The CyberWire Daily Briefing for 11.20.2013
Hacktivists strike in Syria (anti-government), Peru (LulzSec), and Saudi Arabia (anti-female driver).
Reports suggest Stuxnet was accompanied by a second exploit designed to disable Iranian uranium refining centrifuges at Natanz. (Note the broader implications for industrial control security, especially for the power grid.)
Strategy Page assesses China's Unit 61398, a PLA organization widely believed responsible for cyber espionage.
BadBIOS has dropped from the news lately, but the US Navy appears to take acoustic cyber threats seriously.
CryptoLocker ransomware continues to spread. Many US-based bots are joining Russian and Chinese ones in the distribution system.
Weak GitHub passwords are brute-forced; users should re-set them.
Australia's Cupid Media adds injury to its lovelorn customers' loneliness: over 40 million unencrypted personal records have been exposed. The attackers behind the recent Adobe breach are suspected.
Oversupply has driven down the black-market cost of stolen identities. Other investigations of the underground market reveal more on cyber arms merchants and crimeware-as-a-service.
Enterprises continue to look for better ways of sharing attack information and more dynamic approaches to supply chain security.
Shortages of skilled cyber workers prompt calls for more open immigration and further investment in education. A US Presidential plan to offer grants for tech education bears watching: it will probably disproportionately benefit cyber training.
Australia and Indonesia are in a major dust-up over allegations of Australian cyber espionage. US Senators continue their scrutiny of NSA.
Notes.
Today's issue includes events affecting Australia, Bangladesh, Belarus, Canada, China, Iceland, India, Indonesia, Iran, Luxembourg, Mexico, Peru, Russia, Saudi Arabia, South Africa, Syria, and United States..
Cyber Attacks, Threats, and Vulnerabilities
No woman, no drive: Saddo hackers lob Android nasty at Saudi women's rights campaign (The Register) Reactionary hacktivists have brewed up a strain of Android malware targeted against the Alsharif campaign, which encourages Saudi Arabian women to defy their county's ban on female drivers
Syrian Ministry of Electricity Website Hacked and Defaced by Bangladesh Grey Hat Hackers (Hack Read) A hacker going with the handle of Albaze Ever from Bangladesh Grey Hat Hackers has hacked and defaced the official website of Syrian Arab Republic's Ministry of Electricity just two days ago. Hacker left his deface page along with a message on hacked site without explaining the reason for hacker Syrian Ministry of Electricity website
Official Website of Peru's President and National Police Defaced by LulzSec Peru (Hack Read) The online hacktivists from Lulz Security Peru have hacked and defaced the official website of Peruvian President and Peruvian National Police. The website of Peruvian President was hacked on 17th November while Peruvian National Police site was hacked yesterday 19th November 2013. Lulz Security Peru left two different deface pages along with messages on both hacked websites in Spanish language
Stuxnet's Secret Twin (Foreign Policy) The real program to sabotage Iran's nuclear facilities was far more sophisticated than anyone realized
To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve (Langner) This document summarizes the most comprehensive research on the Stuxnet malware so far: It combines results from reverse engineering the attack code with intelligence on the design of the attacked plant and background information on the attacked uranium enrichment process
Information Warfare: Chinese Cyber Warriors Ignore The Limelight (Strategy Page) Earlier this year it was revealed by Western Internet security researchers that a specific Chinese military organization, "Unit 61398" has been responsible for over a thousand attacks on government organizations and commercial firms since 2006
US Navy: Hackers 'Jumping the Air Gap' Would 'Disrupt the World Balance Of Power' (Business Insider) The next generation hackers may be taking to sound waves, and the Navy is understandably spooked
Cryptolocker 'ransomware' seem to be targeting systems from the US (FierceCIO: TechWatch) A "ransomware" malware that unilaterally encrypts the data files of its victims is infecting more than 10,000 victims on a weekly basis. This was the conclusion of security vendor Bitdefender, which conducted research on Crytolocker between October 27 and November 1
