The CyberWire Daily Briefing for 11.14.2013

Cyber Attacks, Threats, and Vulnerabilities

Criminals "have all details needed to use credit cards" (The Journal) 8,000 customers who booked weekend breaks through the insurance firm [AXA] may have had their credit card details accessed

Loyaltybuild attack: 500,000 people may have had credit card details stolen (Naked Security) Thousands of people across Europe and, more specifically, in Ireland have had their credit card and personal details stolen after a company which runs reward schemes was hacked

Fake Facebook password request email carries malware (Help Net Security) Not ones to miss an opportunity, malware peddlers are piggybacking on the fact that Facebook is blocking the accounts of certain users and demanding they change their passwords in the wake of the Adobe

Adobe's poor password security forces Facebook to block accounts (Help Net Security) The recent Guinness-world-record-sized breach at Adobe is poised to cause many problems for the users whose login information was compromised. It wouldn't be that great of a deal if the stolen information

iPhone 5, Galaxy S4 zero-day exploits revealed at HP Pwn2Own contest (NetworkWorld) Two teams of Japanese and Chinese "white hat" hackers have been declared victors at HP's Pwn2Own 2013 contest in Tokyo today for finding zero-day exploits that allowed them to compromise the Apple iPhone 5 and the Samsung Galaxy S4

DHS Official Confirms Attempted Cyber Attack on Healthcare.gov (Washington Free Beacon) The Obama administration's botched rollout of HealthCare.gov has been subject to an "denial of service" attack meant at overwhelming and taking down the site, a Department of Homeland Security official said on Wednesday

Obamacare Website Targeted About 16 Times by Cyber Attacks (ABC News via Yahoo! News) The troubled Affordable Care Act website has been subject to "a handful" of hacking attempts, including at least one intended to bring the site down, a Department of Homeland Security official told lawmakers today. But considering that some federal websites get hundreds of cyber-assaults each day, the approximately 16 reported attacks on healthcare.gov is a surprisingly small number, experts said

Data Privacy Scare On HealthCare.gov (Dark Reading) Had you asked me last week whether the situation for the federal government's embattled insurance marketplace website, HealthCare.gov, could get any worse, I probably would have said, "I don't see how." Today, I'm not so sure

Examining The Security Implications of Healthcare.gov (SecurityWeek) After hearing about all the technical issues with Healthcare.gov, I started to think about the security implications of these sites and, with some light investigation, concluded that there's more than functionality and availability that's ailing Healthcare.gov. There's significant potential for compromise

Filling the Blackhole Void (Industrial Safety and Security Source) Ever since police arrested the person they feel is responsible for Blackhole, there has been a significant reduction in spam campaigns using the exploit kit, creating a vacuum in the spam-sending world

CryptoLocker crooks launch 'customer service' site (CNBC) Here's a first: Crooks who understand the importance of customer service

Unusual BHEK-Like Spam With Attachment Found (TrendLabs Security Intelligence Blog) Soon after Paunch was arrested, we found that the flow of spam campaigns going to sites with the Blackhole Exploit Kit (BHEK) had slowed down considerably. Instead, we saw an increase in messages with a malicious attachment. Recently, however, we came across rather unusual spam samples that combines characteristics of both attacks

Sinowal and Zbot Trojan collaborate in new attack (Help Net Security) Trend Micro researchers have recently come across an interesting example of malware collaboration involving the Zeus banking Trojan and a new variant of the password-stealing Sinowal Trojan

Linux Back Door Uses Covert Communication Protocol (Symantec) In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords…The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid suspicious network traffic or installed files, which may have triggered a security review. Demonstrating sophistication, the attackers devised their own stealthy Linux back door to camouflage itself within the Secure Shell (SSH) and other server processes

MacRumors Forums Hacker Says Passwords Won't Be Leaked (Threatpost) The hacker behind a breach of MacRumors Forums, a popular Macintosh discussion forum, said none of the 860,000 passwords will be leaked, calling the attack "friendly."

