The CyberWire Daily Briefing for 11.5.2013
Today is (off-year) Election Day in the US, coincidentally NSA's birthday, and, of course, Guy Fawkes Day. Anonymous is marking this last holiday with various protests, but so far with limited hacking success.
The National offers a post mortem on the Syrian Electronic Army's October campaign against Qatar: it was a "low-risk" operation.
In the UK, fears of bugging have led HM Government to exclude iPads from cabinet meetings.
Cisco warns customers that it detected a big spike in port-zero reconnaissance traffic over the weekend. CryptoLocker continues to spread, and Russian criminals are distributing NSA-themed ransomware. Dr. Web thinks Trojan.ibank's scanning for SAP applications foreshadows a campaign against ERP and business-critical software. Fake LinkedIn profiles are being used to gather information for social engineering (cf. Emily Williams and Robin Sage).
Skeptical analysts keep an eye out for BadBios. The recent Adobe hack attracts more scrutiny of poor practices. Unusually cynical criminals replace the familiar Nigerian 419 scam with Syrian-themed fraud exploiting trusting solicitude for that unfortunate country's misery.
In industry news, Dell is now private. BlackBerry struggles with its ongoing attempts at a fire sale; its customers turn to Apple, Samsung, and Microsoft. Fishnet Security buys TorreyPoint. Congratulations to the SINET 16 (see the link for a full list).
It appears that Brazil itself has engaged in Brasilia-based electronic surveillance of US, Russian, Iranian, and Iraqi diplomats. South Korea's Defense Minister may be on the way out over allegations of his Cyber Command's misconduct. US debate over NSA's future continues.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, Indonesia, Iran, Iraq, Republic of Korea, Morocco, Nigeria, Philippines, Qatar, Russia, Seychelles, Singapore, South Africa, Syria, Taiwan, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Anonymous Protests Highlight Need for Cybersecurity (eSecurity Planet) Hackers collectively known as Anonymous plan to participate in a protest called the Million Mask March. Do organizations need to revisit their security strategies
Anonymous Philippines Pledge More Cyber Attacks (SecurityWeek) Some 100 masked members of the hacking group Anonymous Philippines marched on parliament Tuesday, denouncing corruption and pledging more cyber attacks, a week after 30 government websites were paralyzed
Singapore Govt on alert after Anonymous cyber attack (Technology Spectator) Singapore's government has been put on heightened alert for cyber attacks after people claiming to be from international hacking collective Anonymous defaced several web sites in the city-state and threatened further action
Govt websites down due to routing issue, hardware failure: IDA (Channel NewsAsia) IDA explained that maintenance work on government websites last weekend took longer than usual due to a technical glitch -- a combination of a routing issue and a hardware failure. It is believed the downtime was not due to cyber attacks or hacking
Hospital, charities hacked in Indonesian spy case retaliation (The Age) Innocent victims of the spying spat between Indonesia and Australia include a major Queensland hospital, a children's cancer association and an anti-slavery charity, whose websites have been attacked by Indonesian hackers
Why Syria's cyber attack on Qatar was relatively low–risk (The National) The disruption to most of Qatar's online presence last month deserves attention, especially in terms of internet governance and cyber security. Unleashing an army, albeit a digital one, against another country's infrastructure is no minor incident
Fear of bugging prompts iPad ban in UK Cabinet meetings (Naked Security) Fast on the heels of reports that Russia allegedly passed out boobytrapped USB sticks at the G20 summit, iPads were plucked from users' hands at a UK Cabinet meeting out of fear that they might be bugged by foreign intelligence agencies
Massive Spike in Reconnaissance Using Source Port Zero Traffic: Cisco (SecurityWeek) Researchers from Cisco have alerted customers and the Internet community of a massive spike in TCP source port zero traffic that started at 01:00 UTC on Saturday, Nov. 2 and lasted roughly three hours
Russian Cybercriminals Use Customized NSA-Themed Ransomware to Make a Profit (Softpedia) Researchers from IT security firm Blue Coat have analyzed an interesting piece of ransomware most likely operated by Russian cybercriminals. This particular threat was delivered a couple of weeks ago in the attack on PHP.net
CryptoLocker Ransomware Spreading Rapidly (CIO Today) If you are especially worried about CryptoLocker ransomware, the best thing you can do, aside from not getting infected, is to create hard backups of important files. It's also important to keep antivirus software up to date. Many CryptoLocker ransomware infections are happening to computers that were already infected with another malware
Is A Tsunami Of SAP Attacks Coming? (Dark Reading) New banking Trojan modification points to greater trend of attackers targeting ERP and business critical applications
