The CyberWire Daily Briefing for 11.8.2013
Singapore's presidential site suffered search function abuse, not defacement, Trend Micro reports.
Ecuador's telecommunications minister claims an unknown but "first-world" country attempted to sabotage this past February's presidential elections.
At least two hacker groups exploit the Microsoft Office TIFF vulnerability. (Mitigations are available, but there's no fix ready for Patch Tuesday.)
Nginix ("a lightweight Apache alternative") access and error logs default to world-readable—change this during installation, and in general be aware (and beware) of default settings in any product or system. Note also what independent researcher Paul McMillan reports he found after crawling the IPv4 address space: all manner of industrial control and supply chain systems are exposed to the Internet without so much as a password to protect them.
Effects of the recent Adobe hack appear to be spreading, as is an unrelated malicious iframe campaign first spotted in India back in May. In the US, Healthcare.gov has more issues than are easily summarized, but HHS can rest easier on at least one of them: Kaspersky reports the targeted denial-of-service tool found this week is unlikely to work.
Gartner warns cyber attack jitters lead enterprises to depart from proven risk-based security tactics. Cyber defenses remain over-reliant on expensive engineering labor.
Two big cyber drills are scheduled for next week: the British financial sector will be tested on Tuesday, the North American power grid on Wednesday.
Fear of surveillance leads to fears of market headwinds for British and US tech companies.
Researchers get to work on TrueCrypt and Gotcha authentication.
Notes.
Today's issue includes events affecting Ecuador, France, Germany, India, Iran, Ireland, Israel, Pakistan, Russia, Singapore, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Singapore PMO Website Not Hacked, Despite Reports (TrendLabs Security Intelligence Blog) Further analysis by Trend Micro researchers on the reported defacement of the Singapore Prime Minister Office website revealed that the website was not actually defaced — attackers abused the search function of the Singapore PMO website to display an image that looks like a hacked version of the site
Ecuador minister decries "first world" cyber attack in presidential elections (BNAmericas) A large processing center located in a "first world" country attempted to sabotage the Ecuadorian electoral IT system during presidential elections held in February of this year, in which President Rafael Correa won a further four-year term in a landslide victory, according to telecoms minister Jaime Guerrero
Exploits of critical Microsoft zero day more widespread than thought (Ars Technica) At least two hacker gangs exploit TIFF vulnerability to hijack users' computers
Despite patches, Supermicro's IPMI firmware is far from secure, researchers say (CSO) The IPMI in Supermicro motherboards has vulnerabilities that can give attackers unuathorized access to servers, Rapid7 researchers said
Nginx sets world-readable logs by default (CSO) Webserver's issue found to be much larger-scale than initially thought
Vicious malware appears on campus (UDail) University of Delaware Information Technologies (IT) reports that at least one computer on campus has been infected by CryptoLocker, a particularly vicious form of "ransomware," malware that encrypts your computer's files so you cannot use them. The software then tries to extort a payment from you in order to receive the decryption key and program
Windows XP Security Apocalypse: Prepare To Be Pwned (InformationWeek) Patching XP makes Microsoft no money. But millions of unpatched and easy-to-exploit systems equal cybercrime payday
Cybercriminals opting for real–time malware campaigns and phishing (Help Net Security) The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to Commtouch
Low Quality Assurance (QA) iframe campaign linked to May's Indian government Web site compromise spotted in the wild (Webroot Threat Blog) We've intercepted a currently trending malicious iframe campaign, affecting hundreds of legitimate Web sites, that's interestingly part of the very same infrastructure from May, 2013's analysis of the compromise of an Indian government Web site
Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime–friendly activity (Webroot Threat Blog) In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Eastern European underground market
Researchers Debate Value of New Bitcoin Attack (Threatpost) Researchers are debating the potential value of a Bitcoin attack that could allow a small cartel of participants to become powerful enough that it could take over the mining process and whether it's actually practical in the real world
Healthcare.gov Denial–of–Service Tool Unlikely to Work (Threatpost) Arbor Networks has discovered a denial of service (DoS) tool specifically designed to target the U.S. government's healthcare enrollment marketplace, Healthcare.gov
Security firm says still more Adobe users are at risk (Gigaom) Password management company LastPass says data of 152 million Adobe customers– a far higher number than thought — was accessed by hackers earlier this year
