The CyberWire Daily Briefing for 12.4.2013
news from the SINET Innovation Showcase
SINET's 2013 Innovation Showcase opens today in Washington, DC. We'll report breaking news from this conference as well as interviews with some of the participants. Today is devoted to workshops; tomorrow will feature presentations and exhibits by the 2013 SINET 16 innovators.
Today's topics will include: Department of Defense (DoD) Science and Technology (S&T) Priorities; Bringing Silicon Valley Innovation to Washington DC; Cybersecurity Risk Insurance – The Way Ahead; Cyber Global Security Business Opportunities, Post [USG surveillance] Disclosures; Department of Homeland Security, Science & Technology Directorate; Conducting Business with the Federal Government and the System Integration Community: What Works - What Doesn't; Software Testing Tools: Where We Are Today and Where are Going; and How to Receive Third Party Accreditation in Accordance with FedRAMP.
SophosLabs finds a new PlugX malware variant directed against a fresh target: the Japanese word processor Ichitaro. TrustWave uncovers a very large "trove" of credentials—Facebook, Twitter, Google, Yahoo, LinkedIn—as it rummages the Pony botnet.
Banking Trojan Neverquest is identified (by Symantec) as an evolved version of the Snifula family. And ZeuS is now routinely packaged as an anti-virus update.
Visual basic scripting malware, formerly found mostly in targeted attacks, is now spreading widely through Latin America.
Windows XP exploits grow as the obsolescent OS nears the end of its supported life. Some of them are now circumventing sandboxes in unpatched versions of Adobe Reader. The Chinese government wants Microsoft to rethink its decision to stop support of XP, but few think this likely to happen.
The InfoSec Institute offers some advice on coping with CryptoLocker ransomware.
Healthcare.gov continues to draw tepid security reviews. The private sector has its own issues in the form of the iPharmacy Drug Guide & Pill ID app, said to be unpleasantly leaky with personal information.
Bitcoin crooks remain on the cyber-lam.
Sure, it's a stunt, but SkyJack's drone-hacking offers food for thought about hacker R&D.
Webroot's redoubtable Mr. Danchev notes another way in which criminal markets ape legitimate ones—celebrity endorsements: a dodgy Russian VPN service touts itself as "recommended by Edward Snowden."
The US and UK continue to seek a cyber-security modus vivendi with China.
Speaking of Snowden, the Guardian says it has lots more stuff to reveal, and promises it's "shocking."
Notes.
Today's issue includes events affecting Australia, China, Estonia, France, India, Indonesia, Israel, Japan, Lebanon, New Zealand, United Arab Emirates, United Kingdom, and United States..
Washington, DC: the latest from the 2013 SINET Showcase
The 2013 SINET 16 Innovators have been announced (SINET) SINET has selected the top 16 entrepreneurs from 115 entries to share emerging Cybersecurity solutions at SINET Showcase
Cyber Attacks, Threats, and Vulnerabilities
From the Labs: New PlugX malware variant takes aim at Japan (Naked Security) SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample. He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro
Almost 2 million stolen passwords uncovered in cybercrime haul (Graham Cluley) Security researchers at Trustwave have uncovered a stash of almost two million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo, LinkedIn and many other sites
Look What I Found: Moar Pony! (TrustWave SpiderLabs Anterior) In our last episode of "Look What I Found" we talked about a fairly large instance of the Pony Botnet Controller
Dangerous New Banking Trojan Neverquest Is an Evolution of an Older Threat (Symantec Connect) There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites
ZeuS — now packed as an antivirus update (Securelist) Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers. The messages we detected used the product and service names belonging to Kaspersky Lab, McAfee, ESET NOD32 and many others
Adobe Sandbox Circumvented By Windows XP Zero–Day (Tripwire State of Security) Researchers have determined that a zero-day vulnerability in Windows XP and Windows Server 2003 is being actively exploited in the wild in order to bypass the sandbox in unpatched versions of Adobe Reader
VBS Malware Spreading in Latin America (TrendLabs Security Intelligence Blog) During the past few months, we've been observing increases in the number of systems infected by VBS (visual basic scripting) malware, specifically VBS_SOSYOS, VBS_JENXCUS and VBS_DUNIHI. Most of these systems were found in Latin America, a region typically targeted by the Banker/Bancos Trojan
Cybercriminals increasingly using compromised digital certificates to camouflage malware (FierceITSecurity) Cybercriminals are increasingly employing compromised digital certificates to camouflage malware, warns McAfee Labs' third quarter security report
A taste of the horrible things to come for Windows XP (BGR) Windows XP is now more than 12 years old but according to data from Net Applications, it is still used on more than 31% of desktop and laptop computers around the world. Those tens of millions of PC users could be in for a very rude awakening next year once Microsoft cuts off support for the aged operating system