Cryptolocker: The evolution of extortion (ComputerWorld) The Cryptolocker Trojan is an evolution of "ransomware," not a revolutionary change from past criminal attempts to extort money from PC owners, a security expert said today
CryptoLocker: Better Back Up Your Stuff (F-Secure) If you haven't heard much about "CryptoLocker" yet…you will
[What a CryptoLocker vector looks like] (Mikko Hypponen) The Cryptolocker ransom trojan is being distributed in emails looking like this right now. Pic via @davidmacdougall
Repeated attacks hijack huge chunks of Internet traffic, researchers warn (Ars Technica) Man-in-the-middle attacks divert data on scale never before seen in the wild
GitHub resets user passwords following rash of account hijack attacks (Ars Technica) As many as 40,000 unique addresses flood site with fraudulent login attempts
GitHub accounts with feeble passwords fall to brute force attack (ZDNet) GitHub user? Now would be a good time to set up two-factor authentication
Cupid Media Hack Exposed 42M Passwords (Krebs on Security) An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays
Fake 'Annual Form (STD–261) — Authorization to Use Privately Owned Vehicle on State Business' themed emails lead to malware (Webroot Threat Blog) Want to file for mileage reimbursement through a STD-261 form? You may want to skip the tens of thousands of malicious emails currently in circulation, attempting to trick users into executing the malicious attachment. Once downloaded, your PC automatically joins the botnet operated by the cybercriminal(s) behind the campaign, undermining the confidentiality and integrity of the host
Reengineered Google Play apps steal data, warns BitDefender (FierceITSecurity) Android users should review app permission requests carefully-warns-bitdefender
Scam E–mails Feigning to be from Malta International Airport Circulating (SpamFighter News) One fake e-mail is doing the rounds utilizing MIA plc (Malta International Airport's) name, published…dated November 12, 2013
Nordstrom card–skimming scheme lasted nearly two months (SC Magazine) A card-skimming operation that targeted a Nordstrom store in Florida lasted nearly two months, according to a letter detailing the event sent to the New Hampshire Department of Justice's Office of the Attorney General
Most enterprise mobile apps are vulnerable to common exploits, warns HP (FierceMobileIT) Almost all of the enterprise mobile apps examined by HP Fortify accessed at least one private information source within a device, and 86 percent did not have adequate security measures to guard against common exploits
How your LG Smart TV can spy on you (Graham Cluley) Do you have an LG Smart TV? Were you aware it was collecting information about your TV viewing habits? And, worst of all, that you can't stop it doing so
Some cyber security experts recommend shutting Obamacare site (Reuters via MSN Money) President Barack Obama's HealthCare.gov site is riddled with security flaws that put user data of millions of people at risk and it should be shut down until fixed, several technology experts warned lawmakers on Tuesday
Queensland traffic systems vulnerable to G20 attack (IT News) Queensland's auditor-general has conducted penetration testing on the two major systems managing Brisbane's traffic network and found gaping holes which render the critical networks vulnerable to attack
Glut In Stolen Identities Forces Price Cut In Cyberunderground (Dark Reading) New report unearths what cybercriminals are charging for stolen identities and hacking services, such as DDoS and doxing
Where do cyber–weapons come from? Try a cyber arms dealer (Quartz) When the US Air Force designated six "cyber tools" as "weapons" in April this year, Quartz asked, "What the heck is a cyber-weapon, anyway?" The answer, we found, was vague: Any computer program meant to inflict damage could qualify. These could be developed by military, government, commercial entities or lone actors
Cybercrime is big business (FuerceITSecurity) While other parts of the economy are stagnating, cybercrime is booming, according to research conducted by Joe Stewart, Dell SecureWorks' director of malware research for the Counter Threat Unit, and independent researcher David Shear
