The CyberWire Daily Briefing for 11.14.2013
The AXA Loyaltybuild cyber crimewave (Ireland's the epicenter, but it's spread through Europe) now affects some 500,000 consumers.
Facebook works to keep itself free of collateral damage from the Adobe attack, and (predictably) spoofed Facebook password-reset emails are serving malware.
In the US, coverage of Healthcare.gov's rollout has concentrated on what might be called the network's self-jamming features. But reports now appear of potential security and privacy issues in the system. (Paradoxically Healthcare.gov seems to be suffering an unusually low level of cyber attacks, although disclosure is, as always and everywhere, spotty and unsystematic.)
CryptoLocker vector Upatre seems to be filling Blackhole's vacated niche in the criminal ecosystem. In more evidence that every feature of legitimate markets eventually appears in criminal markets, CryptoLocker's masters stand up a customer support site.
Other criminals combine Zeus and Sinowal Trojans in a suite designed to evade defensive software.
Complex systems exhibit complex vulnerabilities: see BIOS attacks and attack surfaces presented by the small, usually overlooked operating systems contolling parts of smartphones.
Complex IT procurement rules remain an unsolved problem for governments. Attack intelligence sharing remains an unsolved problem for everyone.
CIO tells us which "hot security start-ups to watch." Cisco's bad quarterly results prompt serious reflection on headwinds government surveillance has apparently imposed on US companies. Customers may shift to Chinese firms, but absent better supply-chain security, this hardly seems a promising solution.
The North American power-grid cyber exercise continues. Walking Shark 2 concludes, and preliminary reactions to the UK financial wargame appear.
Today's issue includes events affecting Australia, China, Ecuador, Ireland, Japan, Republic of Korea, Malaysia, Philippines, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Criminals "have all details needed to use credit cards" (The Journal) 8,000 customers who booked weekend breaks through the insurance firm [AXA] may have had their credit card details accessed
Loyaltybuild attack: 500,000 people may have had credit card details stolen (Naked Security) Thousands of people across Europe and, more specifically, in Ireland have had their credit card and personal details stolen after a company which runs reward schemes was hacked
Fake Facebook password request email carries malware (Help Net Security) Not ones to miss an opportunity, malware peddlers are piggybacking on the fact that Facebook is blocking the accounts of certain users and demanding they change their passwords in the wake of the Adobe
Adobe's poor password security forces Facebook to block accounts (Help Net Security) The recent Guinness-world-record-sized breach at Adobe is poised to cause many problems for the users whose login information was compromised. It wouldn't be that great of a deal if the stolen information
iPhone 5, Galaxy S4 zero-day exploits revealed at HP Pwn2Own contest (NetworkWorld) Two teams of Japanese and Chinese "white hat" hackers have been declared victors at HP's Pwn2Own 2013 contest in Tokyo today for finding zero-day exploits that allowed them to compromise the Apple iPhone 5 and the Samsung Galaxy S4
DHS Official Confirms Attempted Cyber Attack on Healthcare.gov (Washington Free Beacon) The Obama administration's botched rollout of HealthCare.gov has been subject to an "denial of service" attack meant at overwhelming and taking down the site, a Department of Homeland Security official said on Wednesday
Obamacare Website Targeted About 16 Times by Cyber Attacks (ABC News via Yahoo! News) The troubled Affordable Care Act website has been subject to "a handful" of hacking attempts, including at least one intended to bring the site down, a Department of Homeland Security official told lawmakers today. But considering that some federal websites get hundreds of cyber-assaults each day, the approximately 16 reported attacks on healthcare.gov is a surprisingly small number, experts said
Data Privacy Scare On HealthCare.gov (Dark Reading) Had you asked me last week whether the situation for the federal government's embattled insurance marketplace website, HealthCare.gov, could get any worse, I probably would have said, "I don't see how." Today, I'm not so sure
Examining The Security Implications of Healthcare.gov (SecurityWeek) After hearing about all the technical issues with Healthcare.gov, I started to think about the security implications of these sites and, with some light investigation, concluded that there's more than functionality and availability that's ailing Healthcare.gov. There's significant potential for compromise