The secret second operating system that could make every mobile phone insecure (ExtremeTech) When we talk about computers — PCs, smartphones, cars — we generally assume that there's just one operating system: A single, monolithic piece of software that manages each individual piece of hardware, from the CPU to the USB controller to the wireless connectivity…In actual fact, unbeknownst to the user, almost every computer has multiple operating systems running at the same time, managing various different parts of the computer — and worryingly, these OSes are usually proprietary, closed-source, bug–ridden, and have extensive, low–level access to your data

Research Into BIOS Attacks Underscores Their Danger (Dark Reading) The jury is out on BadBIOS, but malware for motherboards and other hardware is both possible and, with the rise of the Internet of Things, likely

Crackers crack Cracked with exploit kit (SC Magazine) Hughely popular site Cracked.com among the 300 most visited in the US was hacked and hosted the Nuclear Pack exploit kit. Barracuda Labs research scientist Daniel Peck said Cracked.com served the attack kit from possibly last week until Monday

Infosec forum hacked, foists malware via IE zero–day (SC Magazine) An infosec forum was hacked and implanted with malware that hit users with drive-by attacks via a Internet Explorer zero-day. FireEye senior malware researcher Ned Moran said evidence suggested the attackers were likely those behind the 'Operation DeputyDog' attacks in August

Google Drive Phishing (Internet Storm Center) In the past we have seen malware being delivered via Google Docs. You would receive an email stating that a document had been shared and when you clicked the link bad things would start to happen. In recent weeks the same approach has increasingly been used to Phish. You would receive an email along these lines

Security Patches, Mitigations, and Software Updates

Microsoft leads the way, setting new cryptographic defaults (Naked Security) Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting

Android 4.4 KitKat, thoroughly reviewed (Ars Technica) Tons of user- and system-level changes make KitKat one of the biggest releases ever

Cyber Trends

Server Innovation Moves Slowly (InformationWeek) Companies may be planning big data and Internet of things strategies, but they aren't buying the next-gen hardware to support them

Attackers circumvent security through app store, hardware (FierceMobileIT) Although enterprises utilize a variety of security techniques, such as compartmentalizing trusted apps and containerizing sensitive data to create sterile enterprise mobile environments, attackers are finding success infiltrating the most mundane mobile activities

UK consumers demand to be told of all data breaches (Help Net Security) The UK public wants to be informed whenever an organization suffers a data breach, and that more needs to be done to punish companies that lose sensitive information, according to LogRhythm

Exploring risk–based security management in the industrial sector (Help Net Security) Tripwire announced the results of research comparing risk-based security management in the industrial sector to that of other industries

Merchants showing payment security awareness (Help Net Security) ControlScan and Merchant Warehouse have jointly released the results of their survey of Level 4 merchants' awareness, sentiment and progress toward securing cardholder data in compliance with PCI standards

Don't be fooled by the name: cyber security is about people, not technology (Econsultancy) When you hear the phrase 'cyber security', what springs to mind? On the face of it, cyber security is often assumed to be purely technical: it could be described as protecting IT from viruses, malware and other threats that just keep growing in the digital age

Spy agency methods help fight online attacks (MySanAntonio.com) Oil companies are turning to the intelligence industry for insights on how to battle a steady rush of online threats

Android devices cause majority of infections in mobile networks (ComputerWorld) Android devices account for 60 percent of infections in mobile networks, according to findings from the latest network security trends by Alcatel-Lucent

More Than 25 Percent of Companies Plan to Increase IT Security Budgets in 2014 (eSecurity Planet) Still, a SilverSky survey found that 81 percent already believe they're as secure or more secure than they were a year ago

We're All The APT (Dark Reading) Despite the original, long-lost, but well-intentioned meaning of the security industry's favorite acronym, lines have become blurred to the extent that "APT" can now be so broadly applied by our adversaries to describe, well, us. Although this makes the term even more useless in conversations intended to characterize the specifics of an attack, it has been something I've argued for quite some time now and was my initial thought when news of Edward Snowden's escapades (and, specifically, XKeyscore, FoxAcid, et al.) broke

Study: Many Consumers Still Untrained On Privacy Risks (Dark Reading) Most consumers have not had security training, fail to stay up to date on privacy policies, Harris survey finds

Marketplace

12 Hot Security Startups to Watch (CIO) Going into 2014, a whirlwind of security start-ups are looking to have an impact on the enterprise world. Most of these new ventures are focused on securing data in the cloud and on mobile devices

David Blumenthal: 'Broken' IT procurement process key to HealthCare.gov mess (FierceHealthIT) The federal IT procurement process is a complex mess in need of a major overhaul, according to David Blumenthal, former National Coordinator for Health IT

