The CyberWire Daily Briefing for 11.27.2013
Hacktivists and cyber-rioters remain relatively quiescent for a second day (although Anonymous claims a Microsoft take-down no one else seems to have much noticed).
Cyber criminals, however, continue their expected high crime tempo. Trend Micro warns of malware masquerading as AutoCAD, the apparent role of which is to serve as a preparation for further attacks. Symantec describes Linux Trojan "Linux.Fokirtor," which stealthily exfiltrates stolen data. Kaspersky researchers find a crime marketer offering a kit that seeds code into banking sites viewed with IE or Firefox. (The offeror claims the ability to attack "about 100" banks.) CSIS dissects the crimekit "Atrax," which goes for the low price of $250 on the black market. EvilGrab is still out there, mostly in Japan and China.
Security experts urge vigilance over vulnerabilities in Ruby on Rails and InMobi. And CryptoLocker remains a threat: small businesses should be particularly alert during the holidays.
The black market continues to mirror the legitimate market. Hackers-for-hire fill the criminal labor market, and (since there's no honor among thieves) fraudsters find themselves in need of fraud protection.
KnowBe4 estimates the costs of cybercrime at $113B. Symantec's CEO finds IP theft a bigger worry than cyber war. Analysts continue to see US IT international sales depressed by surveillance fears.
NIST's cyber security framework is summarized by ISSS.
The UN passes a digital privacy resolution. France's National Assembly, unimpressed, debates extending electronic surveillance; the US Senate considers restricting it. Activists say Google could knock down the Great Firewall in ten days.
Today's issue includes events affecting China, Estonia, France, Germany, India, Japan, Kenya, NATO, New Zealand, Pakistan, Russia, Saudi Arabia, Sweden, United Kingdom, United Nations, and United States..
Cyber Attacks, Threats, and Vulnerabilities
AutoCAD malware paves the way for future attacks (Help Net Security) A piece of malware masquerading as an AutoCAD component with the goal of making systems vulnerable to later exploits has been analyzed by Trend Micro researchers
Symantec Reveals that Cybercriminals Employ New Linux Trojan to Embezzle Data (Spamfighter) Security researchers of well-known security firm 'Symantec' have identified a cyber-criminal operation which relies on a new-fangled Linux backdoor, nicknamed Linux.Fokirtor, to embezzle data without being discovered
Online banking faces a new threat (SecureList) On July 18, 2013, the following post was published on a closed cybercriminal forum
Why Crimekit Atrax will attract attention (CSIS) CSIS researchers have observed an introduction of a new commercial crimekit being sold on several underground web forums. The kit is dubbed "Atrax" and is both a cheap kit – costs less than $250 for the main platform - as well as it utilizes the TOR protocol for stealthy communication with C&Cs from where it is intended to get instructions, updates and new modules
Ruby on Rails CookieStore Vulnerability Plagues Prominent Websites (Threatpost) A lingering security issue in Ruby on Rails that stems from a setting in the framework's cookie-based storage mechanism is still present in almost 2,000 websites
EvilGrab's Evil, Still Propagating (TrendLabs Security Intelligence Blog) Recently, Trend Micro published findings on a new campaign called EvilGrab that typically targets victims in Japan and China. This campaign is still attacking users, and we have now acquired a builder being used to create binaries of this campaign
CryptoLocker attackers step up attacks on small businesses, warns Cisco (FierceITSecurity) CryptoLocker wants 'you to pay them for the privilege of using your machine'
Finding Cryptolocker Encrypted Files using the NTFS Master File Table (Security Braindump) For the most part, everyone seems to be familiar with the new variants of Cyptolocker making the rounds these days. To quickly summarize, this form of ransomware that encrypts documents and pictures found on local and mapped network drives in an attempt to obtain payment for the decryption keys. The attackers are using decent encryption and the malware is very efficient
SAP–targetting Gameker Malware Linked to Carberp (InfoSecurity Magazine) Gameker, the information-stealing trojan that was recently found to be targeting the log-on client for SAP, caused alarm thanks to the size of the addressable victim pool: SAP makes enterprise software applications for tracking and managing business operations, and is used by an estimated 86% of Forbes 500 companies