Filling the Blackhole Void (Industrial Safety and Security Source) Ever since police arrested the person they feel is responsible for Blackhole, there has been a significant reduction in spam campaigns using the exploit kit, creating a vacuum in the spam-sending world
CryptoLocker crooks launch 'customer service' site (CNBC) Here's a first: Crooks who understand the importance of customer service
Unusual BHEK-Like Spam With Attachment Found (TrendLabs Security Intelligence Blog) Soon after Paunch was arrested, we found that the flow of spam campaigns going to sites with the Blackhole Exploit Kit (BHEK) had slowed down considerably. Instead, we saw an increase in messages with a malicious attachment. Recently, however, we came across rather unusual spam samples that combines characteristics of both attacks
Sinowal and Zbot Trojan collaborate in new attack (Help Net Security) Trend Micro researchers have recently come across an interesting example of malware collaboration involving the Zeus banking Trojan and a new variant of the password-stealing Sinowal Trojan
Linux Back Door Uses Covert Communication Protocol (Symantec) In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords…The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid suspicious network traffic or installed files, which may have triggered a security review. Demonstrating sophistication, the attackers devised their own stealthy Linux back door to camouflage itself within the Secure Shell (SSH) and other server processes
MacRumors Forums Hacker Says Passwords Won't Be Leaked (Threatpost) The hacker behind a breach of MacRumors Forums, a popular Macintosh discussion forum, said none of the 860,000 passwords will be leaked, calling the attack "friendly."
The secret second operating system that could make every mobile phone insecure (ExtremeTech) When we talk about computers — PCs, smartphones, cars — we generally assume that there's just one operating system: A single, monolithic piece of software that manages each individual piece of hardware, from the CPU to the USB controller to the wireless connectivity…In actual fact, unbeknownst to the user, almost every computer has multiple operating systems running at the same time, managing various different parts of the computer — and worryingly, these OSes are usually proprietary, closed-source, bug–ridden, and have extensive, low–level access to your data
Research Into BIOS Attacks Underscores Their Danger (Dark Reading) The jury is out on BadBIOS, but malware for motherboards and other hardware is both possible and, with the rise of the Internet of Things, likely
Crackers crack Cracked with exploit kit (SC Magazine) Hughely popular site Cracked.com among the 300 most visited in the US was hacked and hosted the Nuclear Pack exploit kit. Barracuda Labs research scientist Daniel Peck said Cracked.com served the attack kit from possibly last week until Monday
Infosec forum hacked, foists malware via IE zero–day (SC Magazine) An infosec forum was hacked and implanted with malware that hit users with drive-by attacks via a Internet Explorer zero-day. FireEye senior malware researcher Ned Moran said evidence suggested the attackers were likely those behind the 'Operation DeputyDog' attacks in August
Google Drive Phishing (Internet Storm Center) In the past we have seen malware being delivered via Google Docs. You would receive an email stating that a document had been shared and when you clicked the link bad things would start to happen. In recent weeks the same approach has increasingly been used to Phish. You would receive an email along these lines
Security Patches, Mitigations, and Software Updates
Microsoft leads the way, setting new cryptographic defaults (Naked Security) Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting
Android 4.4 KitKat, thoroughly reviewed (Ars Technica) Tons of user- and system-level changes make KitKat one of the biggest releases ever
Server Innovation Moves Slowly (InformationWeek) Companies may be planning big data and Internet of things strategies, but they aren't buying the next-gen hardware to support them
Attackers circumvent security through app store, hardware (FierceMobileIT) Although enterprises utilize a variety of security techniques, such as compartmentalizing trusted apps and containerizing sensitive data to create sterile enterprise mobile environments, attackers are finding success infiltrating the most mundane mobile activities