Beijing leans on Microsoft to maintain Windows XP support (The Register) Come on, we've only just ditched our pirated copies
Tips to avoid being bit by CryptoLocker (and what to do if you are) (CSO) InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offer suggestions for avoiding infection
Expert: Healthcare.gov Security Risks Even Worse After 'Fix' (Washington Free Beacon) Obamacare website more vulnerable to security breaches
Mobile Threat Monday: Android App Leaks Your Medical Info Online (PC Mag) We trust medical practitioners to give us good advice, and to keep the deeply personal information about our health and our ailments secure. But the iPharmacy Drug Guide & Pill ID app is playing fast and loose with your personal info
Thieves Covering Tracks Following $100M Bitcoin Heist (Threatpost) As if Bitcoin malware and Bitcoin mining malware weren't enough to worry about, there was more trouble for the users of the digital crypto-currency last week as 96,000 Bitcoins disappeared from the Sheep Marketplace exchange
Flying hacker contraption hunts other drones, turns them into zombies (Ars Technica) Ever wanted your own botnet of flying drones? SkyJack can help
Cyber–security puzzle: Who is sending Internet traffic on long, strange trips? (Christian Science Monitor via Yahoo! News) The Internet traffic of governments and financial companies is being quietly and momentarily diverted to overseas locations, cyber-security experts say. Who is doing it and why are mysteries
Cybercrime–friendly VPN service provider pitches itself as being 'recommended by Edward Snowden' (Webroot Threat Blog) We've recently spotted a multi–hop Russian cybercrime–friendly VPN service provider — ad featured not syndicated at a well known cybercrime–friendly community — that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it's pitching itself as being recommended by ex–NSA contractor Edward Snowden
The 12 scams of Christmas (CSO) McAfee has released its "12 Scams of Christmas" list, warning shoppers of this season's biggest threats
Anonymous factions threaten cyber–war on one another over anti–NSA hacks (CyberWarZone) Hackers affiliated with the Anonymous Australia collective have posted a video warning their counterparts in Indonesia that if they do not stop infiltrating private Aussie web sites the two factions could engage in an all-out cyber-war
Security Patches, Mitigations, and Software Updates
Ubuntu 12.04 LTS Receives Major Kernel Update (Softpedia) Once again, Canonical does a good job at protecting its supported Ubuntu Linux distributions by releasing security updates from time to time. On December 3, Ubuntu 12.04 LTS received a major kernel upgrade that fixed twelve vulnerabilities discovered in the upstream Linux 3.2 kernel by various developers
Botched Outlook 2013 patches KB 2837618 and KB 2837643 break Out Of Office reply, Free/Busy, and more (InfoWorld) Installing KB 2837618 has caused a slew of problems, and adding KB 2837643 to the mix makes it impossible to fix them through a simple uninstall
VMware Patches Lgtosync.sys Privilege Escalation in Workstation, Fusion, ESX and ESXi (Softpedia) Certain versions of VMware's Workstation, Fusion, ESX and ESXi products are impacted by a vulnerability in the Lgtosync.sys driver that could be leveraged for privilege escalation on older Windows-based guest operating systems
Important Security Fixes Included in Ruby on Rails 4.0.2 and 3.2.16 (Softpedia) Versions 3.2.16 and 4.0.2 of Ruby on Rails have been released to address a number of important security issues. Users are advised to update their installations as soon as possible
Cyber Trends
What Would Nostradamus Have Said About Cyber Security in 2014? (SecurityWeek) It's that time of year again when everyone wants to wow you with their insights and predictions about what the next year will bring us in terms of technology and hacks in the security industry. Don't get me wrong, always thinking ahead and applying a predictive approach to security is an idea and practice I fully endorse. However, I would like to ask the security community as a whole to please not waste our time with vagaries and statements that are so broad that they could apply to anything, and/or at the same time, nothing
Banks Must Not Take The Internet For Granted (TechWeek Europe) Banks and other bodies can be hit badly if their Internet service fails, warns Stephen Bonner
Lost forever — 60% of users in the UAE could not fully restore data damaged by malware (Mid-East.Info Via Acquire Media NewsEdge) When malware strikes, the impact on data can be disastrous. And to make matters worse, there's no guarantee of getting that valuable information back
Over 80% of employees use unauthorized apps at work (Help Net Security) More than 80 percent of employees admit to using non-approved SaaS applications in their jobs, say the results of a McAfee survey. But what's even more interesting is that IT employees use a higher number of non-approved SaaS applications than other company employees
SMBs in A/NZ are continually vulnerable to cyber attacks: Check Point (ComputerWorld) Over the last 12 months, Check Point Software Technologies A/NZ engineering director, Geoff Prentis, has seen security threats "expand greatly" with a particular focus on SMBs
Businesses Suffer An Average Of 9 Targeted Attacks Per Year (Dark Reading) New study reveals breadth—and apparent success—of the typical advanced persistent threat (APT)–type attack