Cybercrime Exposed: Cybercrime–as–a–Service (McAfee) Today's cybercriminals do not necessarily require considerable technical expertise to get the job done, nor, in certain cases, do they even need to own a computer. All they need is a credit card. A marketplace offering cybercrime tools and services provides would-be criminals with an arsenal that can either be used as a component of a cyberattack or a handy way of outsourcing the process entirely
Forget credit cards: hackers want your Facebook account (PCPro) Davey Winder warns about fake "likes" on social networks
Watching Out For Typhoon Haiyan Scams (TrendLabs Security Intelligence Blog) More than a week has passed since Typhoon Haiyan made landfall over the central Philippines, leaving thousands dead or injured, with millions more in need of humanitarian assistance. More than US$248 million in relief has been given both by governments and the private sector to date. Unfortunately, many scams have already taken advantage of this disaster. For example, fake Facebook pages (like this one) ask for donations via PayPal, which end up in the hands of would-be scammers rather than the hands of legitimate charities
Holiday Season Phishing Scams and Malware Campaigns (US-CERT) As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns, which may include
Security Patches, Mitigations, and Software Updates
Python 3.3.3 fixes several security bugs (Help Net Security) Python 3.3.3 fixes several security and a lot of overall bug fixes found in Python 3.3.2. This release fully supports OS X 10.9 Mavericks. In particular, this release fixes an issue that could cause
Experts applaud Google completion of SSL certificate upgrade (CSO) Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance
Cyber Trends
Security experts still strive for better threat info sharing (SearchSecurity) At the ACSC conference, security leaders from industry and government proposed several new information-sharing models for cybersecurity threat data
Trade secrets increasingly under attack from hackers, Foreign Affairs warns (Canada.com) Foreign affairs' networks face daily cyber attacks, with the "range and severity" increasing, raising the risk that secret information about trade negotiations could fall into the wrong hands, the department says
Why Do Tech Execs Lack Confidence In Security? (Forbes) Malware threats have evolved tremendously over the past several years, moving well beyond being a mere nuisance to being able to cause serious damage to data, infrastructures and entire companies. On top of this, cybercriminals are designing advanced persistent threats, "zero-day threats," and other targeted attacks to evade traditional signature-based detection
Why network security is the foundation for cyber strategy (ComputerWorld) As government organizations continue to deal with an increasing number of cyber threats, one thing has become clear to those who protect our digital assets: there is no silver bullet
Spam emails on decline, malware still on high–rise: Kaspersky (Asian News International via TMCnet) The total number of spam emails has reportedly declined in the third quarter of the year, but the malware is still running high, security company Kaspersky has revealed
Uncontrolled privileged access still a major issue (Help Net Security) The NSA's notorious insider breach has caused 52 percent of IT security professionals to reconsider their approach to user and systems administrator privileges, yet the majority aren't taking action, according to Avecto. Its findings reveal that organizations continue to lag when it comes to controlling the use of administrator rights in their IT environment
Internet cafes in the developing world find out what happens when everyone gets a smartphone (Quartz) Internet cafes across the developing world are reporting dwindling numbers of customers as smartphones make the mobile web ubiquitous. After all, why pay for web access on someone else's creaky old PC when you can peruse Facebook on your Android device from anywhere you like
You WILL be Hacked — Cope With It (InfoSecurity Magazine) The Institute of Chartered Accountants England and Wales has confirmed what the security industry has long been saying: it is impossible to prevent all breaches so companies should use a risk management approach to defend what the ICAEW calls the 'crown jewels'
Marketplace
Defense CEO Pushes Immigration Reform (Defense News) A leading US defense CEO made a strong plea for domestic immigration reform during a speech Tuesday morning, linking the defense industry's increasingly dire need for talented engineers with the push to develop an easier path to citizenship for skilled and educated immigrants
