The CyberWire Daily Briefing for 11.18.2013
vBulletin's support forum has been breached, and the password compromise leads to fears of other exploits targeting Internet fora and message boards. vBulletin is resetting its users' passwords and urging them to change any they may have reused elsewhere.
CryptoLocker ransomware email vectors have reached millions of UK Internet users. Sophos offers suggestions for helping mitigate the crimewave.
Vulnerabilities have been found in another D-Link router. Symantec warns of Linux Backdoor Trojan Fokirtor, found on some corporate networks. Google Cloud Messaging is increasingly being used to handle botnet command-and-control traffic.
CME Group reports its ClearPort energy and metals futures trading platform has been attacked. The FBI is investigating; the financial industry continues to work toward attack information sharing.
Bitcoin, gaining legitimacy as a financial instrument, complains that a flaw in Android's secure random number generator enables Bitcoin theft. (Bitcoin also gains favor in the criminal underground's creepier precincts: a self-styled anarchist tries to crowdfund political assassinations using the virtual currency.)
Cyber rioting affects targets tangentially related to Israel. Motiveless Italian hackers hit NASA.
Allegations of Australian surveillance of Indonesia's president (allegedly by hacking his cellphone) induce Indonesia to recall its ambassador in protest. The German Bundestag opens a major debate over proper response to US surveillance today.
Director Alexander continues to defend NSA's surveillance operations as a divided Senate considers the agency's future.
China denies allegations of widespread PLA industrial espionage.
Stratfor hacker Hammond gets ten years; his supporters ask about Sabu, the Father Gapon of LulzSec. Lavabit litigation advances.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Israel, Morocco, Pakistan, South Africa, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Password hack of vBulletin.com fuels fears of in–the–wild 0–day attacks (Ars Technica) Hacks on sites using the widely used forum software spread to its maker
Hackers use zero–day vulnerability to breach vBulletin support forum (ComputerWorld) The hackers say they hacked the forum of vBulletin user MacRumors.com using the same exploit, which is now up for sale
VBulletin hacked. DEF CON closes its forums after security scare (Graham Cluley) VBulletin, the software used to run many internet forums and message boards, has had its network attacked by hackers, who managed to steal the user IDs of customers and encrypted passwords
Ten–Thousand CryptoLocked–Out (PC Magazine) In a blog post, security company Bitdefender revealed that CryptoLocker claimed over 10,000…Bitdefender Labs researchers were able to reverse-engineer the
UK probes cyber attack on bank computers (Oman Tribune) Cybercrime investigators are looking into a barrage of spam sent to millions of British banking customers designed to freeze their computers and demand a ransom, Britain's National Crime Agency said on Friday
CryptoLocker urgent alert — here's how YOU can help! (Naked Security) The UK's National Crime Agency has put out a CryptoLocker ransomware alert - the malware is still a huge problem, even after weeks of high profile coverage. Here's what YOU can do to help prevent it
Multiple security holes found in yet another D–Link router (FierceCIOTechWatch) A new bunch of vulnerabilities have been discovered in a D-Link router, according to security researcher Liad Mizrachi. As reported on ThreatPost, Mizrachi says he contacted D-Link to disclose the cross-site scripting (XSS) bugs he found in the company's 2760N (DSL-2760U-BN) routers on multiple occasions--twice in August, twice in September and once in October. However, he says the vendor did not respond to any of his disclosures
Affiliate network for mobile malware impersonates Google Play, tricks users into installing premium-rate SMS sending rogue apps (Webroot Threat Blog) Affiliate networks are an inseparable part of the cybercrime ecosystem. Largely based on their win-win revenue sharing model, throughout the years, they've successfully established themselves as a crucial part of the cybercrime growth model, further ensuring that a cybercriminal will indeed receive a financial incentive for his fraudulent/malicious activities online
Malicious emails target multiple operating systems (Help Net Security) Over the past several years, we have seen the proliferation of malware targeting mobile devices such as Android and iOS. The vast majority of the malware has been designed to target the former