Cisco's disastrous quarter shows how NSA spying could freeze US companies out of a trillion–dollar opportunity (Quartz) Cisco announced two important things in today's earnings report: The first is that the company is aggressively moving into the Internet of Things—the effort to connect just about every object on earth to the internet—by rolling out new technologies. The second is that Cisco has seen a huge drop-off in demand for its hardware in emerging markets, which the company blames on fears about the NSA using American hardware to spy on the rest of the world

How the NSA is hurting America's tech industry — and helping China's (The Week) International customers are fleeing tech titans like Cisco over fears of U.S. snooping. But they'll likely face similar surveillance by working with Chinese competitors

Autonomic Resources Gets DoD Authorization for Cloud Service (ExecutiveBiz) Autonomic Resources has received a provisional authorization from the Defense Department for the company's cloud platform service offering

Northrop, Radiance Team to Pursue Air Force Intell Program (ExecutiveBiz) GeocodingNorthrop Grumman and Radiance Technologies have formed a team to compete for a U.S. Air Force contract covering research and development, intelligence and data exploitation support services

IBM to acquire Fiberlink Communications (Help Net Security) IBM announced a definitive agreement to acquire Fiberlink Communications, a mobile management and security company. Financial terms were not disclosed. With Fiberlink's MaaS360 cloud-based offering

DHS Office of the CIO Completes Successful Transition to Xacta IA Manager for Enterprise–wide Compliance with Information Assurance Requirements (Wall Street Journal) The department of Homeland Security Office of the Chief Information Officer has completed its transition to Telos Corporation's Xacta® IA Manager for enterprise-wide IA compliance. Xacta IA Manager has been deployed enterprise-wide to nearly one thousand systems throughout DHS, including all department components

Juniper Taps Former Verizon CTO As Its New CEO (CRN) Juniper Networks (NSDQ:JNPR) Tuesday appointed Shaygan Kheradpir, former CTO and CIO of telecommunications giant Verizon Communications (NYSE:VZ), as its new CEO and a member of the company's board of directors effective Jan. 1, 2014

Products, Services, and Solutions

Is Firefox PDF reader a secure alternative to Adobe Reader? (Search Security) Mozilla included a built-in PDF reader as a default feature in Firefox 19. How does it work, and is it safer than other PDF readers like Adobe Reader or Foxit

Dropbox revamps business service so you can manage both personal and work files (The Next Web) Dropbox has rebuilt its business service from the ground up to make it easier to manage both your personal and your work files

Procera Networks Wins Broadband Traffic Management Award (MarketWatch) Dynamic LiveView named most innovative tool for driving real-time subscriber intelligence

Free mobile security scanning apps and SDK (Help Net Security) iScan Online announced an updated and enhanced suite of security scanning services. iScan Online Mobile for iOS - This app provides security scanning for iPhone and iPad smartphones and tablets

anasonic Video Surveillance Technologies Achieve DIACAP Precertification (Sys-Con) Panasonic System Communications Company of North America, a leading provider of integrated security and surveillance solutions, today announced that a range of its video surveillance technologies have been pre-certified as compliant with the security and risk management requirements of the United States Department of Defense (DoD)

Dell SecureWorks Launches Server Protection Services for Physical, Virtual and Cloud Based IT Servers (Hispanic Business) Dell SecureWorks, an industry leader in information security services, now provides Server Protection Services for physical, virtual and cloud-based servers so organizations can secure their servers with an all-in-one service

Agata and Adax Partner in DPI Probe Solution for Network Intelligence (IT News Online) Adax, an industry leader in high-performance packet-processing, security and network infrastructure, is pleased to announce a new partnership with communications and networking specialist Agata Solutions

New secure USB Flash drive from Kingston Digital (Help Net Security) Kingston released the DataTraveler Vault Privacy 3.0 (DTVP) secure USB Flash drive, as well as the DataTraveler Vault Privacy 3.0 Anti-Virus, which helps enterprises safeguard business data and set security policies for end-users

Amazon wants to be your everything with new cloud services (Ars Technica) AWS introduces virtual desktops, a streaming content platform, and more tracking

Microsoft Opens High Tech Cybercrime Center (SecurityWeek) Microsoft said Thursday it has opened a new cybercrime center that combines Microsoft's legal and technical expertise along with cutting-edge tools and technology and cross-industry expertise, to combat cyber crime