Google broadens Patch Rewards Program (Help Net Security) Google has announced the expansion of its recently unveiled Patch Reward Program, which urges security researchers to submit patches for third-party open source software critical to the health of the
Edge Velocity Signs Agreement with Raytheon to Supply Secure Mobile and Rapid Deployment Communications Systems (Digital Journal) Technology part of wireless incident management system to improve command response and safety
Cyber security is hot — but don't be too quick to target the feds with your product (Washington Business Journal) Think you have an idea for the next big cyber security invention? Think long and hard before targeting government
Products, Services, and Solutions
IObit Advanced SystemCare Ultimate 7 Beta 1 (PC Advisor) Advanced SystemCare Ultimate is IObit's "do everything" PC maintenance suite, combined with a dual security engine. This feature packed set of tools includes everything you need to maintain and protect your computer in one package
New NETGEAR desktop NAS features advanced data protection (Help Net Security) NETGEAR announced ReadyNAS 716 (RN716X). With a maximum capacity of 24TB (up to 84TB with expansion chassis), the six-bay ReadyNAS 716 enables storage and extreme throughput for businesses and campus
ThreatTrack Security Speeds the Detection and Remediation of APTs With ThreatAnalyzer 5.0 (Sys-Con Media) ThreatTrack Security today launched ThreatAnalyzer 5.0, solidifying the company's malware analysis solution as the industry's best. Featuring more than 30 new product enhancements
HITRUST Expands Offerings to Aid Healthcare Industry in Cyber Awareness, Preparedness and Response (Hispanic Business) The Health Information Trust Alliance (HITRUST) is announcing today new and enhanced offerings to the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) aimed at moving the healthcare industry forward with regards to preparing for and responding to cybersecurity threats and attacks
Which Companies Are Encrypting Your Data Properly? (Gizmodo) We've asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA's unlawful surveillance of your communications. We're pleased to see that four companies--Dropbox, Google, SpiderOak and Sonic.net--are implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress
Cray brings Hadoop to supercomputing (InfoWorld) Cray has released a package designed to allow XC30 users to easily deploy Hadoop
Wind River Updates Platform for Securing Critical Infrastructure (SecurityWeek) Wind River, a subsidiary of Intel Corporation that provides embedded software for connected systems, this week announced updates to its platform for securing critical infrastructure
You've Got Mail.Ru: Russian Internet Giant Looks For U.S. Expansion With My.com (Forbes) As American internet firms go public, many have looked overseas to unearth untapped user bases. One Russian-based internet behemoth is doing the same, but instead of scoping out BRICs or other emerging nations, it's coming to the home of Twitter and Facebook
Verizon service seeks to secure the 'Internet of Things' (SearchSecurity) Based on need created by "Internet of Things" security regulations, Verizon has announced a new-cloud based platform for assigning digital certificates
Technologies, Techniques, and Standards
Virtualization security dynamics get old (Search Security) In 2008 at the Black Hat security conference in Las Vegas, I presented the results of two years' worth of security research. "The Four Horsemen of the Virtualization [Security] Apocalypse" sought to educate the Black Hat audience about the past, present and future of the intersection of virtualization and security
Evaluating network security virtualization products (Search Security) Along with business units' and IT operations' steady push to virtualize data center servers and components comes a new conundrum for security professionals: how best to maintain adequate controls inside the virtual environment
Don't Like Spam? Complain About It. (Krebs on Security) Cynical security experts often dismiss anti-spam activists as grumpy idealists with a singular, Sisyphean obsession. The cynics question if it's really worth all that time and effort to complain to ISPs and hosting providers about customers that are sending junk email? Well, according to at least one underground service designed for spammers seeking to avoid anti-spam activists, the answer is a resounding "yes!