An Anti–Fraud Service for Fraudsters (Krebs on Security) Many online businesses rely on automated fraud detection tools to weed out suspicious and unauthorized purchases. Oddly enough, the sorts of dodgy online businesses advertised by spam do the same thing, only they tend to use underground alternatives that are far cheaper and tuned to block not only fraudulent purchases, but also "test buys" from security researchers, law enforcement and other meddlers
Evolution of Attackers–for–Hire (GovInfoSecurity) The emergence of attackers-for-hire is a troubling trend in cybercrime, and one particular group is changing its techniques to gain access to computer systems, says Symantec researcher Kevin Haley
Anonymous Sends Message to Microsoft, Claims to Have Taken Down Its Websites (Softpedia) Anonymous says that the attack was part of #OpKillingBay. A few days ago, users in select countries across the world reported issues when trying to access Microsoft services, with Redmond managing to repair the problems in just a few minutes
UCSF Acknowledges Second Breach in Two Months (eSecurity Planet) 8294 patients' personal and health information may have been exposed when a physician's laptop was stolen
Saudi Aramco denies suffering another cyber attack (Reuters via the Chicago Tribune) Saudi state oil company Saudi Aramco said on Tuesday it had shut some of its computers for an upgrade and denied it had suffered a cyber attack similar to one it experienced last year
Did LG try to hide its tracks in Smart TV spying incident? (FierceCIO: TechWatch) LG Electronics admitted that its smart televisions track what consumers are watching. The spying first came to light when a security researcher decided to dig around after his new LG Smart TV started displaying ads
Proactive security will be watchword for enterprises next year (FierceITSecurity) Enterprises should be more proactive in implementing protection measures to address the expected increase in cyberattack volumes next year, cautions Andrew Kellett, principal analyst with Ovum's IT security team
Simulated attacks on electrical grid show strengths, weaknesses in system (Fosters) Rolling blackouts, widespread power outages, damaged infrastructure and hijacked substations
Zurich's Kerner Says Matter of Time Until Cyber Attack (Bloomberg) Michael Kerner, who oversees property-casualty coverage at Zurich Insurance Group AG (ZURN), said computer threats are escalating and may soon cause "dramatic" disruptions for businesses and individuals
Utah Cyber Attacks On The Rise As NSA Facility Draws International Attention (KUTV) (KUTV) The commissioner of the Utah Department of Public Safety says, ever since reports surfaced of plans to build the National Security Administration Data Center in Bluffdale in 2011, Utah has been in the sites of hackers looking for information on the super-secret data collection facility
Identity theft continues to rise in the United States (WDAY TV) Identity theft continues to climb the charts when it comes to growing crimes in our country
Malware Creation Hits Record-High Numbers in 2013, According to PandaLabs Q3 Report (MySA) Ten million new malware strains are identified so far in 2013. New ransomware CryptoLocker hijacks users' documents and demands a ransom for them; DNS cache poisoning attacks are on the rise
FTSE 350 Companies Face Cyber Attack Risks (shareprices.com) In July 2013, the Department for Innovation, Business and Skills asked FTSE 350 listed companies to take part in a cyber risk assessment study. The study revealed that cyber leaks at major companies are a major risk to the UK's economic growth and the security of the country
Why we are losing the cyber security war and what we can do about it (NetworkWorld) If this year's attacks on Adobe, LexisNexis, NASDAQ, US Airways, and dozens of other large and technologically sophisticated US enterprises didn't provide sufficient evidence that we are losing the cyber security war, the ongoing breaches by Anonymous make it undeniable. Why are the world's most IT savvy companies unable to keep attackers out of their networks
Symantec CEO Declares IP Theft Greater Threat Than Cyber War (InfoSecurity Magazine) Symantec's CEO has said that the threat of intellectual property theft is more dangerous than that of cyber war, bringing with it the potential to "have a big negative impact on global economic growth"
How Much Does Cybercrime Cost? $113 Billion (IEEE Spectrum) According to Internet security awareness training firm KnowBe4, the losses attributable to cybercrime total US $113 billion. Take a moment to let that astounding number sink in