Linux backdoor planted on company network to monitor traffic, steal data (SC Magazine) The backdoor trojan, dubbed "Fokirtor," was discovered in June by Symantec researchers. While investigating the breach of a large internet hosting provider, researchers discovered a Linux backdoor capable of stealing login credentials from secure shell (SSH) connections
Rise seen in use of Google service for mobile botnets (CSO) Google Cloud Messaging serving as conduit for sending data from C&C servers
CME discloses FBI probing July hacking attack (Financial Times) CME Group disclosed on Friday that a system used to process big futures trades had been hacked in July, highlighting the vulnerability of the financial industry to cyber attacks
CME Hack Reawakens Electronic Threat to Financial Services Firms (Bloomberg) The cyberattack on CME Group Inc. (CME) last week, routed through Hong Kong, is reminding the financial services world of one of its most constant threats to business
Secure Crypto: Critical Crypto Flaw on Android (RSA) BitCoin recently announced that there is a critical weakness in Android's secure number generator that lead to the theft of over 55 coins worth more than $5500. Google investigated and determined that key generation, signing, and random number generation operations might not receive cryptographically strong values. Also, native code that directly invokes the built-in OpenSSL PRNG without explicit initialization is also affected
FBI warns of U.S. government breaches by Anonymous hackers (7 News) Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week
PlayStation 4 and Xbox One Survey Scams Spotted (TrenLabs Security Intelligence Blog) With the recent release of the PlayStation 4 in North America and the upcoming release of the Xbox One, November is fast becoming an exciting month for gamers. However, it appears that they aren't the only ones looking forward to these launches. We spotted several survey scams that took advantage of the buzz surrounding the two consoles
Modi's men ground UAVs fearing cyber attack! (Bangalore Mirror) It was a security plan that was worked out in minuscule detail. Even the sky was not spared as unmanned aerial vehicles (UAVs) were to be deployed for an hawk-eyed vigil on the nearly two lakh crowd that would gather at the Palace Grounds. Dry runs were conducted and the results were also positive. But when BJP's prime ministerial candidate Narendra Modi got into action-mode on Sunday, the UAVs remained grounded. Reason: The threat of a cyber attack
Anonymous Threatens to Hack Japanese Government Websites over Dolphin Hunting (International Business Times) Hacktivist group Anonymous has issued a threat against the Japanese government over its controversial dolphin and whale hunting programmes
Sun–Times website under siege (Robert Feder) As if the Sun-Times needed any more problems lately, the newspaper's website came under cyber attack Saturday
Pakistani Hacker Defaces Websites of Indian Television Network Sun TV (Softpedia) Yet another Indian mass media company has been targeted by a hacker of the Pakistan Haxors Crew. This time, the victim is Sun TV Network, a Chennai-based mass media organization
Birmingham City Council website buckles under 'Anonymous' cyber attack (Birmingham Mail) Council confirmed its web services has been 'subjected to multiple inappropriate hits'
8 NASA Domains Hacked and Defaced by Italian Hackers Team (HackRead) A newly emerging hacking group going with the handle of M4ST£R 1T4L!4N H@CK£RS T£4M (Master Italian Hackers Team) has hacked and defaced 8 official National Aeronautics and Space Administration (NASA) domains. Team left their deface page along with a message on all hacked domains. However, the reason for attacking NASA domains was not mentioned anywhere on the page
AnonGhost Hacks Hillside Illinois Police Department website against NATO Strikes (HackRead) The official website of State of Illinois' Hillside Police Department has been hacked and defaced by online hactivist group AnonGhost. Hillside Police Department website got hacked just few minutes ago on which the hackers have left a deface page along with a message against the governments of the world. The audio message on the site criticizes NATO's role in the Muslim countries
AnonGhost Hacks and Defaces 1282 Websites (HackRead) hacker from online hacktivist group AnonGhost has hacked and defaced a total number of 1282 random websites just few hours ago. Hacker has left a deface page along with a message on all hacked sites, displaying group's official logo and tribute to his group members. We are AnonGhost, Hacked by HusseiN98! We are watching you, don't close you eyes! Targeted websites belong to different countries