Power Plants and Other Vital Systems Are Totally Exposed on the Internet (Wired) What do the controls for two hydroelectric plants in New York, a generator at a Los Angeles foundry, and an automated feed system at a Pennsylvania pig farm all have in common? What about a Los Angeles pharmacy's prescription system and the surveillance cameras at a casino in Czechoslovakia? They're all exposed on the internet, without so much as a password to block intruders from accessing them
University Hospitals Security Breach Exposes 7,100 Patients' Data (eSecurity Planet) Names, home addresses, birthdates, medical record numbers, insurance provider information and treatment information may have been exposed
DaVita Acknowledges Data Breach (eSecurity Planet) 11,500 patients' names, diagnoses, insurance information and dialysis treatment data may have been exposed when an unencrypted laptop was stolen
Security Patches, Mitigations, and Software Updates
KitKat swats yet another Android 'MasterKey' bug (The Register) Android 4.4 contains a fix for yet another - albeit weaker variant - of the so-called MasterKey bug that first surfaced in July
November's Security Releases Will Not Include Fix for Zero–Day Vulnerability (Windows IT Pro) Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. Unfortunately, the recently reported zero-day flaw affecting multiple products will not see a fix included in next Tuesday's bundle
Microsoft Security Bulletin Advance Notification for November 2013 (Microsoft Security TechCenter) This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013
Father–Daughter Hacking Team Finds Valuable Facebook Bug (Threatpost) The Wysopal name has been on vulnerability advisories for better than 20 years now, and it doesn't look like that is going to end anytime soon. But the name on those advisories in the future may be Renee rather than Chris Wysopal. Chris, one of the founding member of the L0pht hacking collective and now
Cyber Trends
From Event Gatherers To Network Hunters (Dark Reading) Passive, wait-for-an-event defenses are no longer enough — companies need to move to a more proactive strategy of hunting down the bad actors in their network, say experts
'Active immunization isn't enough to contain the Cyber Plague' (InformationWeek) Jay Bavisi, President, EC-Council has alerted global thought leaders and academicians of the worsening Cyber Plague. In an exclusive interview, he talks about the magnitude of the problem and the factors that caused it
Fear of cyber attack driving a shift from risk-based security, says Gartner (ComputerWeekly) Fear of advanced cyber attacks is driving a shift from tried-and-tested, risk-based security tactics, making them more vulnerable to emerging threats, a survey has found
Rise in cyberattacks means firms must develop security skills and mindset (SiliconRepublic) Rise in cyberattacks means firms must develop security skills and mindsetRise in cyberattacks means firms must develop security skills and mindset. The recent spate of data breaches that saw 43,000 Irish people's credit and debit card details fall into the hands of hackers are a stark warning to public and private-sector organisations to be on their guard
SMEs ignore big data as skills demand rockets (V3) The UK's small and medium-sized businesses are making almost no use of big data analytics, a new IT skills report has found. However, among larger businesses, demand for big data specialists is expected to triple, increasing competition for staff in the business intelligence sector
Internet of Things poses world of worries for IT pros (FierceITSecurity) IT professionals surveyed by ISACA believe IoT poses major IT governance issues for the enterprise
Defining cyberwarfare…in hopes of preventing it — Daniel Garrie (TEDed) Can you imagine a future where wars are fought not with bombs and bullets but computer viruses and pacemaker shutdowns? Cyberware is unique in that it is not covered by existing legal framework and it often inspires more questions than we are yet capable of answering. Daniel Garrie ponders some of the practical and ethical dilemmas that may pop up as we progress towards our uncertain future
Cyber Warfare and the Corporate Environment (Journal of Law and Cyber Warfare) The "back door" is open and cyber-terrorists are in our midst
Reflections on the One Million Mark: A Threat Beyond the Android Platform (Trend Micro Simply Security) We recently reported that the number of malicious and high risk apps on the Android platform crossed the one million mark. It's important to note that this beats by a full quarter our CTO Raimund Genes' prediction from November 2012 that we would cross this mark by the end of 2013
Data brokers' collection of internet activity data raises privacy issues (CIO) Everybody who spends much time on the web knows their activities are tracked for marketing purposes. Do a little online shopping for hats, and you will quickly see ads for hats popping up on other websites you visit
Marketplace
UK banks to take part in cyber–attack 'war game' (The Telegraph) Thousands of staff across dozens of London financial firms will be tested on how they react to a cyber attack in one of the largest "war games" in the world