Don't buy from vendors with poor track records in security (FierceCIO: TechWatch) Just last week we reported on a new bunch of security vulnerabilities discovered in a D-Link router. Despite its severity, the limited scope of the problem--a single router model that is not even sold in the U.S.--means that it wouldn't usually be given the time of the day. What makes it news? The security researcher who found them says he decided to disclose them publicly after repeated attempts to report them failed to elicit a response from the vendor
Serious Security: How to store your users' passwords safely (Naked Security) Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?" Here you are
Cyber troops test knowledge, skills against realistic adversary (US Air Force) An 11-day U.S. Cyber Command exercise at Nellis Air Force Base, Nev., this month integrated cyber professionals from across the Defense Department to test their knowledge and skills against a realistic adversary on a closed network
Searching live memory on a running machine with winpmem (Internet Storm Center) Winpmem may appear to be a simple a memory acquisition tool, but it is really much more. In yesterday's diary I gave a brief introduction to the tool and showed how you can use it to create a raw memory image. If you didn't see that article check it out for the background needed for today's installment
How to Fight Social Engineering (eSecurity Planet) As an annual contest shows, social engineering can be an effective way for hackers to obtain sensitive data. Training is one of the best ways to fight social engineering
Raising awareness quickly: What happens after a breach? (CSO) Sometimes, especially if you work in Information Security, people ask about cybercrime, hackers, and security in general - such as malware or the latest scams and news reports. While most in the field are passionate about the topic, and can speak for days on it, it's still a bit daunting when you attempt to explain some of the complexities on a level that everyone understands
5 Considerations For Post–Breach Security Analytics (Dark Reading) Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
Anti–Malware Response "Go–Kit" (Grand Stream Dreams) I don't know how many of my readers feel when it comes to performing a malware response
Expert: Botnet takedowns are about garnering press, have no lasting impact (CSO) Damballa CTO finds that takedowns do not reduce risk of infection online, suggests ulterior motive
Active Defense: Good protection doesn't need to be offensive (We Live Security) Just Google for the search term '"active defense" startup' and it is clear that this is a hot growth area in Internet security. But what is it, exactly? The answer to that question is difficult and controversial, as this is a new name for a wide range of activities that have become increasingly popular as attacks on government and company systems have become both more complicated and more highly targeted
Design and Innovation
Smartwatches Won't Sell Until Someone Figures Out What They're For (Wired) Innovation only means something if a new technology or design effects genuine change. And it's not clear what the Samsung's smartwatch really changes
Dell announces UK entrepreneur centre and £10m start–up fund (TechWorld) The fund has been set up for businesses that require "growth-critical technologies"
This Prediction Algorithm Can Tell If Your Startup Will Fail (Fast Company) Built on some of Clayton Christensen's work at Harvard, this algorithm focuses on externalities--market, customers, and competitors--to predict how new companies will fare
Research and Development
Looking for big data and machine learning to replace human thinking? Ain't gonna happen (FierceBigData) Christian Madsbjerg, cofounder of business consultancy ReD, says when it comes to technology mirroring or mimicking the human brain in the future, well, that's a big fat fail. Madsbjerg writes a post to that effect in VentureBeat in response to John Funge's post in the same publication making the opposite claim. Only one of them can be right about this. But which one
Academia
Obama to Unveil Competition to Overhaul High School (Wall Street Journal) President Barack Obama will unveil a $100 million competition Tuesday aimed at finding new ways to better prepare high-school students for the global high-tech economy, a senior administration official said. The program, Youth CareerConnect, would award 25 to 40 grants next year for high schools to team up with higher-education institutions and employers, creating innovative programs that give students industry-relevant education and
Cal Poly Announces Major New Initiative in Cybersecurity Education (Cal Poly News) Program supported by Northrop Grumman Foundation grant includes cyber lab that is first of its kind in the U.S
The King of MOOCs Abdicates the Throne (Slate) Sebastian Thrun and Udacity's "pivot" toward corporate training
Legislation, Policy, and Regulation
Indonesia halts all military co–operation (The Age) Australia's asylum-seeker measures in Indonesia have been thrown into disarray with Jakarta pulling the plug on all military co-operation in retaliation for the Abbott government's refusal to explain the phone tapping of Indonesian President Susilo Bambang Yudhoyono
Indonesia president calls for explanation from Australia (The Guardian) Indonesia has temporarily halted all co-operation with Australia on people smuggling, its president, Susilo Bambang Yudhoyono, announced on Wednesday as he continued to demand an explanation from the Australian government for the phone tapping revelations
Australian spies have 'run amok': Indon (Melbourne Herald Sun) Indonesia has halted all co-operation with Australia on people smuggling after the phone-tapping controversy in a major blow to Prime Minister Tony Abbott's plan to stop the boats