Moroccan Ghosts hacks Israel Taekwondo Federation website, leaves 'no Israel only Palestine' message (HackRead) The famous online hacktivist from Moroccan Ghosts have hacked and defaced the official website of Israel Taekwondo Federation (ITF) in support of Palestine. Hackers have left a deface page along with a text message and a Youtube footage of Palestinan leader Ahmed Yasin talking in support of Palestine and against the state of Israel
Meet The 'Assassination Market' Creator Who's Crowdfunding Murder With Bitcoins (Forbes) As Bitcoin becomes an increasingly popular form of digital cash, the cryptocurrency is being accepted in exchange for everything from socks to sushi to heroin. If one anarchist has his way, it'll soon be used to buy murder, too
4 Lessons From MongoHQ Data Breach (InformationWeek) Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers
Security Patches, Mitigations, and Software Updates
Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw (Naked Security) Apple pushed out iOS 7.0.4 last week, the fourth patch in two months. Is iOS getting buggier, or is Apple simply publishing security fixes more promptly
Firefox 25.0.1 — the security update that wasn't? (Naked Security) Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1. Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes
Microsoft: We erred in recent Patch Tuesday; Internet Explorer zero–day still unpatched (TechieNews) Microsoft has revealed that it messed up in its recent Patch Tuesday bulletin by including details about the Internet Explorer zero-day that shouldn't have been there in the first place as the security updates didn't have the fix for CVE-2013-3871
Google and Microsoft to block child porn searches on their search engines (Silicon Republic) Google and Microsoft are taking steps to make it harder and harder for child porn content, images and videos to be found on their respective search engines, it emerged today
Cyber Trends
Aviation industry vulnerable to cyber attacks: IATA (Times of India) The International Air Transport Association (IATA) has also called for a partnership between industry, governments and regulators to enhance aviation security by embracing a globally harmonised, risk-based system. Faced with cyber security threats, the aviation industry, which has spent over US$ 100 billion on security since 9/11, should share best practices and partner with governments to adapt to new challenges and tackle them, airlines' body IATA has said
Financial service industry takes the lead in curing the third party security headache (CSO) Aetna CISO Jim Routh discusses how the ever-expanding threat landscape has led the Financial Services Information Sharing and Analysis Center (FS-ISAC) to improve software security at financial organizations
Finance Industry Grapples With Cyber Threats (Forbes) Cyber attacks are increasingly thought of as a threat to modern society. Fears that attackers will use computers to disable critical infrastructure, like the power grid or transportation networks, crippling everyday functions, are touted as the next frontier in threats to security
NERC CIP compliance insufficient to ensure electric system security (Help Net Security) Tripwire announced the results of a survey on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance
Mobile security confidence will be key to m–commerce adoption (Mobile Commerce Press) According to the National Cyber Security Alliance executive director, Michael Kaiser, "Many people just start using a mobile device without always taking the
Mandiant CTO: Data breaches inevitable, but impact can be variable (Siliconrepublic.com) Mandiant CTO Dave Merkel told the IIEA Cyber Security Conference that while businesses may invest heavily in making themselves perfect 100pc of the time
Agencies Widen Open–Source Use (InformationWeek) Open-source software programs streamline efforts, improve security, and lower costs
Marketplace
Why Companies Are Thinking Twice About Buying American (TIME) Finally, a survey published this summer by the Cloud Security Alliance, which develops security standards for Internet companies, examined the number of
FireEye CEO DeWalt on Snowden, cyber security, his stock price — and the mobile phone threat (Silicon Valley Business Journal) FireEye Inc. CEO David DeWalt has been busy lately. Following one of the biggest IPOs of the year, the company has pushed an aggressive product development schedule that's seen it introduce a new product every 11 days, and it's more than doubled its revenue and increased its headcount at least 22 percent to well over 1,100 since its IPO
Engage Clients Skyfire, Devicescape and Procera Receive Industry Awards for Delivering Disruptive Solutions (Digital Journal) Engage, a communications agency specializing in the mobile, cloud and telecom markets, today announced clients Skyfire and Devicescape have both been awarded with Fierce Innovation awards and Procera Networks has been selected for a Broadband Traffic Management award