Why NERC will attack the grid November 13 (and what it could mean for utilities) (SmartGridNews) Quick Take:More and more people are jumping on the smart grid cybersecurity bandwagon. And many of them are jumping on for the purpose of complaining that utilities aren't doing enough, as in the example below
HyTrust acquires HighCloud Security (Help Net Security) HyTrust has acquired HighCloud Security, a provider of cloud encryption and key management software. By combining HyTrust's administrative visibility and control with HighCloud's strengths in encryption and key management, the acquisition offers customers flexibility in addressing security, compliance and data privacy requirements in all cloud environments—private, public and hybrid
Apple Seeks Freedom To Disclose Gov Data Demands (InformationWeek) Apple released its first transparency report and seeks the right to tell its customers the truth about government orders for customer information
Trend Micro's Response to Bits of Freedom (Trend Micro Simply Security) Recently, Trend Micro received a request for information from Bits of Freedom that was sent to us and fourteen other security companies. Bits of Freedom asked four specific questions around our interactions with governments in regard to our detections of surveillance software
CIA Said to Pay AT&T for Customer Data in Terrorist Hunt (Bloomberg) The Central Intelligence Agency has negotiated contracts with AT&T (T) Inc. and other U.S. companies to mine their databases for records of communications, including financial transactions, of suspected terrorists overseas
Skills trump credentials in cybersecurity, but federal agencies have hiring obstacles (FierceGovIT) Ability trumps credentials when it comes to hiring cybersecurity workers, and the federal government faces obstacles in picking up the best talent, said panelists during a Nov. 1 event
Lunarline Named To Inc. 5000 List For Fourth Year Running (Sacramento Bee) The company provides a unique combination of products and consulting services, as well as cyber security training through the Lunarline School of Cyber
CACI Supports DISA Info Sharing Program (Zacks) CACI International Inc (CACI - Analyst Report) announced that it had secured a $45 million order in first quarter fiscal 2014 to support Defense Information Systems Agency's (DISA) Multinational Information Sharing (MNIS) Program Management Office (PMO)
Booz Allen Hamilton STILL Looks Cheap (Seeking Alpha) One year after paying a $7.50 per share dividend, Booz Allen Hamilton Holdings (BAH) still looks cheap. The risks facing the company have increased, given the uncertainties still surrounding the federal debt and deficit and the sequester, but they appear to be manageable
GCHQ data snooping has "destroyed trust in British tech" (PC Pro) GCHQ's online surveillance has destroyed trust in British technology companies and irrevocably damaged the nation's information security industry, according to a cryptography expert
Mikko Hypponen: How the NSA betrayed the world's trust (Help Net Security) Recent events have highlighted, underlined and bolded the fact that the United States is performing blanket surveillance on any foreigner whose data passes through an American entity — whether they are suspected of wrongdoing or not
Internet Bug Bounty Pays for Bugs in Core Technologies (Threatpost) A bounty program begun by a bevy of industry heavyweights, including Microsoft and Facebook, will pay good money to white hats, researchers and even aspiring young hackers who find bugs in any of a dozen technologies central to the vitality and trustworthiness of the Internet
Feel Cisco's WRATH: Over 1,000 placed on DENIED partner sh*t list (The Register) Cisco has launched an EMEA-wide crackdown in the channel after expelling Phoenix IT Group from the Gold Partner network, which our sources alleged was because it flouted support rules by supplying grey market kit
Products, Services, and Solutions
Brivo Systems Achieves GSA Approved Products List Status (PRWeb) Brivo Systems LLC, leader in cloud applications for security management, today announced that as of October 30, 2013 its pre-cloud end-to-end physical access control system with high assurance readers and certificate path validation software has been approved as a fully-compliant FICAM solution by the General Services Administration
GFI MAX Mobile Device Management launched (Help Net Security) GFI MAX announced GFI MAX Mobile Device Management (MDM), a new offering for managed services providers looking to create new revenue opportunities as increasing numbers of employees use mobile devices in the office for work and personal activities
cc no evil: The one social network you don't mind sharing with your boss (Quartz) Mariano Rodriguez, the 30-year-old CEO of Joincube, is on a mission: to banish the endless reply-all work email chain forever
Technologies, Techniques, and Standards
IETF Reaches Broad Consensus to Upgrade Internet Security Protocols Amid Pervasive Surveillance (CircleID) IETF 88 Technical Plenary: Hardening The InternetInternet security has been a primary focus this week for more than 1100 engineers and technologists from around the world gathered at the 88th meeting of the Internet Engineering Task Force (IETF). Participants are rethinking approaches to security across a wide range of technical areas