Revealing whose secrets? (The Economist) Angela Merkel, Germany's chancellor, retained a certain stony dignity in her fury when she learned that America had been eavesdropping on her phone calls. On November 19th Susilo Bambang Yudhoyono, Indonesia's president, took to that undignified medium, Twitter, to lodge a "strong protest" at the "hurtful action" by Australia in apparently listening in to his
The Future of NATO: Cyber and Deterrence (The Atlantic Council) As a security institution, NATO has demonstrated its capability to adapt in the post-Cold War era. The cyber realm, although pervasive and reminiscent of the Wild West with a similar lack of regulation and retribution by rule of law, may prove to be a challenge to NATO allies and partners
Security Insiders: Next NSA Chief Should Be a Civilian (Government Executive) Two-thirds of National Journal's National Security Insiders support replacing the head of the National Security Agency with a civilian when Army Gen. Keith Alexander retires
Digging the NSA Out of the Snowden Storm (Wall Street Journal) The National Security Agency's surveillance hasn't changed. Washington has. Former National Security Agency contractor Edward Snowden's leaks have subjected the NSA's surveillance programs to unprecedented attack, raising the possibility that Congress will not be able to pass the 2014 Intelligence Authorization bill needed to provide congressional guidance on a host of crucial national-security issues. It would be lamentable if the entirely legal and invaluable NSA surveillance program became more of a political football than it already is
Norway denies U.S. spying, said it shared intelligence with U.S. (Reuters) Norway's intelligence services said it — and not the U.S. National Security Agency, as reported in a Norwegian newspaper — kept records on more than 33 million phone conversations over the space of one month last winter, Oslo said on Tuesday
Senators Udall, Wyden, Heinrich Challenge Effectiveness of Dragnet Surveillance Program in NSA Court Case (eNews Park Forest) Senators: NSA program doesn't adequately protect privacy, warn against excessive, overbroad government powers
The Snowden leaks gave a senator the chance to openly question the NSA (PRI) If you see something, say something. That's the slogan popularized by the US Department of Homeland Security. It's their effort to have extra eyes on the lookout for potential terrorist acts
National Guard is eager to expand cyber capabilities (Politico) The National Guard is getting into the cyber game
Pentagon tightens cybersecurity rules for defense contractors (Times of India) The Pentagon said on Tuesday it had approved new rules that would require defense contractors to tighten their computer security procedures and to report any cyber intrusions that resulted in the loss of controlled technical information
New York Banks to Be Quizzed on Cybersecurity (American Banker) About 200 banks next month will be required to participate in a cybersecurity test conducted by the New York State Department of Financial Services
Litigation, Investigation, and Law Enforcement
DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive programs while being mindful of the need to protect sensitive classified intelligence activities and national security. Since then, I have authorized the declassification and public release of numerous documents pertaining to the government's collection under Sections 501 and 702 of FISA
Newly Released Documents Show How Government Inflated the Definition of Metadata (Slate) On Monday evening, the Office of the Director of National Intelligence finally made public the Foreign Intelligence Surveillance Court order approving a program to collect metadata—that is, information other than the actual contents of an email—from electronic communications. But rather than settling the debate that has raged over surveillance since the recent leaks, the document only complicates the already heated conversation about what data should be collected and by whom, pointing at larger questions of what is the medium and what is the message in this digital age—and when does one become the other
Sobriety Checkpoints Paved Path to NSA Email Spying (Wired) Sobriety checkpoints and mandatory drug testing of student athletes and railroad workers are among the legal precedents justifying the government's now-defunct and court-approved secret email metadata dragnet surveillance program, according to documents the government released late Monday
Skype, Microsoft cleared in Luxembourg NSA investigation (PC World) Luxembourg's data protection authority cleared Microsoft and its subsidiary Skype of data protection violations related to the U.S. National Security Agency's Prism spying program, the agency said Monday
Google settles Safari user tracking case, will pay $17 million (Help Net Security) A settlement has been reached to end the lawsuit filed by 37 US states and the District of Columbia against Google because the Internet giant has been found bypassing Safari's privacy settings
Family and Friends Pledge $1M in Bail for Alleged Silk Road Owner (Wired) About two dozen loyal family members and friends of alleged Silk Road founder Ross Ulbricht have rallied around him to pledge more than $1 million to get him released on bail, according to an application submitted to the court by
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
Oil and Gas Cyber Security 2013 (London, England, UK, Nov 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their 3rd annual Oil and Gas Cyber Security 2013 conference.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
DefCamp 2013 (Bucharest, Romania, Nov 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public representatives in the high energy atmosphere of Bucharest, Romania.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.