Technologies, Techniques, and Standards

Attack the City: why the banks are 'war–gaming' an assault from cyberspace (London Evening Standard) Yesterday the Square Mile's top brass met to take on Waking Shark 2, a secretive exercise to test how London would fare under a major cyber assault. So how did the counter-hackers cope, asks Joshi Herrmann

Did Waking Shark Test the Right Areas of Banking Security? (InfoSecurity Magazine) On the very day that the City of London ran operation Waking Shark II, researchers published an analysis of known bank security incidents or vulnerabilities since 2000. If Waking Shark was designed to test the cyber-readiness of the banking sector, this new analysis suggests it might not be enough

Would your family survive without power? Purdue cyber forensics team tests nationwide power grid (RTV6 ABC) Should a disaster strike, would we be ready to handle it? A recent study says half the households in America wouldn't be prepared to stack up against disaster

Can application security products really be 'self–defending?' (Search Security) I've read a lot recently about "self-defending" application security products -- those that can be integrated into an enterprise application to ward off application hacks, subversion and piracy. How do these products work? Do they really do anything new

How to reduce the risk of Flash security issues (Search Security) In the wake of several Flash zero-day vulnerabilities, how can enterprises limit the risk posed by Flash on the endpoint when it's a mission-critical must have

Services Offer Visibility Into Cloud Blind Spot (Dark Reading) With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities

Cloud Security Alliance Announces Software Defined Perimeter (SDP) Initiative (BWW) The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced the launch of the Software Defined Perimeter (SDP) Initiative, a project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks

Avoiding fallout from Google's blacklist (Help Net Security) Small businesses remain prime targets for cybercrime. For small businesses, particularly entering the holiday season, the fallout from an attack is significant: hacked websites' traffic slows to a crawl

10 mistakes companies make after a data breach (CSO) In a recent presentation for The International Association of Privacy Professionals (IAPP) Privacy Academy, Michael Bruemmer of Experian Data Breach Resolution outlined some the common mistakes his firm has seen as organizations deal with the aftermath of a breach

$45M Hack Holds Lessons to Prevent Prepaid Card Fraud (Storefront Backtalk) Hackers have developed sophisticated schemes to funnel money from banks and payment processors into their own pockets. The more processors know about their tactics, the more they can prevent these heists in the future

9 Steps To Protect Yourself From Crooks on Cyber Monday (Black Enterprise) Don't get ripped off while holiday shopping online

Setting up Honeypots (Internet Storm Center) Most if not all of the handlers run honeypots, sinkholes, SPAM traps, etc in various locations around the planet. As many of you are aware they are a nice tool to see what is going on on the Internet at a specific time. Setting up a new server the other day it was interesting to see how fast it was touched by evilness. Initially it wasn't even intended as a honeypot, but it soon turned into one when "interesting" traffic started turning up. Now of course mixing business (servers original intended use) and pleasure (honeypot) aren't a good thing, so honeypot it is

Design and Innovation

The Watson cloud: IBM prepares to open supercomputer to third party developers (PC World) IBM is preparing to give third parties access to its Watson supercomputer with the aim of spurring the growth of applications that take advantage of the system's artificial intelligence capabilities

Capco Debuts Innovation Lab (American Banker) Global business and technology consultancy firm Capco has launched a high-tech digital lab that aims to provide financial service clients with a place to develop new financial products and services

Research and Development

In–Air Signature Gives Mobile Security to the Password–Challenged (IEEE Spectrum) Signing your name in the air with your smartphone can offer robust security, researchers claim

Wolfram announces 'most important' project: a programming language that models the world (The Verge) The power of Wolfram Alpha — the intelligent search engine that can answer natural language questions and solve complex math problems — is being built into an upcoming programming language that its founder, Stephen Wolfram, says will be incredibly easy to use

Academia

Education Startup Udacity Bets It Can Fill The Need For More Data Scientists With New Online Degree Program (TechCrunch) Hot on the heels of a new $37 million White House initiative designed to encourage data science work at American universities, education startup, Udacity, is responding with a data science initiative of its own. Today, the Palo Alto-based company launched an inexpensive, comprehensive degree program that will allow anyone with basic computer science skills to get schooled in the wild and woolly

Legislation, Policy, and Regulation

AFP seeks deep packet inspection capability to capture metadata (ZDNet) Although there is no legislation set up to allow widespread data retention, the Australian Federal Police is setting up systems that will allow it to analyse traffic, and capture and retain metadata