PCI Council Strengthens Security Standard (InformationWeek) Payment card industry's latest information security standard adds penetration testing, malware, authentication, physical security and other requirements
NIST orders review of its encryption standards development processes (FierceHealthIT) After reports based on documents leaked by Edward Snowden raised questions about existing encryption standards, the National Institute of Standards and Technology (NIST) has launched a formal review of its processes
Smartphone security concerns prompt makers to turn to biometrics (FierceITSecurity) Number of smartphones with fingerprint sensors to increase tenfold by 2017, says IHS
How to manage the deluge of information security threat reports (Search Security) You've no doubt noticed an increasing number of vendors, researchers, consultants and others issuing reports detailing information security threats, promising new insights about the latest attacks, vulnerabilities and exploits. While many are valuable, the sheer amount of available information can be difficult to manage and digest. More importantly, the information may not even be applicable to your company's environment
Reframing discussions about return on security investment (Search Security) What's the best way to determine the return on security investment in our company? Getting a bigger security budget is difficult without being able to bring solid numbers to the board
Whistleblower policy: Preventing insider information leak incidents (Search Security) Edward Snowden, now of universal fame (or infamy) due to his disclosure of U.S. National Security Agency classified information, has been charged with a number of crimes, including espionage. The case will prove to be a long and difficult one, and its adjudication, whatever the outcome, promises to be as complex as it is uncertain
Third–party risk management: Horror stories? You are not alone (Search Security) Cyberattacks leap from the headlines almost daily, yet senior management at some companies still believe their organizations are not potential targets: "Nobody knows who we are, why would anyone want to attack us
App wrapping secures sensitive data even on malware-infected, jail-broken, unmanaged mobile consumer devices (ComputerWorld) When it comes to ensuring secure enterprise mobility, device-oriented approaches adapted from single-vendor environments like BlackBerry simply aren't working in the bring-your-own-device (BYOD) mobile enterprise. Companies need a way to secure devices they don't own or don't already manage using a mobile device management solution
Arming yourself with a cloud security checklist that covers your apps and data (Trend Micro Simply Security) In my last blog, I walked through the shared responsibility model for security in the cloud and the importance of host-based firewalls to both inbound and outbound communication; intrusion prevention capabilities to protect against vulnerabilities even before you patch; integrity monitoring to catch system changes; and anti-malware with web reputation to protect against viruses and malicious URLs
How to Spot a Twitter Spambot (Mashable) Twitter has spam issue. The social network's "follow anyone" model allows a steady influx of spammers to reach out to many people in a short amount of time, hoping at least one of them will click on a sketchy link
Design and Innovation
How Biz Stone's Biggest Mistake Spawned Twitter (TechCrunch) "The first, second, third company I went to work for, somehow I screwed them all up. Doing startups is all about making mistakes," Biz Stone nervously admitted onstage at the New Context Conference in San Francisco. He'd just confessed that he didn't prepare anything so will talk about his biggest screw-ups, including one that could earn him many millions of dollars when Twitter IPOs
Research and Development
Researchers dare AI experts to crack new GOTCHA password scheme (NetworkWorld) Like CAPTCHA, GOTCHA's inkblot password system relies on humans' visual skills
Big Data is a Good Place for Hackers to Hide (Nextgov) As departments increasingly try parsing mammoth streams of Web activity to detect cyber threats, expect attackers to fight back by gaming the big data analytics, according to a new cybersecurity report by Georgia Tech researchers
NSA spying prompts open TrueCrypt encryption software audit to go viral (CSO) Concerns over NSA tampering provokes wide crowdsourcing response from security community
Experts Join Movement to Audit TrueCrypt, Perhaps Other Security Software (Threatpost) As the TrueCrypt audit chugs along toward a deterministic, clean build of the open-source encryption software and a palatable license, the organizers have brought prominent security and legal experts aboard as a technical advisory team
Academia
How Qualys network security tools protect University of Westminster from cyber threats (Computing) Based in the heart of London, the University of Westminster caters for more than 20,000 students and 4,500 staff
Universities, NSA Partnering on Cybersecurity Programs (Southern Maryland Online) Universities across the country are racing to prepare the next generation of cybersecurity experts before a major cyberattack leaves the country's networks struggling to reboot