Warning out vs Facebook credit card generator scam (GMA News) Security vendor Bitdefender said the malware hooks in users to a "goo.gl" URL that pretends to generate up to 500 free credits without any downloads
Fake LinkeIn profile gathering info for targeted attacks (Help Net Security) Social networks are great sources of information for cyber criminals and a great way to enter the potential victims' circle of trust. An ongoing social engineering campaign targeting LinkedIn users
(more) Wordpress Hack Case: Site's Credential Stealer with New ASCII Obfuscation in POST Destination URL (Malware Must Die) Yes, it is not a new news to hear about the Wordpress or etc PHP-base CMS got hacked with malicious injected codes
On BadBIOS and Bad Behavior (I am Security) So, unless you are in the security industry and have been living under a rock in the last couple of weeks, you probably know what this #BadBIOS thing refers to
Adobe confirms stolen passwords were encrypted, not hashed (CSO) System hit was not protected by traditional best practices, used 3DES instead
Anatomy of a password disaster — Adobe's giant–sized cryptographic blunder (Naked Security) Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes. Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach
The top 50 woeful passwords exposed by the Adobe security breach (Graham Cluley) In a screw-up of colossal proportions, Adobe didn't properly protect the password data on its servers…and now we can all see the most common passwords used by its customers
Is your vacuum cleaner sending spam? (Internet Storm Center) Past week, a story in a Saint Petersburg (the icy one, not the beach) newspaper caught quite some attention, and was picked up by The Register. The story claimed that appliances like tea kettles, vacuum cleaners and iron(y|ing) irons shipped from China and sold in Russia were discovered to contain rogue, WiFi enabled chip sets. As soon as power was applied, the vacuum cleaner began trolling for open WiFi access points, and if it found one, it would hook up to a spam relay and start…probably a sales pitch spam campaign for cheap vacuum cleaners from China
When attackers use your DNS to check for the sites you are visiting (Internet Storm Center) Nowadays, attackers are definitely interested in checking what sites you are visiting. Depending on that information, they can setup attacks like the following
Syria becomes the next Nigeria for online spam scams (BGR) Remember the Nigerian 419 scam about a lost fortune and how someone representing a bank wants to share the bounty with you? Now Nigerian spammers are taking advantage of the political disturbance in Syria and are now trying to scam people by using some kind of reference to Syria in spam mails sent worldwide. The spammers used reference of Syrian and UK banks and sent messages in the names of representatives from banks, humanitarian organizations and private individuals, Kaspersky Labs' September report on worldwide spam mails suggests
'Selfish miner' attack could devastate Bitcoin, researchers say (IT World) Bitcoin is vulnerable to an attack that could have devastating effects on the virtual currency, but it can be fixed with a software update, according to researchers from Cornell University
Dark–Side Services Continue To Grow And Prosper (Dark Reading) Criminals have expanded their use of the cloud-service model to make their illegal enterprises more efficient and accessible. In 2005, police in Morocco and Turkey arrested two men connected with the Zotob worm: The 18-year-old creator of the worm and the 21-year-old man who paid him to develop the code
25 Years After: The Legacy Of The Morris Internet Worm (Dark Reading) A look at how worms have evolved from the infamous — and relatively benign — Internet worm of 1988 to targeted, destructive attacks. Stuart McClure was an undergraduate student at the University of Colorado in Boulder 25 years ago when dozens of the university's servers suddenly began crashing. The university, like other universities, government agencies, and organizations, had been hit with a historic computer worm that crippled thousands of machines around the Internet in an apparent informal research project gone wrong
Security Patches, Mitigations, and Software Updates
Apple Turns on Safari BEAST Attack Mitigation by Default in OS X Mavericks (Threatpost) Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions
Linux 4.0 may have only bug fixes, no new features (IT World) Linux operating system creator Linus Torvalds has proposed that Linux 4.0, an upcoming release of the open-source software, should be dedicated to stability and bug fixing
Cyber Trends
1 million cyber crime victims in SA (BusinessTech) South Africans are getting hard hit by cyber crime, collectively costing victims billions of rands over the past 12 months, according to a new report by Symantec
Big data blues: The dangers of data mining (ComputerWorld) Big data might be big business, but overzealous data mining can seriously destroy your brand. Will new ethical codes be enough to allay consumers' fears
One Quarter of Data Breach Victims Go on to Suffer ID Theft (InfoSecurity Magazine) ID thieves are getting more successful at leveraging stolen data for ill-gotten gains. Of the 16 million victims notified in 2012 that their payment card information was compromised in a data breach, more than 25% of them also suffered identity theft, according to a new study