UK consumers demand to be told of all data breaches (Help Net Security) The UK public wants to be informed whenever an organization suffers a data breach, and that more needs to be done to punish companies that lose sensitive information, according to LogRhythm
Exploring risk–based security management in the industrial sector (Help Net Security) Tripwire announced the results of research comparing risk-based security management in the industrial sector to that of other industries
Merchants showing payment security awareness (Help Net Security) ControlScan and Merchant Warehouse have jointly released the results of their survey of Level 4 merchants' awareness, sentiment and progress toward securing cardholder data in compliance with PCI standards
Don't be fooled by the name: cyber security is about people, not technology (Econsultancy) When you hear the phrase 'cyber security', what springs to mind? On the face of it, cyber security is often assumed to be purely technical: it could be described as protecting IT from viruses, malware and other threats that just keep growing in the digital age
Spy agency methods help fight online attacks (MySanAntonio.com) Oil companies are turning to the intelligence industry for insights on how to battle a steady rush of online threats
Android devices cause majority of infections in mobile networks (ComputerWorld) Android devices account for 60 percent of infections in mobile networks, according to findings from the latest network security trends by Alcatel-Lucent
More Than 25 Percent of Companies Plan to Increase IT Security Budgets in 2014 (eSecurity Planet) Still, a SilverSky survey found that 81 percent already believe they're as secure or more secure than they were a year ago
We're All The APT (Dark Reading) Despite the original, long-lost, but well-intentioned meaning of the security industry's favorite acronym, lines have become blurred to the extent that "APT" can now be so broadly applied by our adversaries to describe, well, us. Although this makes the term even more useless in conversations intended to characterize the specifics of an attack, it has been something I've argued for quite some time now and was my initial thought when news of Edward Snowden's escapades (and, specifically, XKeyscore, FoxAcid, et al.) broke
Study: Many Consumers Still Untrained On Privacy Risks (Dark Reading) Most consumers have not had security training, fail to stay up to date on privacy policies, Harris survey finds
12 Hot Security Startups to Watch (CIO) Going into 2014, a whirlwind of security start-ups are looking to have an impact on the enterprise world. Most of these new ventures are focused on securing data in the cloud and on mobile devices
David Blumenthal: 'Broken' IT procurement process key to HealthCare.gov mess (FierceHealthIT) The federal IT procurement process is a complex mess in need of a major overhaul, according to David Blumenthal, former National Coordinator for Health IT
Cisco's disastrous quarter shows how NSA spying could freeze US companies out of a trillion–dollar opportunity (Quartz) Cisco announced two important things in today's earnings report: The first is that the company is aggressively moving into the Internet of Things—the effort to connect just about every object on earth to the internet—by rolling out new technologies. The second is that Cisco has seen a huge drop-off in demand for its hardware in emerging markets, which the company blames on fears about the NSA using American hardware to spy on the rest of the world
How the NSA is hurting America's tech industry — and helping China's (The Week) International customers are fleeing tech titans like Cisco over fears of U.S. snooping. But they'll likely face similar surveillance by working with Chinese competitors
Autonomic Resources Gets DoD Authorization for Cloud Service (ExecutiveBiz) Autonomic Resources has received a provisional authorization from the Defense Department for the company's cloud platform service offering
Northrop, Radiance Team to Pursue Air Force Intell Program (ExecutiveBiz) GeocodingNorthrop Grumman and Radiance Technologies have formed a team to compete for a U.S. Air Force contract covering research and development, intelligence and data exploitation support services
IBM to acquire Fiberlink Communications (Help Net Security) IBM announced a definitive agreement to acquire Fiberlink Communications, a mobile management and security company. Financial terms were not disclosed. With Fiberlink's MaaS360 cloud-based offering
DHS Office of the CIO Completes Successful Transition to Xacta IA Manager for Enterprise–wide Compliance with Information Assurance Requirements (Wall Street Journal) The department of Homeland Security Office of the Chief Information Officer has completed its transition to Telos Corporation's Xacta® IA Manager for enterprise-wide IA compliance. Xacta IA Manager has been deployed enterprise-wide to nearly one thousand systems throughout DHS, including all department components