Cyber security threats expanding, expert says (The Ranger) Cyber security is transitioning from small, local problems to global issues affecting nations, Arne Saustrup, senior manager of network and operations for the Alamo Colleges, said during a presentation "Network Security and the Alamo Colleges: Think Globally, Act Locally" Oct. 28 in the nursing complex
Legislation, Policy, and Regulation
FSB wants Russian internet communications to be recorded (Russia Today) Russia's Communications Ministry, in cooperation with security services, is finalizing a directive obliging internet providers to record private internet communications
GCHQ — General Chit-chat, Hazy Questions? (Trend Micro Countermeasures) Yesterday's questioning of intelligence chiefs by Members of Parliament is a first in British history. The momentous occasion was preceded by anticipation that the three big authorities, MI5, MI6 and GCHQ, would offer an open and transparent account of the extent of their surveillance operations, in particular GCHQ
Germany brings anti–spying bill to the UN, meets with US intelligence (ZDNet) Surveillance practices should be reviewed with an eye towards human rights, UN draft resolution says
Snowden leaks damage Obama foreign–policy agenda (NBC News) The latest stream of revelations from former National Security Agency contractor Edward Snowden – that the United States has been spying on at least 35 foreign leaders – sparked a firestorm abroad and at home and have boxed in President Barack Obama, who finds himself struggling a year into his second term. They have damaged America's relationship with some of its closest allies more so than any foreign-policy decision Obama has made, analysts say
White House mulls civilian leadership at NSA (UPI) The White House may place the National Security Agency under civilian leadership and end dual leadership of the NSA and U.S. Cyber Command, officials said
Exclusive: Hagel Defends 'Phenomenal' NSA Chief As the Rest of The Administration Backs Off (Foreign Policy) The White House and Secretary of State John Kerry may be keeping their distance from the embattled Director of the National Security Agency, Gen. Keith Alexander. But Defense Secretary Chuck Hagel, under whom the NSA resides, is standing by him, even as Hagel takes part in high-level talks that could undermine Alexander's legacy
Al Gore: NSA spying 'unacceptable' (Politico) Former Vice President Al Gore slammed the National Security Agency tactics revealed by Edward Snowden as "outrageous" and "completely unacceptable" at a speaking event in Canada
The Folly of the Data Chase (Huffington Post) When I prepared to retire from the U.S. Army after 35 years of continuous service, there were a few people here and there "mentioning" my name as a potential candidate to lead the National Security Agency (NSA). I was the senior officer of the Signal Corps and I knew a thing or two about acquiring and handling sensitive information
Army seeks to integrate cyber approach to electronic warfare efforts (Federal News Radio) Col. Jim Ekvall, chief of the electronic warfare division, joins Federal News Radio DoD reporter Jared Serbu on this week's edition of On DoD
Official: Army needs better cyber management (Army Times) The Army will squander the highly sought cyberwarfare skills within its ranks unless the personnel are better managed, Army cyber officials warn
Why the Government Should Help Leakers (Schneier on Security) In the Information Age, it's easier than ever to steal and publish data. Corporations and governments have to adjust to their secrets being exposed, regularly
Litigation, Investigation, and Law Enforcement
Snowden persuaded other NSA workers to give up passwords (Reuters) Former U.S. National Security Agency contractor Edward Snowden used login credentials and passwords provided unwittingly by colleagues at a spy base in Hawaii to access some of the classified material he leaked to the media, sources said
Free guide highlights legal pitfalls of enterprise collaboration (ComputerWeekly) Cloud-based collaboration company Intralinks and international legal firm Field Fisher Waterhouse (FFW) have published a free guide to help enterprises share information without risk of violating data protection laws
Silk Road reboots: for real, or just a honeypot? (Naked Security) Trusted old-timers from the original site are staffing the relaunched site, and now it's offering PGP encryption. Is the site a sticky trap for luring more drug aficionados or is it enough to save users from the fate that's befallen all those arrested in connection with the original site
FBI seeking "Loverspy" hacker who helped jealous lovers plant spyware (Naked Security) In yet another "don't open that e-birthday card" saga, 33-year-old Carlos Enrique Perez-Melara, now on the FBI's 10 most wanted cybercriminals list, allegedly sold malware that planted a keylogger, as well as remotely controlling a victim's computer and webcam
Secret Service Report Noted Aaron Swartz's 'Depression Problems' (Wired) The Secret Service has released another 26-pages of documents about coder and activist Aaron Swartz in my ongoing Freedom of Information Act lawsuit against the agency
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
CyberInnovation Briefing (Baltimore, Maryland, USA, Nov 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.