CACI expands its cyber, intelligence business through Six3 acquisition (UPI) CACI International Inc. has acquired Six3 Systems from private equity firm GTCR, expanding its cyber and intelligence
Products, Services, and Solutions
Zero–Day Attacks Among the Most Costly and Feared Hacker Tools for a Reason (Digitl Journal) …"We designed DBRT with this fundamental weakness in mind. DBRT doesn't rely on known signatures to fight malware, it recognizes suspicious program behavior to expose what is actually being done and to whom, allowing IT personnel to identify an attack, remediate it, and inoculate systems enterprise-wide against reinfection, all from a single command and control console"
Startup Firm Attacks Mobile Security Problem With Network–Based Offering (Dark Reading) A startup company today launched a range of new services that attack the enterprise mobile security problem where it lives: in the network
Technologies, Techniques, and Standards
PNNL practices defense drill against cyber attack on grid (News Tribune) Pacific Northwest National Laboratory scientists practiced for a potential disaster that few people likely worry about last week — a cyber attack on the nation's electric grid
Cybersecurity Experts Will Face Off in Mock Netwars (Nextgov) Cybersecurity competitions are no longer limited to just high school and college students
The advantages of digital watermarking in enterprise data protection (Search Security) How difficult is it to watermark data so it has little value to attackers if stolen, and can be tracked later by authorities
Data–classification levels for compliance: Why simple is best (Search Security) We're interested in implementing a data-classification program to lower our compliance costs. We'd like to establish different sets of controls for different data types. However, we're struggling to define our data-classification levels. How do you recommend structuring the data-classification scheme for a Fortune-500-type company
Data governance 2.0: Adapting to a new data governance framework (Search Security) Companies are collecting more data on the behavior and sentiment of customers than ever before. They use multiple partnerships into what Forrester Research Inc. calls a data economy ecosystem, which involves four distinct roles: data originators (fidelity and payment cards, sensors, social networks), data aggregators (Acxiom, Bluekai, Experian, Rapleaf), data analyzers (Adobe Marketing Cloud, Acxciom, Buxton, Rapp) and data clients (retailers)
New measures for security metrics: Ranum Q&A with Jay Jacobs (Search Security) Information security metrics abound, but few reports garner the attention awarded Verizon's Data Breach Investigations Report. The 2103 DBIR, which highlighted China's alleged cyberespionage among other significant breaches, was based on data pooled from 19 organizations worldwide
Break–even analysis: The highs and lows of risk and ROSI (Search Security) Pete LindstromIn my first column I issued a call to action to help technology risk management professionals make good decisions through the application of economic techniques. While that might seem like a tall order, you're already making those decisions. What you thought were random qualitative choices about running a security program actually reveal a lot about your risk expectations
Virtualization security dynamics get old (Search Security) In 2008 at the Black Hat security conference in Las Vegas, I presented the results of two years' worth of security research. "The Four Horsemen of the Virtualization [Security] Apocalypse" sought to educate the Black Hat audience about the past, present and future of the intersection of virtualization and security
Eliminating black hat bargains (Search Security) When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker
CSA Calls for Unified Cloud Security Standard — Can It Work? (Midsize Insider) The Cloud Security Alliance (CSA), a nonprofit cloud advocacy group, has just debuted its software-defined perimeter (SDP) initiative, which aims to provide
FDA Recommends IEEE 11073 Standards for Medical–Device Communication (Hispanic Business) IEEE announced that it received a key recommendation from the U.S. Food and Drug Administration (FDA)
Sagan as a Log Normalizer (Internet Storm Center) "Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc)"
The Security Impact of HTTP Caching Headers (Internet Storm Center) Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers [2]. The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to talk a bit about caching in web applications and why it is important for security