Juniper Taps Former Verizon CTO As Its New CEO (CRN) Juniper Networks (NSDQ:JNPR) Tuesday appointed Shaygan Kheradpir, former CTO and CIO of telecommunications giant Verizon Communications (NYSE:VZ), as its new CEO and a member of the company's board of directors effective Jan. 1, 2014
Products, Services, and Solutions
Is Firefox PDF reader a secure alternative to Adobe Reader? (Search Security) Mozilla included a built-in PDF reader as a default feature in Firefox 19. How does it work, and is it safer than other PDF readers like Adobe Reader or Foxit
Dropbox revamps business service so you can manage both personal and work files (The Next Web) Dropbox has rebuilt its business service from the ground up to make it easier to manage both your personal and your work files
Procera Networks Wins Broadband Traffic Management Award (MarketWatch) Dynamic LiveView named most innovative tool for driving real-time subscriber intelligence
Free mobile security scanning apps and SDK (Help Net Security) iScan Online announced an updated and enhanced suite of security scanning services. iScan Online Mobile for iOS - This app provides security scanning for iPhone and iPad smartphones and tablets
anasonic Video Surveillance Technologies Achieve DIACAP Precertification (Sys-Con) Panasonic System Communications Company of North America, a leading provider of integrated security and surveillance solutions, today announced that a range of its video surveillance technologies have been pre-certified as compliant with the security and risk management requirements of the United States Department of Defense (DoD)
Dell SecureWorks Launches Server Protection Services for Physical, Virtual and Cloud Based IT Servers (Hispanic Business) Dell SecureWorks, an industry leader in information security services, now provides Server Protection Services for physical, virtual and cloud-based servers so organizations can secure their servers with an all-in-one service
Agata and Adax Partner in DPI Probe Solution for Network Intelligence (IT News Online) Adax, an industry leader in high-performance packet-processing, security and network infrastructure, is pleased to announce a new partnership with communications and networking specialist Agata Solutions
New secure USB Flash drive from Kingston Digital (Help Net Security) Kingston released the DataTraveler Vault Privacy 3.0 (DTVP) secure USB Flash drive, as well as the DataTraveler Vault Privacy 3.0 Anti-Virus, which helps enterprises safeguard business data and set security policies for end-users
Amazon wants to be your everything with new cloud services (Ars Technica) AWS introduces virtual desktops, a streaming content platform, and more tracking
Microsoft Opens High Tech Cybercrime Center (SecurityWeek) Microsoft said Thursday it has opened a new cybercrime center that combines Microsoft's legal and technical expertise along with cutting-edge tools and technology and cross-industry expertise, to combat cyber crime
Technologies, Techniques, and Standards
Attack the City: why the banks are 'war–gaming' an assault from cyberspace (London Evening Standard) Yesterday the Square Mile's top brass met to take on Waking Shark 2, a secretive exercise to test how London would fare under a major cyber assault. So how did the counter-hackers cope, asks Joshi Herrmann
Did Waking Shark Test the Right Areas of Banking Security? (InfoSecurity Magazine) On the very day that the City of London ran operation Waking Shark II, researchers published an analysis of known bank security incidents or vulnerabilities since 2000. If Waking Shark was designed to test the cyber-readiness of the banking sector, this new analysis suggests it might not be enough
Would your family survive without power? Purdue cyber forensics team tests nationwide power grid (RTV6 ABC) Should a disaster strike, would we be ready to handle it? A recent study says half the households in America wouldn't be prepared to stack up against disaster
Can application security products really be 'self–defending?' (Search Security) I've read a lot recently about "self-defending" application security products -- those that can be integrated into an enterprise application to ward off application hacks, subversion and piracy. How do these products work? Do they really do anything new
How to reduce the risk of Flash security issues (Search Security) In the wake of several Flash zero-day vulnerabilities, how can enterprises limit the risk posed by Flash on the endpoint when it's a mission-critical must have