Convincing Customers Smartphone Shopping Is Safe (Baseline) Results from the "2013 National Online Safety Study," conducted by the National Cyber Security Alliance and PayPal, reveal that 36 percent of respondents had
Private military, security firms to earn $244B by 2016, UN says (Associated Press) The private military and security business is growing by 7.4 percent a year and on track to become a $244 billion global industry by 2016, the U.N.'s expert on mercenaries reported Monday. The United States is the biggest single spender on private security
Corporate bank accounts robbed of millions by Bonnie and Clyde hackers (Pittsburgh Tribune-Review, via Security Info Watch) The bank robbers drove around New York City for more than 10 hours, collecting some $2.4 million — from ATM machines. They posed for selfies with the cash
Marketplace
Dell Goes Private: 8 Things To Expect (InformationWeek) Dell CEO Michael Dell took the company private to gain more independence from Wall Street investors. Now that the buyout's cleared, what moves can customers expect
TeleCommunication Systems Receives $40.5 Million Contract to Deliver Communications Systems Support for U.S. Marine Corps (MarketWatch) TeleCommunication Systems, Inc. (TCS) TSYS +1.69% , a world leader in highly reliable and secure mobile communication technology, today announced that it has received a contract with CACI International Inc. CACI -0.43% to provide the U.S. Marine Corps (USMC) with Engineering Services for its Wireless Point to Point Link (WPPL) systems and commercialization effort
FishNet Security Buys Solutions Provider TorreyPoint (SecurityWeek) FishNet Security, a provider of information security solutions, announced on Monday that it has acquired of TorreyPoint, a full-service network and infrastructure consultancy based in Sunnyvale, California
BlackBerry's new CEO could help the troubled company get closer to China—but not too close (Quartz) John Chen, the newly-named chief executive of the downtrodden smartphone maker BlackBerry, is best known in the tech sector as an expert turnaround specialist. But he also boasts rich connections to China and years of encouraging US-China trade, which could potentially help BlackBerry find new customers and partners that it desperately needs
Cracking up: a brief history of BlackBerry's fall from smartphone dominance (Engadget) BlackBerry is in dire straits. The smartphone maker was riding high in market share and profits just a few years ago, but it's now having trouble securing rescue money. It's yet again pinning its hopes on a new CEO who's tasked with saving a struggling industry giant. How did BlackBerry decline so quickly, though? And what might happen to the company when seemingly every option is on the table? As it turns out, BlackBerry's descent into trivial market share figures and sustained losses stems from a mixture of hubris, sluggishness and misplaced effort -- and there's no clear solution in sight
In Wake of BlackBerry's Demise, CIOs Look to Samsung, Apple and Microsoft (CIO) BlackBerry's fall means CIOs must quickly develop a new mobile strategy. The big three of enterprise mobility are familiar names — Apple, Samsung and Microsoft. Who will win out
Acer CEO resigns as company plans restructuring and layoffs (IT World) Acer CEO J.T. Wang is resigning from his post at the Taiwanese PC maker and will be replaced by president Jim Wong as part of a corporate restructuring that will try to revitalize the company's sagging fortunes
Shadowy VPN firm says they've got industry's first transparency report (Ars Technica) But EFF lawyer says Proxy.sh has the "single worst policy I've seen"
CACI CEO: NSA leaks give newfound publicity to contractors (Washington Business Journal) What does the debate about the NSA's surveillance tactics mean for federal intelligence contractors? According to CACI International Inc. CEO Ken Asbury, it means newfound publicity
Hackers Collaborate, Now White Hats Can Share Cyber Crime Info (Forbes) Time for the good guys to work together in the fight against hackers, says Jason Polancich, a 20-year veteran of the U.S. intelligence community and an expert on complex internet security and cyber-defense problems
Following Controversy, Yahoo Officially Launches Bug Bounty Program (Threatpost) As promised, Yahoo formally kicked off its bug bounty program late last week, aiming to correct what many in the security industry viewed as misstep after it handed out a paltry $12.50 credit to a researcher for discovering a cross-site scripting error
Products, Services, and Solutions
CoverMe: Private texting, sharing and secure phone calls app (Help Net Security) CoverMe, a secure texting, document sharing and phone call app, launched today after a beta period
Technologies, Techniques, and Standards
How Vocative mines the "Deep Web" for Storytelling (Fast Company) Back in 2012, a group of digital journalists went hunting for Ugandan warlord Joseph Kony. They tried to track him using a trove of data--like mercenary chatter found on an obscure corner of the web. In the end, they weren't exactly able to string together enough information to triangulate his position. But Kony wasn't the only signal they were tracking