Modeling Users And Monitoring Credentials Prevents Breaches (Dark Reading) Attackers quickly grab usernames and passwords to leverage an initial compromise into full-blown network access, but companies that monitor user authentication can head off attacks
Design and Innovation
The grand vision for a homegrown Silicon Valley in one of Joburg's most notorious neighbourhoods (ZDNet) An ambitious new technology precinct for high-tech business incubation is planned for the heart of Africa's most prosperous city
Research and Development
Quantum memory breakthrough could lead to ultrafast computing (IT Pro Portal) A 'world record' in quantum memory has been broken by a team of scientists in Canada, potentially paving the way for ultrafast data transmission through quantum computing
Quantum Bit Stored for Record 39 Minutes at Room Temperature (IEEE Spectrum) A physical state crucial for quantum computing has managed to survive at room temperature for 39 minutes in a record-breaking experiment. The new study gives a huge boost to quantum computing's prospects of storing information under normal conditions for long periods
Tracking botnets using automatically generated domains (Help Net Security) Stefano Zanero is an Assistant Professor at Politechnico di Milano, where he focuses on systems security. Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control
Academia
High schools team with Army for cyber studies (Army Times) High schoolers in Huntsville, Ala., may become the Army's next cyber warriors
Poly hacking competition comes to close, winners announced (Washington Square News) The Polytechnic Institute of NYU became a tech hub this weekend as it hosted the finals for five of its Cyber Security Awareness Week's competitions. Winners were decided for the final games including Capture-the-Flag, High School Forensics, Embedded Systems, Homeland Security Quiz and Awareness events. The competition extended from Nov. 14 to 16
Legislation, Policy, and Regulation
Indonesia recalls ambassador (9 News National) Indonesia has recalled its ambassador to Australia and will review all information exchanges and cooperation amid growing anger in Jakarta over fresh spying allegations
Australian Parliament House 'overlooked' US spy program (ZDNet) Despite considering that parliamentarians should assume they are being compromised by the US' spy program, parliamentary services stood by and said nothing because they hadn't yet seen an attack
US envoy: NSA spying causing distress in Germany (AP via the Appeal Democrat) The United States faces a difficult task in repairing its image among Germans after allegations of massive National Security Agency surveillance, including Chancellor Angela Merkel's personal cellphone, the U.S. ambassador to Germany acknowledged Friday
Give Snowden Asylum in Germany (New York Times) Almost every day, new information is released about how American and British intelligence agencies have monitored governments, embassies and the communications of whole societies. These revelations have provided us with a deep and terrifying insight into the uncontrolled power of intelligence agencies
Allemagne: grand débat au Bundestag sur l'espionnage américain (AFP via Le Point) Les députés allemands doivent débattre lundi après–midi de l'espionnage américain lors d'une séance extraordinaire au Bundestag réclamée par la gauche radicale et les Verts après des révélations en octobre sur une possible surveillance du portable d'Angela Merkel
ODNI General Counsel Robert Litt's as prepared statement for the record before the Joint Hearing of the Privacy, Technology and the Law Subcommittee of the Senate Judiciary Committee (IC on the Record) Thank you, Mr. Chairman, Ranking Member Flake, Senator Blumenthal. Thank you for the opportunity to appear before you today to discuss this very important issue of how best to inform the public about sensitive intelligence activities consistent with the need of national security
Mischaracterizing the NSA (Armed with Science) Media reports detailing secret National Security Agency collection of data from companies such as Google and Yahoo from overseas data centers mischaracterize what NSA does, the agency's director said in a speech to the Baltimore Council on Foreign Affairs
Senate intelligence panel sharply split on surveillance reforms (Politico) The Senate Intelligence Committee split sharply on proposals to rein in National Security Agency surveillance programs last month, rejecting several potentially significant reforms by a single vote, according to a formal committee report published this week
How an Unfalsifiable Counterterrorism Strategy Makes Us Less Safe (The Atlantic) The secrecy of the national security bureaucracy makes it impossible to hold them accountable when their policies aren't working