NSA Spying Risks $35 Billion in U.S. Technology Sales (Bloomberg) International anger over the National Security Agency's Internet surveillance is hurting global sales by American technology companies and setting back U.S. efforts to promote Internet freedom
Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic (Washington Post) Microsoft is moving toward a major new effort to encrypt its Internet traffic amid fears that the National Security Agency may have broken into its global communications links, said people familiar with the emerging plans
Meg Whitman hit the reset button at Hewlett Packard, and it just might have worked (Quartz) The numbers: Pretty good, on balance. Revenue for the fourth quarter was down 3% from a year ago, falling to $29.1 billion, but this is the smallest decline, in percentage terms, in nine quarters. Net income came in at $1.4 billion, or $1.01 per share, ahead of Wall Street consensus for $1.00, according to FactSet. The recovering PC, printing and server giant also reaffirmed its forecast for earnings in fiscal 2014 to come in between $3.55 to $3.75 per share. Wall Street expects $3.64. The stock is flying, up about 6% in after-hours trading
IBM, Hewlett–Packard, EMC among leading security and vulnerability management vendors, says TechNavio (FierceITSecurity) IBM, Hewlett-Packard, EMC, Symantec and McAfee are leading vendors in the global security and vulnerability management market, according to TechNavio
Norman Shark Sees Major Revenue Stream With Blue Coat Partnership (Digital Journal) Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government entities, sees as much as a 50% increase in revenue this year and expects to more than double their revenue by 2016 according to the company's announcement in this week's blog "Blue Coat and Norman Shark partner to provide comprehensive threat protection to the enterprise"
SAIC Awarded Contract by U.S. Space and Naval Warfare Systems Center Atlantic (Virtual-Strategy) Science Applications International Corporation (SAIC) (NYSE:SAIC) announced today that it was awarded a prime contract by the U.S. Space and Naval Warfare Systems Center Atlantic (SSC Atlantic) to provide transport, computing and infrastructure support services related to command, control, communications, computers, combat systems, intelligence, surveillance, and reconnaissance (C5ISR)
Chris Goodrich Promoted to ManTech Cyber Group EVP (GovConWire) Chris Goodrich, who joined ManTech International (NASDAQ: MANT) in 2009 and a former senior vice president, has been promoted to EVP and chief operating officer of the Fairfax, Va.-based contractor's mission, cyber and intelligence solutions group
Mike Bowers Joins Xerox Federal Solutions as President (GovConWire) Mike Bowers, formerly chief operating officer at Indus Corp. since 2008, has taken on the role of president at Xerox Federal Solutions (NYSE: XRX), GovCon Wire has learned
Ted Davies on Unisys' Federal Growth Plans and Leveraging Commercial Technology in the Government Market (ExecutiveBiz) Ted Davies serves as president of Unisys Federal Systems and joined the IT services, software and technology firm in 2003 as managing partner for civilian agencies
Bitcoin community offers up $10K bug bounty (SC Magazine) Technology giants – such as Google, Microsoft and Yahoo – offer up big rewards to researchers who report critical vulnerabilities. Bitcoin users are now offering up their own type of bug bounty
Products, Services, and Solutions
Will iOS 7 Be The Next BlackBerry? (InformationWeek) Apple's latest mobile operating system has many features enterprises will appreciate — and some things to beware
New MegaCryption Functionality Enhances Business and Cryptography Server Capabilities (Hispanic Business) Advanced Software Products Group's (ASPG) latest announced enhancements to MegaCryption feature cryptographic key centralization and position the encryption software as business and cryptography server of choice for many enterprise-grade businesses
F–Secure launches KEY, a secure password manager (Help Net Security) F-Secure Key safely stores your passwords, user names and other credentials so that you can access them wherever you are through one master password. Your personal data is strongly encrypted to keep it safe, and all F-Secure Key servers are owned and operated by F-Secure within the European Union
After a month of use, we dish out our biggest gripes with OS X Mavericks (Ars Technica) No new software is bug-free, and OS X 10.9 doesn't buck the trend