Reported Data Breaches Double in New Zealand (Security Current) Data breach notifications in New Zealand more than doubled in the year ending June 30, 2013 climbing to 107, New Zealand's Office of the Privacy Commissioner stated in its annual report last week. Three quarters of the breaches originated in the public sector
Could Google and the NSA Make Whistleblowers Disappear? (The Nation) There will be no need to kill a future Edward Snowden. He will already be dead
Is Cyber War Around the Corner? Collective Cyber Defense in the Near Future (Brookings) Information technologies and infrastructure—from satellites orbiting the earth to the smart phones in our hands, from undersea cables to wireless networks all around us, and from the global banking system to household appliances—play an increasingly indispensable role in daily life. At the same time, threats to cyber security are becoming both more numerous and more serious
The Network Security Implications of the Internet of Things (Information Security Buzz) The Internet of Things (IoT) has been weaving itself into the fabric of everyday life for some time now, including everything from connected cars to smart home applications, such as lighting and security systems, smart grids, smart meters and more
Worm may create an Internet of Harmful Things, says Symantec (Take note, Amazon) (ComputerWorld) Security researches are gradually raising warnings that the Internet of Things will increase, by multitudes, the number of things that can be hacked and attacked
Snowden, Cyber–espionage, hacktivism and Bitcoins cause security headaches (ARN) Kaspersky labs reveals security incidents that shaped 2013
Marketplace
US firms and the continuing battle against Chinese cyberespionage (FierceITSecurity) In this Editor's Corner, I want to take a deeper dive into the 2013 annual report from the U.S.-China Economic and Security Review Commission, particularly the threat posed by Chinese cyberespionage to U.S. firms
NSA spying scandal accelerating China's push to favor local tech vendors (InfoWorld) Revelations about U.S. secret surveillance have put a strain on the China business of Cisco and Qualcomm, the companies say
How to Build U.S.–China Cyber–Trust (Bank Info Security) A 2010 survey of IT security experts stunned many by naming the United States, not China, as the most feared nation in cyberspace
Wanted: One developer / sysadmin / masochist (ITWorld) Penny Arcade gets points for honesty in their recent job posting, but not much else
Snowden picked up hacking skills in India (ZDNet) NSA whistleblower Edward Snowden spent a week in New Delhi, training in advanced ethical hacking, where he earned his certification as an EC-Council Certified Security Analyst
A post–mortem of the Nirvanix shutdown (FierceCIO: TechWatch) You must know about cloud storage provider Nirvanix abruptly announcing that it was closing shop, leaving customers with just weeks to find a new provider and move their data off its cloud storage service. As we wrote at that time, this is all the more shocking as the company has collected some $70 million in funding since its launch in 2007, and has been touted as having "excellent" product viability by Gartner
Raytheon to Build Army Electronic Warfare Planning, Management Tool (GovConWire) Raytheon logoRaytheon (NYSE: RTN) has won a potential five-year, $97,850,000 contract to design and build a tool for the U.S. Army to plan and manage electronic warfare
Michael Fraser Joins Artel as Business Development, Strategy VP (GovConWire) Michael Fraser, formerly an executive vice president at satellite communications vendor iDirect Government Technologies, has joined SATCOM contractor Artel as vice president of strategy and business development
Rebecca Garcia Named Camber Corp. Business Development VP (GovConWire) Rebecca Garcia, who most recently served as director of SAS Federal's national security group, has been appointed vice president of business development at Camber Corp., GovCon Wire has learned
BlackBerry's Latest Letter Points To The Enterprise Escape Road (Forbes) BlackBerry's interim CEO John Chen has followed in the steps of previous incumbent Thorsten Heins by writing an open letter (available via the Blackberry For Business Blog), reassuring their Enterprise customers of an ongoing commitment to the BlackBerry infrastructure and their activities in the mobile enterprise management department
Pentagon Disconnects iPhone, Android Security Service, Forcing A Return To Blackberry For Some (Nextgov) Some military members who were working off Apple and Android-based smartphones and tablets now must return to using older model BlackBerrys because of a security service switchover, according to an email obtained by Nextgov and confirmed by Pentagon officials
Apple Purchases Data Analytics Firm With Access to Full Twitter Stream (Reason) Apple has acquired a company with access to "the hose" – the nickname for Twitter's stream of 500 million tweets per day
Products, Services, and Solutions
Happtique tests, certifies inaugural class of mHealth apps (FierceMobileHealthcare) New York-based mobile healthcare provider Happtique announced that it has certified 19 health and medical apps submitted by developers through its Health App Certification Program (HACP), in what the company calls a "first-of-its-kind program to test app privacy, security, and content"