Defense ministry mulling guidelines for psychological cyber warfare (Yonhap via Global Post) South Korea's defense ministry is making guidelines of psychological warfare operations for its Cyber Warfare Command as part of efforts to reform the scandal-ridden unit to stay politically neutral, a senior military official said Thursday

Malaysia capable of tackling cyber attack: Minister (Press TV) Malaysia has the expertise needed to protect the systems of administration and other main institutions from any possible cyber attacks, Communications and Multimedia Minister Datuk Seri Ahmad Shabery Cheek says

"We still don't encrypt server-to-server data," admits Microsoft (Ars Technica) A senior Microsoft executive has told a European parliamentary committee that the company does not encrypt its server–to–server data communications

Senate Debates Surveillance Transparency Act of 2013 (Threatpost) Senator Al Franken presided over a hearing today in which lawmakers and technology experts discussed the National Security Administration's surveillance practices, examining a proposed bill that would require that the U.S. spy agency carry out its operations in a more transparent fashion

Obama aides: Transparency plans could harm security (Politico) Obama administration officials warned senators Wednesday that some of the legislative proposals to bring more official transparency to previously secret surveillance programs could undermine national security and divert crucial intelligence resources

Intelligence Officials Object To New Regulations (TRNS) "Counting the number of persons or US persons whose data is actually collected if they are not the target is impractical," said DNI's General Counsel

Cybersecurity Legislation Gets Push From Financial Firms (Wall Street Journal) Top financial-industry lobbyists pressed Senators to move forward with cybersecurity legislation, part of an effort to re-energize a campaign that has lost steam amid revelations about the National Security Agency's extensive domestic surveillance

Targeting needles, or adding more hay? (Financial Express) The NSA has institutionalised alarmist thinking and is remarkably resistant to counter-information

Opinion: Merkel and National Security (Albion Pleiad) As every single one of us should be aware, the National Security Agency (NSA) has increased its phone-tapping and internet supervision with guns a-blazing since 2001

Peter King gives pep talk to NSA workers (Politico) Embattled National Security Agency employees received a pep talk Wednesday from an unusual source: a congressman

Litigation, Investigation, and Law Enforcement

How Did Snowden Do It? (Dark Reading) Experts piece together clues to paint possible scenarios for how the NSA contractor accessed, downloaded, and leaked secret agency documents on its spying operations

EFF Appeals Chevron's Speech–Chilling Subpoena (Electronic Frontier Foundation) On Halloween of this year, EFF and EarthRights International (ERI) filed an appeal in the Second Circuit to protect the rights of dozens of environmental activists, journalists, and attorneys from a sweeping subpoena issued by the Chevron Corporation. And just last week, both the Republic of Ecuador and a group consisting of Human Rights Watch, Automattic, a pair of anonymous bloggers, and academics Ethan Zuckerman and Rebecca McKinnon filed amicus briefs in support of our appeal

In fight over gag orders, US tech industry files complaint over FBI legal tactics (Gigaom) Google, Microsoft and others are fighting to lift gag orders that prevent them from disclosing the number of surveillance requests they receive -- but the FBI won't even show them the legal arguments they are using to oppose the request

DOJ: 'Locking its front gate' doesn't let Lavabit off the hook for search warrants (Naked Security) You can't get out of cooperating with government-ordered electronic surveillance by shutting down, any more than a business can stop police from executing a search warrant by locking its front gate, the US government tutted at former encrypted-email provider Lavabit

Privacy's gone when posting child abuse images to a P2P network, US judge rules (Naked Security) A US court has turned the tables on child predators who use technology to share images of the abuse, ruling that investigators' use of an automated search tool to ferret out known child porn images was not a violation of the defendants' Fourth Amendment rights against unreasonable search

Staking out Twitter and Facebook, new service lets police poke perps (Ars Technica) LexisNexis' Social Media Monitor service brings big data to police departments

Alleged Leader of Anonymous Philippines Arrested (Softpedia) Authorities in the Philippines have arrested an individual believed to be involved in the recent cyberattacks against around 40 government websites. The attacks took place just before activists from all over the world participated in the November 5 Million March Mask protests

Members Of New York Cell Of Cybercrime Organization Plead Guilty In $45 Million Cybercrime Campaign (Dark Reading) Cyberattacks employed by the defendants and their co-conspirators known in the cyberunderworld as "Unlimited Operations"

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.

Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.

APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.

IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.

Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.

SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.

World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.

ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.