FPC And Nok Nok Labs Deliver Infrastructure For Fingerprint–Based Strong Authentication (Dark Reading) End-to-end infrastructure solution uses fingerprint sensors on smartphones and tablets
Lumeta Announces Managed Security Services Partnership With Prolinx (Dark Reading) Lumeta product suite will enable Prolinx to give its clients network visibility as part of their information security and compliance programs
How Semantics Can Make Data Analysis Work Like A Google Search (Forbes) The interfaces used in business intelligence and data analytics are becoming smarter, conversational, and more powerful because, at long last, computational semantics are starting to be applied
Technologies, Techniques, and Standards
NATO launches 'largest ever' cyber–security exercises (Russia Today) NATO has kicked off Cyber Coalition 2013, the largest ever exercise of its kind intended to thwart massive, simultaneous attacks on member states and their allies
NIST Cybersecurity Framework: What it Means (Industrial Safety and Security Source) You may have heard some buzz in the press about the release of the Cybersecurity Framework Draft from the U.S. National Institute of Standards and Technology (NIST). However, you may not know much about its background. And you probably don't know what it may mean to you as a control or security professional. This should give you a high level overview of the genesis of this document and some handy points of reference
NSA Surveillance: First Prism, Now Muscled Out Of Cloud (InformationWeek) Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another
Open source crypto server for thwarting malicious insiders (Help Net Security) Edward Snowden's successful exfiltration of mountains of data from NSA systems and databases has once more put the spotlight back on the threat that insiders pose to organizations
ONC's Joy Pritts on Breach Prevention (Healthcare Info Security) Healthcare organizations should make widespread use of encryption because it's the single most essential technology to use for breach prevention, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT
Enterprises need to integrate DR/BC planning in data center strategy (FierceITSecurity) Enterprises should integrate "strong and well-documented" disaster recovery and business continuity planning in their data center strategy, advises research firm Gartner
A New Way to Prevent Card Data Security Breaches (Storefront Backtalk) All retailers and any business that processes payment should have a new document on hand that is meant to prevent and mitigate some of the millions of dollars in losses from card data breaches annually
Six Things You Can Learn from the Affordable Care Act (ACA) Website Snafus: Part II (Cyveillance Blog) In Part I of our blog series, we discussed three things your organization can learn from the Affordable Care ACT (ACA) website launch. In Part II, we will discuss three more
How Small Businesses Can Win On Security And Speed This Cyber Monday (Forbes) Cyber Monday is looming and more holiday shoppers than ever will buy online, skipping the crowds and snapping up last minute deals and free shipping. Next Monday is expected to produce $1.8 billion in sales – up 13.1% on last year, according to research group, IBISWorld. But, if you're a small business outsourcing most of your data storage and security to the cloud, it can be confusing to know what you should be doing to make sure your website is fast and secure
Cyber Wargaming: The Power of Disruptive Thinking (C4ISRNet) Cyber wargaming (or, as many call it, cyber attack simulation) has really taken off lately, and not just in the defense and intelligence communities. It has permeated throughout the government, the military and the intelligence communities and is rapidly making headway into the business community as well, particularly within the critical infrastructure provider community
Overcoming the data privacy obstacle to cloud based test and development (Help Net Security) How many times have data security and privacy constraints brought your key application development initiatives to a screeching halt? It usually occurs right around the time when contractors or outsourced vendors are called in to test the latest features or train users on major system enhancements but they are unable to do so. Why? The sensitive data that has traditionally been used to facilitate such activities now comes with some serious strings attached