It's Not 'Mobile Security,' It's Just Security (InformationWeek) Mobility and BYOD are no different from any other IT security challenge, so it's time for an integrated approach across all the ways people work
11 sure signs you've been hacked (InfoWorld) In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable
Google's dreaded 'blacklist' (CNN Money) Small businesses are reeling from an increase in cybercrime, but a hacked website can have even greater consequences if Google lists you as "infected"
Beyond breach prevention: The need for adequate response (ComputerWorld) If there's been any lesson learned in the past decade, it's that despite tens of billions having been spent on anti-malware, firewalls, intrusion–detection and prevention systems, and other defensive technologies — it's just not realistic for enterprise security teams to expect to be able to stop every attack
New healthcare security and privacy certification from (ISC)² (Help Net Security) (ISC)² has launched a new certification, the HealthCare Information Security and Privacy Practitioner (HCISPPSM), the first foundational global standard for assessing both information security and privacy
How to address the main concerns with ISO 27001 implementation (Help Net Security) Recently I delivered two webinars on the topic of ISO 27001, and I have asked the attendees to send me their top concerns regarding ISO 27001 implementation before those webinars. I've summarized most common concerns into the following five areas and here's a detailed explanation on how I feel they should be addressed
Security Tip (ST13-003): Handling Destructive Malware (US-CERT) Destructive malware presents a direct threat to an organization's daily operations, directly impacting the availability of critical assets and data. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. This publication is focused on the threat of enterprise-scale distributed propagation methods for malware and provides recommended guidance and considerations for an organization to address as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices
Let Others Define the Security Challenge to Solve More Problems (CSO) How a confrontation between the head of security and the head trader revealed the pathway to better solutions involves less assumptions and more questions
Four Supply Chain Cyber Security Risks and Tips for Companies to Address Them (PRWeb) As the CEO of a leading supply chain management, e-procurement and financial productivity solutions company, Tim Garcia draws on real-life experiences to provide four tips for incorporating web security into companies' overall risk management strategies
It's Time to Secure Mobile Devices, Not Just Manage Them (SecurityWeek) As part of my job, I spend a good deal of my waking hours thinking about information security and sharing my findings with IT security practitioners. What are the latest techniques we see from attackers, and what sorts of techniques or policies work best to mitigate them? And as attacks have become more sophisticated, it has also become increasingly clear that security technologies and solutions absolutely must benefit from one another and work together as a platform. In isolation, any single technology is no match for sophisticated attackers
Design and Innovation
Security Innovation Network Selects Top 16 Entrepreneurs from 115 Entries to Share Emerging Cybersecurity Solutions at SINET Showcase in Washington D.C. (EON) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, today announced the 2013 SINET 16 Innovators, who will share their innovative solutions at the annual SINET Showcase on December 4 - 5, 2013 at the National Press Club in Washington D.C
Research and Development
Quantum 'sealed envelope' system enables 'perfectly secure' information storage (Phys.org) A breakthrough in quantum cryptography demonstrates that information can be encrypted and then decrypted with complete security using the combined power of quantum theory and relativity - allowing the sender to dictate the unveiling of coded information without any possibility of intrusion or manipulation
Chinese professor builds Li–Fi system with retail parts (IT World) The equipment is big and expensive, with the research costs at almost US$500,000. But by just using retail components, Chinese professor Chi Nan has built her own Li-Fi wireless system that can use LED lights to send and receive Internet data
DARPA Kicks Off Cyber Grand Challenge (SIGNAL) A new government-run competition seeks to advance the boundaries of computer network analysis and defense by developing autonomous cyberdefense capabilities
Academia
Cyber Awareness: Big Technology in Little Hands (Ozarks First) Some childhood Internet experts are advocating children as young as two, three and four learn about the dangers of the Internet
Legislation, Policy, and Regulation
Report: Brazil spied on embassy personnel (SFGate) The Brazilian government confirmed Monday that its intelligence service targeted U.S., Russian, Iranian and Iraqi diplomats and property during spy activities carried out about a decade ago in the capital Brasilia
