy case retaliation (The Age) Innocent victims of the spying spat between Indonesia and Australia include a major Queensland hospital, a children's cancer association and an anti-slavery charity, whose websites have been attacked by Indonesian hackers

Why Syria's cyber attack on Qatar was relatively low–risk (The National) The disruption to most of Qatar's online presence last month deserves attention, especially in terms of internet governance and cyber security. Unleashing an army, albeit a digital one, against another country's infrastructure is no minor incident

Fear of bugging prompts iPad ban in UK Cabinet meetings (Naked Security) Fast on the heels of reports that Russia allegedly passed out boobytrapped USB sticks at the G20 summit, iPads were plucked from users' hands at a UK Cabinet meeting out of fear that they might be bugged by foreign intelligence agencies

Massive Spike in Reconnaissance Using Source Port Zero Traffic: Cisco (SecurityWeek) Researchers from Cisco have alerted customers and the Internet community of a massive spike in TCP source port zero traffic that started at 01:00 UTC on Saturday, Nov. 2 and lasted roughly three hours

Russian Cybercriminals Use Customized NSA-Themed Ransomware to Make a Profit (Softpedia) Researchers from IT security firm Blue Coat have analyzed an interesting piece of ransomware most likely operated by Russian cybercriminals. This particular threat was delivered a couple of weeks ago in the attack on PHP.net

CryptoLocker Ransomware Spreading Rapidly (CIO Today) If you are especially worried about CryptoLocker ransomware, the best thing you can do, aside from not getting infected, is to create hard backups of important files. It's also important to keep antivirus software up to date. Many CryptoLocker ransomware infections are happening to computers that were already infected with another malware

Is A Tsunami Of SAP Attacks Coming? (Dark Reading) New banking Trojan modification points to greater trend of attackers targeting ERP and business critical applications

Warning out vs Facebook credit card generator scam (GMA News) Security vendor Bitdefender said the malware hooks in users to a "goo.gl" URL that pretends to generate up to 500 free credits without any downloads

Fake LinkeIn profile gathering info for targeted attacks (Help Net Security) Social networks are great sources of information for cyber criminals and a great way to enter the potential victims' circle of trust. An ongoing social engineering campaign targeting LinkedIn users

(more) Wordpress Hack Case: Site's Credential Stealer with New ASCII Obfuscation in POST Destination URL (Malware Must Die) Yes, it is not a new news to hear about the Wordpress or etc PHP-base CMS got hacked with malicious injected codes

On BadBIOS and Bad Behavior (I am Security) So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing refers to

Adobe confirms stolen passwords were encrypted, not hashed (CSO) System hit was not protected by traditional best practices, used 3DES instead

Anatomy of a password disaster — Adobe's giant–sized cryptographic blunder (Naked Security) Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes. Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach

The top 50 woeful passwords exposed by the Adobe security breach (Graham Cluley) In a screw-up of colossal proportions, Adobe didn't properly protect the password data on its servers…and now we can all see the most common passwords used by its customers

Is your vacuum cleaner sending spam? (Internet Storm Center) Past week, a story in a Saint Petersburg (the icy one, not the beach) newspaper caught quite some attention, and was picked up by The Register. The story claimed that appliances like tea kettles, vacuum cleaners and iron(y|ing) irons shipped from China and sold in Russia were discovered to contain rogue, WiFi enabled chip sets. As soon as power was applied, the vacuum cleaner began trolling for open WiFi access points, and if it found one, it would hook up to a spam relay and start…probably a sales pitch spam campaign for cheap vacuum cleaners from China

When attackers use your DNS to check for the sites you are visiting (Internet Storm Center) Nowadays, attackers are definitely interested in checking what sites you are visiting. Depending on that information, they can setup attacks like the following

Syria becomes the next Nigeria for online spam scams (BGR) Remember the Nigerian 419 scam about a lost fortune and how someone representing a bank wants to share the bounty with you? Now Nigerian spammers are taking advantage of the political disturbance in Syria and are now trying to scam people by using some kind of reference to Syria in spam mails sent worldwide. The spammers used reference of Syrian and UK banks and sent messages in the names of representatives from banks, humanitarian organizations and private individuals, Kaspersky Labs' September report on worldwide spam mails suggests

'Selfish miner' attack could devastate Bitcoin, researchers say (IT World) Bitcoin is vulnerable to an attack that could have devastating effects on the virtual currency, but it can be fixed with a software update, according to researchers from Cornell University

Dark–Side Services Continue To Grow And Prosper (Dark Reading) Criminals have expanded their use of the cloud-service model to make their illegal enterprises more efficient and accessible. In 2005, police in Morocco and Turkey arrested two men connected with the Zotob worm: The 18-year-old creator of the worm and the 21-year-old man who paid him to develop the code

25 Years After: The Legacy Of The Morris Internet Worm (Dark Reading) A look at how worms have evolved from the infamous — and relatively benign — Internet worm of 1988 to targeted, destructive attacks. Stuart McClure was an undergraduate student at the University of Colorado in Boulder 25 years ago when dozens of the university's servers suddenly began crashing. The university, like other universities, government agencies, and organizations, had been hit with a historic computer worm that crippled thousands of machines around the Internet in an apparent informal research project gone wrong

Academia

Cyber Awareness: Big Technology in Little Hands (Ozarks First) Some childhood Internet experts are advocating children as young as two, three and four learn about the dangers of the Internet

Litigation, Investigation, and Enforcement

More NSA Leakers Followed Snowden's Footsteps, Whistleblower Lawyer Says (ABC News) Several more current and former National Security Agency insiders, inspired by American fugitive Edward Snowden, have come forward as whistleblowers with details of the shadowy agency's operations, according to an attorney at a whistleblower protection organization

Ahn proposes special probe into election meddling scandal (Yonhap) ndependent lawmaker Ahn Cheol-soo called for bipartisan support on Monday to launch a special investigation into several government bodies and the military embroiled in an online campaign scandal in connection with last year's presidential election

UK privacy group wants Level 3 to address allegations of spying cooperation (Ars Technica) Privacy International is pushing for more disclosure from a top international telco

Intercontinental Network of Card Fraudsters Dismantled in Canada and Europe (Europol) A major intercontinental network of card fraudsters has been recently dismantled by cooperating Canadian, French and German police authorities, supported by Europol's European Cybercrime Centre (EC3). The operation 'Spyglass' has so far resulted in the arrest of 29 people. The international criminal group was involved in the sophisticated manipulation of point-of-sale (POS) terminals in shopping centres across Europe and North America

Design and Innovation

Security Innovation Network Selects Top 16 Entrepreneurs from 115 Entries to Share Emerging Cybersecurity Solutions at SINET Showcase in Washington D.C. (EON) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, today announced the 2013 SINET 16 Innovators, who will share their innovative solutions at the annual SINET Showcase on December 4 - 5, 2013 at the National Press Club in Washington D.C

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.

GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

OKTANE 13 (San Francisco, California, USA, November 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.

MIRcon 2013 (Washington, DC, USA, November 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.

KMWorld 2013 (, January 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.

CyberInnovation Briefing (Baltimore, Maryland, USA, November 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.

Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, November 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.

cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, November 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.

Teaching Computer Forensics (Sunderland, England, UK, November 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.

Cyber Education Symposium (Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.

The CyberWire Daily Briefing for 11.5.2013