Why BYOD actually increases security, based on the recent findings shared by Sophos (CSO) Businesses naturally manage risk. All risks, including finding and increasing revenue. Part of the process is the search for and adoption of new solutions and technologies that reduce the cost and increase the capability of driving new revenue. Due to the continued struggle for security to create, measure, and effectively communicate value, BYOD is poised to increase security and lower risks -- while providing a demonstrable value to the business
Botnet Takedowns Spur Debate Over Effectiveness, Ethics (Dark Reading) Attempts to shut down botnets have often failed to cripple the networks, but have led to improved legal strategies, greater public awareness, and stronger links between researchers and law enforcement
Survey: DDos Is Hot, Planning Is Not (Dark Reading) Most organizations don't have a game plan in the event of a distributed denial-of-service (DDoS) attack
Oubliez les mots de passe, pensez phrases de passe ! (CNET France) Pourquoi choisir des mots de passe compliqués et pourtant piratables, quand il suffit d'utiliser quatre mots aléatoires ? Attention, j'ai bien dit aléatoires. Pas quéstion d'aller chercher votre phrase dans la Bible ou dans un bouquin
Research and Development
NSA testing how to handle classified data over unsecured networks (Federal News Radio) In the view of the National Security Agency, just because information is classified doesn't mean authorized users should only be able to view it while they're tethered to their desks. So NSA is looking for ways to access classified information on tablets and smartphones over transport mechanisms and on devices that would have been unthinkable a few years ago
Cal Poly joins national cybersecurity educational effort (CSO) University starts educational initiative to train students to meet talent needs of cybersecurity industry
Legislation, Policy, and Regulation
UN Passes Anti–spying Resolution (SecurityWeek) A UN rights committee on Tuesday passed a "right to privacy" resolution pressed by Germany and Brazil, which have led international outrage over reports of US spying on their leaders
The right to privacy in the digital age (United Nations General Assembly) The General Assembly, reaffirming the purposes and principles of the Charter of the United Nations, reaffirming also the human rights and fundamental freedoms enshrined in the Universal Declaration of Human Rights and relevant international human rights treaties, including the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights
Uproar over French plan to extend online spying (The Local) Google and other internet giants have reacted angrily to the French government's plans to extend its surveillance of emails, phone calls and online behaviour, as the National Assembly met on Tuesday to discuss the proposal
Activists to Google: You could end Chinese internet censorship in 10 days (Naked Security) Eric Schmidt said recently that encrypting everything can end government censorship in a decade. Activists battling China's Great Firewall say why wait, when we just did it in a fraction of the time
Post–Snowden, European Commission Sets Out Actions Needed To Restore Trust In E.U.–U.S. Data Flows (TechCrunch) The European Commission has today detailed the actions it believes are required to restore trust in data-sharing agreements between the European Union and the U.S. following revelations of surveillance dragnets operated by U.S. intelligence agencies
Did NSA Secretly Tap the Internet Backbone? (CIO Today) Earlier this month, reports surfaced that the documents released by former NSA contract employee Edward Snowden showed the NSA had tapped the transmissions to and from Google's and Yahoo's data centers. The taps meant that the agency had access to hundreds of millions of user accounts, many of which are owned by Americans
Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radicalizers' (Huffington Post) The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches
Debate: Does Spying Keep Us Safe? (NPR) The recent revelations about National Security Agency surveillance programs have renewed the debate over the balance between national security and civil liberties
Surveillance Is Too Important to Be Left to the Generals (Politico) With each revelation of the National Security Agency's vast surveillance network, one thing is becoming clear: The generals charged with designing and managing the agency's initiatives—NSA Director Keith Alexander and Director of National Intelligence James Clapper—have been unable or unwilling to call attention to critical program details with broad societal implication