Schneier tells Washington NSA broke Internet's security for everyone (Ars Technica) And techies can only fix it if government stays out of way
Key moments in NSA spy saga (Christian Science Monitor) A timeline of important events as elements of a National Security Agency clandestine operation came to light this year
US spying agencies are out of control (China Daily) When Internet security firm Mandiant issued a report in February accusing a so-called Shanghai-based People's Liberation Army Unit 61398 of hacking into the computers of a wide range of American industries, Congressmen, government officials, intelligence officers and a largely unquestioned news media in the US immediately jumped on the bandwagon railing against China
New body to address external, internal threats to China: Xi Jinping (Economic Times) China will have a new national security agency to address both internal and external threats facing the country, President Xi Jinping announced today
A Russian GPS Using U.S. Soil Stirs Spy Fears (New York Times) In the view of America's spy services, the next potential threat from Russia may not come from a nefarious cyberweapon or secrets gleaned from the files of Edward J. Snowden, the former National Security Agency contractor now in Moscow
U.S. Agencies to Say Bitcoins Offer Legitimate Benefits (Bloomberg) The Department of Justice and Securities and Exchange Commission are telling a U.S. Senate committee that Bitcoins are legitimate financial instruments, boosting prospects for wider acceptance of the virtual currency
Litigation, Investigation, and Law Enforcement
Lavabit–DOJ dispute zeroes in on encryption key ownership (ComputerWorld) Enterprises should own and manage all keys, but that's easier said than done
Justice is reviewing criminal cases that used surveillance evidence gathered under FISA (Washington Post) The Justice Department is conducting a comprehensive review of all criminal cases in which the government has used evidence that it gathered through its warrantless surveillance program and will be notifying defendants in some of those cases, according to Attorney General Eric H. Holder Jr
Lulzsec member sentenced to 10 years for hacking intel firm Stratfor (Ars Technica) Judge cites "unrepentant recidivism" as the reason for a maximum sentence
Anonymous Hacktivist Jeremy Hammond Gets Maximum 10–Year Prison Sentence (TechCrunch) Anonymous hacktivist, Jeremy Hammond, who leaked millions of emails from security firm Stratfor, has been slapped with the maximum prison sentence of 10 years. Hammond claimed the harsh ruling was a "vengeful, spiteful act" designed to send a message
Jailed Anonymous hacker Jeremy Hammond: 'My days of hacking are done' (The Guardian) Hammond calls his 10-year sentence a 'vengeful, spiteful act' by US authorities eager to put a chill on political hacking
Supreme Court Rejects Case Challenging NSA Phone Spying (Wired) The Supreme Court today rejected a challenge to the National Security Agency's once-secret telephone metadata spying program
NSA surveillance programs face challenges in court (Greenville Online) The federal government's once-secret telephone and Internet surveillance programs face crucial court hearings in Washington and New York this coming week, and even the Supreme Court is getting in on the act
Judge Hearing Demand to Unplug NSA Spies (World News Daily) A federal judge in Washington on Monday will hear arguments that the spies at the National Security Agency should be unplugged so they cannot collect telephone and Internet information on Americans, and while attorneys often consider their own cases significant, in this situation it's the judge who has established a high priority
NSA reports put Western media in difficult situation (Arab News) The spying revelations by former National Security Agency contractor Edward Snowden have made it a high-pressure, high-stakes time to be a top media executive
NSA grapples with 988% increase in records requests (USAToday) The NSA will neither confirm nor deny that it has gathered information on anyone
Praag to lay criminal charge after cyber attack (ITWeb) The Pro-Afrikaanse Aksiegroep (Praag) will lay a charge with the South African Police Service (SAPS), after becoming the victim of a distributed denial of service (DDOS) attack that it says was launched by extremist anti-Afrikaans groups
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Oil and Gas Cyber Security 2013 (London, England, UK, Nov 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their 3rd annual Oil and Gas Cyber Security 2013 conference.
DefCamp 2013 (Bucharest, Romania, Nov 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public representatives in the high energy atmosphere of Bucharest, Romania.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.