Symantec to pull the plug on Backup Exec.cloud service (FierceCIO: TechWatch) Symantec plans to close down its Backup Exec.cloud service, and has informed its resellers to stop providing annual subscriptions to the service by January 6
New Blancco vCloud Eraser Securely Removes Virtual Server Data from VMware Platforms (Virtual-Strategy Magazine) Working seamlessly with VMware vCloud Director, Blancco software adds extra dimension to cloud security
Votiro Launches Free Cloud–Based File Sanitization Service (Sacramento Bee) New service neutralizes cyber–threats attached to suspicious files
Camber Corporation proves its mettle in the field of Cyber Defense (Sacramento Bee) Using their CENTS®, SLAM-R®, CYNTRS®, RGI®, and HOTSIM® tools, Camber Corporation provides real-time cyber training via scenarios that train and prepare responders to fight cyber-crimes and network attacks resulting in comprehensive network defense
Lookingglass Expands Threat Intelligence Capabilities (Dark Reading) Unveils new version of ScoutVision
Securonix Announces Access Scanner (Dark Reading) Scanner automatically identifies and helps remove high-risk access in critical business applications and systems
Stonesoft And Tufin Deliver Integrated Security Management Capabilities Enhancing Situational Awareness And Network Automation (Dark Reading) Companies announce completion of first phase of the integration of their management interfaces
Technologies, Techniques, and Standards
For a PCI–compliant database, implement database security controls (SearchSecurity) What are the most commonly accepted database security controls used to comply with PCI DSS? I'm concerned that since there is some subjectivity involved, our assessor won't be OK with our choices
Launch code for US nukes was 00000000 for 20 years (Ars Technica) PALs were not the pals of Strategic Command generals
Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES (The Register) Botnet decap should be a team effort — ex–detective infosec bod
The fundamentals of Google Hacking (Security Affairs) Rafael Souza (CISOof hackers online club) introduces the fundamentals of Google Hacking
The art of disrespecting AV (and other old-school controls) (Hexacorn) commenting about antivirus solutions
How the NSA Could Be Breaking SSL (Threatpost) How is the NSA beating or breaking SSL? Cryptographer Matthew Green lays out a number of possibilities
Research and Development
Picture This: Leveraging Big Data to Bolster Social Image Search (Wired) Hidden within each photo is a wealth of information about the objects, people, settings, and environment in which the photo was taken
Legislation, Policy, and Regulation
UK proposes formal talks on cyber security with China (ComputerWeekly) Prime minister David Cameron has called on China to be more open about cyber security, proposing formal talks on the "issue of mutual concern"
David Cameron challenges China over cyber spying (The Telegraph) PM makes clear concerns about cyber spying on Government and British companies during talks with Li Keqiang, the Chinese premier
Estonia, U.S. sign cyber security deal (Baltic Times) Estonian Foreign Minister Urmas Paet and US Secretary of State John Kerry have signed a major Cyber partnership statement on Dec. 3
MPs ask MI5 boss to justify claim that NSA leaks endangered national security (The Guardian) Keith Vaz, chairman of home affairs select committee, says spy chief Andrew Parker has been summoned to give evidence
Govt must come clean on spying — Labour (Stuff) Prime Minister John Key must tell the public if US spies are conducting mass surveillance on New Zealanders, Labour says
Lebanon Claims: Israel Launched a 'Cyberwar' Against Us (Arutz Sheva) Lebanese parliamentary committee claims Israeli spying devices have infiltrated UNIFIL and army networks
Carmakers grilled over hacking (Stuff) A US senator has asked 20 of the world's biggest automakers for information on how they secure their vehicles from cyber attacks, in light of reports by security experts who say they have identified ways to hack into cars
NSA, Security Issues Forced Out of Defense Debate (Roll Call) The uproar over domestic surveillance and national security issues may die down to a whimper in the Senate this year
Some NSA Opponents Want to 'Nullify' Surveillance With State Law (US News and World Report) Activists say legislation can cut water, kill snooping at Utah Data Center
Clinton Says NSA Spying Revelations Harmed U.S. Ties With Allies (Bloomberg) Former President Bill Clinton said allegations that the National Security Agency spied on world leaders have damaged relations with U.S. allies and show the need for stricter rules on intelligence gathering
India will ask the US government for help in spying on its citizens (Quartz) When you need help with a difficult problem, it's always wise to turn to an expert. Maybe that's why India's home ministry is planning to ask the United States for assistance in decrypting communications over Skype, BlackBerry, WeChat, and other services
Litigation, Investigation, and Law Enforcement
Google, Bing, Yahoo Ordered by French Court to Block Video Streaming Sites (Search Engine Watch) Typically, Google gets pirated content sites out of the search index when companies file a DMCA — numerous pirate sites have already been removed from the index due to webmaster guideline violations. However, a group of some companies, distributors and producers in France took Google and other search engines to court in order to see the search engines remove a group of pirate sites from the index permanently