U.S Senators wants the NSA PRISM program to stop (Venture Capital Post) Three U.S senators, Ron Wyden of Oregon, Mark Udall of Colorado, and Martin Heinrich of New Mexico published an op-ed in the New York Times today, exhorting the U.S Senate to stop encouraging and giving NSA the green light on its "dragnet" surveillance programs. This follows after the recent revelation of NSA's activities that made everyone cry foul, including the government officials now
The Secret Story of How the NSA Began (The Atlantic) Congress was surprised to find that a federal intelligence agency they'd scarcely heard of was bigger and more powerful than one that they'd created
Home Alone (Foreign Policy) With Keith Alexander out fighting fires, meet the woman who's really running the NSA
Nation's Leading Scientists and Engineers Offer Thoughts On Enhancing Nation's Cybersecurity Posture via Presidential Level Council (CISOTech) After study and deliberation an advisory group of the Nation's leading scientists and engineers, appointed by the President to augment the science and technology advice available to him from inside the White House and from cabinet departments and other agencies, has provided recommendations on ways to strengthen the nation's cybersecurity
Privacy, Human Rights Groups Form New Anti–Surveillance Coalition (Threatpost) A large group of privacy and digital rights organizations has put together a new effort to urge politicians to curtail the mass surveillance operations that have been exposed in the last few months. The new coalition has developed a set of 13 principles for governments to follow in their intelligence gathering efforts and started a petition that it plans to deliver to the United Nations and governments around the world
Thirteen Rules of Intelligence (IMSL Insights) Admiral John Henry Godfrey, Director of Naval Intelligence from 1933 to 1935, was instrumental in the development of the OSS, a predecessor to the CIA, and he is alleged to be the inspiration for the character 'M' in the James Bond books — Ian Fleming was his 2ic
Litigation, Investigation, and Law Enforcement
NSA fingered in Dotcom scandal (Stuff) Police document on Kim Dotcom case makes passing reference to "data supplied to the GCSB" - raising questions of whether America's National Security Agency spied on the German millionaire. Kim Dotcom's lawyers have accused the government's electronic spy agency and police of deliberately withholding information crucial to their court case
Edward Snowden's 'Insurance Policy' Likely Means Life Or Death For Several Unnamed People (Business Insider) On Monday Mark Hosenball of Reuters reported that Edward Snowden has a "doomsday" cache of documents he stole from the NSA, which is set to dump onto the Internet and/or into the hands of selected journalists if "something happens" to Snowden
WikiLeaks's Julian Assange unlikely to face charges (Naked Security) US officials certainly don't like that he published top-secret documents, but they say that legally, he hasn't committed a crime - at least, not that they've determined so far. They've refrained from formally closing the grand jury investigation, though, so maybe they're holding out hope
Bitcoin online bank robbery — "because that's where the money is" (Naked Security) Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data
BIPS suffers Bitcoin heist (CSO) The world is drawn ever closer to the flame of Bitcoin and the inescapable lure of easy fortune. With that brings the criminal element that instinctually follows the scent of possible easy money
Teen Arrested for Allegedly Hacking Into Long Island School District (eSecurity Planet) Matthew Calicchio allegedly published thousands of student's personal information online
GCHQ was called in to crack password in Watkins child abuse case (The Register) Not just battling terrorists, it hunts down online predators too
For a complete running list of events, please visit the Event Tracker.
Security Analyst Summit 2014 (Punta Cana, Dominican Republic, Feb 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
DefCamp 2013 (Bucharest, Romania, Nov 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public representatives in the high energy atmosphere of Bucharest, Romania.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, Dec 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition. We all use these tools, but how many of us can describe how they work? This talk takes a deeper look at the differences found in those memory image files tied directly to the specific tools and techniques used in the acquisition process.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.