Services Offer Visibility Into Cloud Blind Spot (Dark Reading) With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities
Cloud Security Alliance Announces Software Defined Perimeter (SDP) Initiative (BWW) The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced the launch of the Software Defined Perimeter (SDP) Initiative, a project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks
Avoiding fallout from Google's blacklist (Help Net Security) Small businesses remain prime targets for cybercrime. For small businesses, particularly entering the holiday season, the fallout from an attack is significant: hacked websites' traffic slows to a crawl
10 mistakes companies make after a data breach (CSO) In a recent presentation for The International Association of Privacy Professionals (IAPP) Privacy Academy, Michael Bruemmer of Experian Data Breach Resolution outlined some the common mistakes his firm has seen as organizations deal with the aftermath of a breach
$45M Hack Holds Lessons to Prevent Prepaid Card Fraud (Storefront Backtalk) Hackers have developed sophisticated schemes to funnel money from banks and payment processors into their own pockets. The more processors know about their tactics, the more they can prevent these heists in the future
9 Steps To Protect Yourself From Crooks on Cyber Monday (Black Enterprise) Don't get ripped off while holiday shopping online
Setting up Honeypots (Internet Storm Center) Most if not all of the handlers run honeypots, sinkholes, SPAM traps, etc in various locations around the planet. As many of you are aware they are a nice tool to see what is going on on the Internet at a specific time. Setting up a new server the other day it was interesting to see how fast it was touched by evilness. Initially it wasn't even intended as a honeypot, but it soon turned into one when "interesting" traffic started turning up. Now of course mixing business (servers original intended use) and pleasure (honeypot) aren't a good thing, so honeypot it is
Design and Innovation
The Watson cloud: IBM prepares to open supercomputer to third party developers (PC World) IBM is preparing to give third parties access to its Watson supercomputer with the aim of spurring the growth of applications that take advantage of the system's artificial intelligence capabilities
Capco Debuts Innovation Lab (American Banker) Global business and technology consultancy firm Capco has launched a high-tech digital lab that aims to provide financial service clients with a place to develop new financial products and services
Research and Development
In–Air Signature Gives Mobile Security to the Password–Challenged (IEEE Spectrum) Signing your name in the air with your smartphone can offer robust security, researchers claim
Wolfram announces 'most important' project: a programming language that models the world (The Verge) The power of Wolfram Alpha — the intelligent search engine that can answer natural language questions and solve complex math problems — is being built into an upcoming programming language that its founder, Stephen Wolfram, says will be incredibly easy to use
Education Startup Udacity Bets It Can Fill The Need For More Data Scientists With New Online Degree Program (TechCrunch) Hot on the heels of a new $37 million White House initiative designed to encourage data science work at American universities, education startup, Udacity, is responding with a data science initiative of its own. Today, the Palo Alto-based company launched an inexpensive, comprehensive degree program that will allow anyone with basic computer science skills to get schooled in the wild and woolly
Legislation, Policy, and Regulation
AFP seeks deep packet inspection capability to capture metadata (ZDNet) Although there is no legislation set up to allow widespread data retention, the Australian Federal Police is setting up systems that will allow it to analyse traffic, and capture and retain metadata
Defense ministry mulling guidelines for psychological cyber warfare (Yonhap via Global Post) South Korea's defense ministry is making guidelines of psychological warfare operations for its Cyber Warfare Command as part of efforts to reform the scandal-ridden unit to stay politically neutral, a senior military official said Thursday
Malaysia capable of tackling cyber attack: Minister (Press TV) Malaysia has the expertise needed to protect the systems of administration and other main institutions from any possible cyber attacks, Communications and Multimedia Minister Datuk Seri Ahmad Shabery Cheek says