China Exclusive: China detains Bitcoin fraud suspects (Xinhua via Global Post) Chinese police have detained three people who allegedly operated an online Bitcoin trading platform, shut it down unexpectedly, and vanished with investors' assets
Guardian Newspaper Staff May Face Charges For Assisting Terrorists (Huffington Post) British police are examining whether Guardian newspaper staff should be investigated for terrorism offences over their handling of data leaked by Edward Snowden, Britain's senior counter-terrorism officer said on Tuesday
Editor Describes Pressure After Leaks by Snowden (New York Times) The top editor of the British newspaper The Guardian told Parliament on Tuesday that since it obtained documents on government surveillance from a former National Security Agency contractor, Edward J. Snowden, it has met with government agencies in Britain and the United States more than 100 times and has been subjected to measures "designed to intimidate"
Espionnage : les documents à venir de Snowden vont «choquer» (Libération) Glenn Greenwald, qui s'est notamment fait connaître en publiant des révélations sur l'espionnage émanant de l'agence de sécurité américaine, a confié à «Télérama» ses projets
The Guardian has WAY MORE Snowden stuff left to leak (Daily Caller) Guardian editor Alan Rusbridger told Parliament Tuesday that the UK-based newspaper has only released one percent of the documents leaked by former National Security Agency contractor Edward Snowden
Army Investigates China Spy Incident…That Involves No Secrets (Foreign Policy) No secrets were spilled. And all of the documents in question are publicly available. But the U.S. Army has nonetheless launched an internal review of its administrative practices after members of a Chinese military delegation began asking for U.S. government manuals a bit too aggressively during a September visit to an American base
This Is the MIT Surveillance Video That Undid Aaron Swartz (Wired) The door to the network closet pops open and a slender figure enters, a bicycle helmet hanging from one arm. He sheds his backpack and pulls out a cardboard box containing a small hard drive, then kneels out of frame
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
Women in Cybersecurity Conference (Nashville, Tennessee, USA, Apr 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
The 2014 Cyber Security Summit (New York) (New York, New York, USA, Sep 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, Dec 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.
SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.
Strengthening the NIST Cyber Framework Against Advanced Threats (Washington, DC, USA, Dec 5, 2013) NIST's Cybersecurity Framework has tremendous value for risk management and defines best practices to block known threats. This discussion will share intelligence about campaigns by sophisticated cyber threat actors that have targeted critical infrastructure companies and discuss how well the Framework stacks up against advanced and new, unknown threats.
The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, Dec 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution.
World Congress on Internet Security (London, England, UK, Dec 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCIS aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.
ACSAC 2013 (New Orleans, Louisiana, USA, Dec 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.
Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, Dec 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work, time delays and operational cost in prioritizing what's really important. Identifying the risks that are true threats to the organization is critical. Join Cylance's Chief Knowledge Officer, Dr. Shane Shook along with industry experts Bob Bigman (President of 2BSecure and former CSO for the CIA) and Ulf Lindqvist (Program Director at SRI International) for a rousing round-table discussion on how your organization can determine what is a real threat, and what is merely a risk.
cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, Dec 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition. We all use these tools, but how many of us can describe how they work? This talk takes a deeper look at the differences found in those memory image files tied directly to the specific tools and techniques used in the acquisition process.
2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, Dec 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cyber security. The First ASE International Conference on Cyber Security provides a key forum for researchers and industry practitioners to exchange information regarding advancements in the state of art and practice of cyber security.
ACG® New York Cyber Security Investor Conference (New York, New York, Dec 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security. IT security spending will be $639 billion by 2023 — a tenfold increase.
Cyber Defense Initiative 2013 (Washington, DC, USA, Dec 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify skilled personnel and as part of extensive hands-on training.