Will defense minister stay? (Korea Times) Defense Minister Kim Kwan-jin is in the hot seat because of recent scandals within the military
US intelligence officials: NSA reform bill is 'flawed' (TechWorld) A recent bill to stop the NSA's bulk collection of telephone records would hurt its ability to catch terrorists, officials say
Top Obama lawyers: Reforming the NSA could hurt Americans' privacy rights (Foreign Policy) As Congress considers legislation to reform the surveillance practices of the National Security Agency, senior intelligence officials have said publicly that they'd be willing to modify key aspects of how one of the most controversial programs is run
As U.S. weighs spying changes, officials say data sweeps must continue (New York Times) The Obama administration has told allies and lawmakers it is considering reining in a variety of National Security Agency practices overseas, including holding White House reviews of the world leaders the agency is monitoring, forging a new accord with Germany for a closer intelligence relationship and minimizing collection on some foreigners
Could General Alexander's retirement curb NSA surveillance powers? (Voice of Russia) The innumerable recent leaks about the extent of the NSA's massive global surveillance programs, gathering intelligence on Europeans' telephone calls and wiretapping the phones of 35 world leaders, including German Chancellor Angela Merkel and the Pope, seem to have prompted President Barack Obama and lawmakers to realize that something needs to be done to rein in the NSA's apparently unchecked spying powers
NSA chief likely to lose cyber war powers (The Hill) Senior military officials are leaning toward removing the National Security Agency director's authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions
Oversight board examining surveillance issues hears from lawyers for NSA, intelligence agency (Fox News) An independent board examining clandestine U.S. surveillance programs is hearing from senior lawyers for the National Security Agency and other government departments amid new concerns about the secret operations from Congress, technology companies and European allies
The downfall of the NSA (Bangor Daily News) Politicians and government officials rarely tell outright lies; the cost of being caught in a lie is too high. Instead, they make carefully worded statements that seem to address the issue but avoid the truth. Like, for example, Caitlin Hayden, the White House spokesperson who replied on Oct. 24 to German Chancellor Angela Merkel's angry protest at the tapping of her mobile phone by the U.S. National Security Agency
IG: DHS cybersecurity tools, training not up to par (Politico) The Department of Homeland Security has struggled to respond to cybersecurity threats and disseminate information about them because of lingering technical, funding and staffing woes, according to the agency's inspector general
Litigation, Investigation, and Law Enforcement
More NSA Leakers Followed Snowden's Footsteps, Whistleblower Lawyer Says (ABC News) Several more current and former National Security Agency insiders, inspired by American fugitive Edward Snowden, have come forward as whistleblowers with details of the shadowy agency's operations, according to an attorney at a whistleblower protection organization
Ahn proposes special probe into election meddling scandal (Yonhap) ndependent lawmaker Ahn Cheol-soo called for bipartisan support on Monday to launch a special investigation into several government bodies and the military embroiled in an online campaign scandal in connection with last year's presidential election
UK privacy group wants Level 3 to address allegations of spying cooperation (Ars Technica) Privacy International is pushing for more disclosure from a top international telco
Intercontinental Network of Card Fraudsters Dismantled in Canada and Europe (Europol) A major intercontinental network of card fraudsters has been recently dismantled by cooperating Canadian, French and German police authorities, supported by Europol's European Cybercrime Centre (EC3). The operation 'Spyglass' has so far resulted in the arrest of 29 people. The international criminal group was involved in the sophisticated manipulation of point-of-sale (POS) terminals in shopping centres across Europe and North America
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
ISPEC 2014 (Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
GovSec 2014 (Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
OKTANE 13 (San Francisco, California, USA, Nov 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your employees more productive and secure, OKTANE13 will keep you up to date with the latest enterprise technology.
MIRcon 2013 (Washington, DC, USA, Nov 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress. From analysts and innovators to managers and executives the Mandiant Incident Response Annual Conference® (MIRcon®) is an excellent investment in your business and your professional development where you will learn about new technologies, incident response best practices, and key strategies for managing network security.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
CyberInnovation Briefing (Baltimore, Maryland, USA, Nov 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.