"We still don't encrypt server-to-server data," admits Microsoft (Ars Technica) A senior Microsoft executive has told a European parliamentary committee that the company does not encrypt its server–to–server data communications
Senate Debates Surveillance Transparency Act of 2013 (Threatpost) Senator Al Franken presided over a hearing today in which lawmakers and technology experts discussed the National Security Administration's surveillance practices, examining a proposed bill that would require that the U.S. spy agency carry out its operations in a more transparent fashion
Obama aides: Transparency plans could harm security (Politico) Obama administration officials warned senators Wednesday that some of the legislative proposals to bring more official transparency to previously secret surveillance programs could undermine national security and divert crucial intelligence resources
Intelligence Officials Object To New Regulations (TRNS) "Counting the number of persons or US persons whose data is actually collected if they are not the target is impractical," said DNI's General Counsel
Cybersecurity Legislation Gets Push From Financial Firms (Wall Street Journal) Top financial-industry lobbyists pressed Senators to move forward with cybersecurity legislation, part of an effort to re-energize a campaign that has lost steam amid revelations about the National Security Agency's extensive domestic surveillance
Targeting needles, or adding more hay? (Financial Express) The NSA has institutionalised alarmist thinking and is remarkably resistant to counter-information
Opinion: Merkel and National Security (Albion Pleiad) As every single one of us should be aware, the National Security Agency (NSA) has increased its phone-tapping and internet supervision with guns a-blazing since 2001
Peter King gives pep talk to NSA workers (Politico) Embattled National Security Agency employees received a pep talk Wednesday from an unusual source: a congressman
Litigation, Investigation, and Law Enforcement
How Did Snowden Do It? (Dark Reading) Experts piece together clues to paint possible scenarios for how the NSA contractor accessed, downloaded, and leaked secret agency documents on its spying operations
EFF Appeals Chevron's Speech–Chilling Subpoena (Electronic Frontier Foundation) On Halloween of this year, EFF and EarthRights International (ERI) filed an appeal in the Second Circuit to protect the rights of dozens of environmental activists, journalists, and attorneys from a sweeping subpoena issued by the Chevron Corporation. And just last week, both the Republic of Ecuador and a group consisting of Human Rights Watch, Automattic, a pair of anonymous bloggers, and academics Ethan Zuckerman and Rebecca McKinnon filed amicus briefs in support of our appeal
In fight over gag orders, US tech industry files complaint over FBI legal tactics (Gigaom) Google, Microsoft and others are fighting to lift gag orders that prevent them from disclosing the number of surveillance requests they receive -- but the FBI won't even show them the legal arguments they are using to oppose the request
DOJ: 'Locking its front gate' doesn't let Lavabit off the hook for search warrants (Naked Security) You can't get out of cooperating with government-ordered electronic surveillance by shutting down, any more than a business can stop police from executing a search warrant by locking its front gate, the US government tutted at former encrypted-email provider Lavabit
Privacy's gone when posting child abuse images to a P2P network, US judge rules (Naked Security) A US court has turned the tables on child predators who use technology to share images of the abuse, ruling that investigators' use of an automated search tool to ferret out known child porn images was not a violation of the defendants' Fourth Amendment rights against unreasonable search
Staking out Twitter and Facebook, new service lets police poke perps (Ars Technica) LexisNexis' Social Media Monitor service brings big data to police departments
Alleged Leader of Anonymous Philippines Arrested (Softpedia) Authorities in the Philippines have arrested an individual believed to be involved in the recent cyberattacks against around 40 government websites. The attacks took place just before activists from all over the world participated in the November 5 Million March Mask protests
Members Of New York Cell Of Cybercrime Organization Plead Guilty In $45 Million Cybercrime Campaign (Dark Reading) Cyberattacks employed by the defendants and their co-conspirators known in the cyberunderworld as "Unlimited Operations"
For a complete running list of events, please visit the Event Tracker.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.