The CyberWire Daily Briefing for 1.8.2013
BB&T and Fifth Third join PNC as victims of Iranian hackers' latest distributed denial-of-service campaign against US banks. Local reports suggest the disruptions may become wider yet. In South Asia, Bangladeshi hacktivists (and defacement specialists) of the "3xp1r3 Cyber Army" hit many Indian sites. Belgium's Federal Police Service suffers a similar but unrelated attack.
An elaborate online hoax attributed to anti-coal activists temporarily cost Australian mining company Whitehaven Coal $314M in market cap. A bogus "Facebook Security Team" is phishing for user credentials. Facebook's Employee Secure Transfer service is also found to be vulnerable to third-party password reset. Windows RT is successfully jailbroken, and Yahoo Mail has an XSS vulnerability that permits account hijacking.
Internet Explorer's recent zero-day exploit is more clearly tied to China's Elderwood, as Tibetan and Uighur autonomy advocates are targeted. Microsoft's patches, expected later today, will not address these vulnerabilities. The company continues to advise users to apply its recently defeated temporary fix pending a permanent solution.
The US Los Alamos National Laboratory, citing security concerns, has divested itself of hardware containing Chinese-manufactured switches.
Symantec says its PGP vulnerability actually amounts to very little. The Omnicell health care IT breach that recently affected the University of Michigan has spread to South Jersey Healthcare and Sentara Healthcare.
Northrop Grumman, SAIC, and ManTech all say they're pursuing the US Department of Homeland Security continuous monitoring contract. The US Secret Service says its use of QinetiQ North America's Cyveillance services poses no real privacy issues.
Notes.
Today's issue includes events affecting Algeria, Australia, Bangladesh, Belgium, Canada, China, European Union, Greece, India, Iran, Japan, Romania, Singapore, Thailand, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
BB&T, PNC among banks targeted by cyber attack (Charlotte Business Journal) The attacks on banks' websites appear to be coordinated by the same Iranian hacker group that disrupted many major banks' service late last year. Winston-Salem-based BB&T (NYSE:BBT) Pittsburgh-based PNC (NYSE:PNC), both with a major presence in
Fifth Third website suffers cyber attack (Business Courier of Cincinnati) Fifth Third Bank was at least the second big bank with local operations to suffer a major cyber attack last week. Fifth Third (Nasdaq: FITB), Greater Cincinnati's largest locally based bank, had its website attacked Thursday, disrupting online
Iranian cyber attack targets US banks, again (BizPac Review) Republican presidential candidate Mitt Romney believed Iran was the biggest national security threat facing America. Now, a second round of suspected Iranian cyber attacks against U.S. banks is under way, and the Obama administration is
More than 600 Indian websites hacked by rEd X from 3xp1r3 Cyber Army (E Hacking News) More than 630 Sites Defaced by rEd X from 3xp1r3 Cyber Army ! The websites, most likely hosted on a single server, were altered to host the hacktivists message. The hacked sites appears to belong to various organizations, including colleges, small buisnesses. At press time, many administrators appeared to beworking on restoring their websites, but most of the affected sites still displayed the hackers message
Belgian Police Hacked (eSecurity Planet) Hacker SlixMe posted a deface message stating, 'Your log folder does a good job lolz.' Hacker SlixMe recently breached and defaced the official Web site for the Belgian Federal Police Service
Rogue trader: hoax triggers $314m fall (Sydney Morning Herald) One young man sitting in a forest used a laptop and a mobile phone to temporarily wipe more than $314million from the value of Nathan Tinklers Whitehaven Coal on Monday morning. The Australian Securities and Investments Commission is now making inquiries into the elaborate hoax, in which anti-coal campaigners issued a fake media release and impersonated a corporate affairs spokesman from ANZ Bank
Fake 'Facebook Security Team' account asks for your credentials (Help Net Security) An account posing as that of the Facebook Security Team has been spotted sending warnings to page administrators, trying to fool them into believing that their Facebook account will be suspended due
Nir Goldshlager found vulnerability in Facebook Employees Secure Files Transfer service (E Hacking News) A Web Application PenTester , Nir Goldshlager, has identified a Security flaw in the Facebook's Employee Secure File Transfer that allowed him to reset the password of accounts. The Secure File Transfer service provider "Acellion" provide service to Facebook's Employee for transferring files. The Acellion had removed the registration page to prevent unauthorized users from creating accounts
Windows RT 'jailbroken', shows its Windows 8 roots (Naked Security) A security researcher has discovered a way to allow any code to run on Windows RT/Surface tablets, effectively "jailbreaking" Microsoft's latest foray into mobile computing
Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts (Threatpost) Security researcher Shahin Ramezany developed an XSS proof-of-concept exploit that he claims puts some 400 million Yahoo Mail users at risk of having their accounts taken over
3 security things to watch: A Turkish twist, IE's quick fix, Anonymous takes action in high school assault case (IT World) Look for continued fallout from the security lapse at Turkish Certificate Authority TurkTrust this week in security. Also: pressure on Microsoft over IE flaw, and hacktivists take action in high profile high school rape case. The holidays are over, and everyone is plugging back into work - digging through a mountain of unanswered e-mail and otherwise taking the lay of the land. For those of you still emerging from your egg nog fog, here are some of the top security news stories worth following this week
Internet Explorer zero-day exploit found on more websites. Fingers point towards Elderwood Project (Naked Security) Paul Baccas, a researcher at SophosLabs, has uncovered two new sites which have been hit by the recently-discovered Internet Explorer zero-day remote code execution vulnerability. The attacks bear all the hallmarks of previous infections spread by the
Exclusive: U.S. nuclear lab removes Chinese tech over security fears (Reuters) A leading U.S. nuclear weapons laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two components because of national security concerns, a document shows. A letter from the Los Alamos National Laboratory in New Mexico, dated November 5, 2012, states that the research facility had installed devices made by H3C Technologies Co, based in Hangzhou, China, according to a copy seen by Reuters. H3C began as a joint venture between China's Huawei Technologies Co and 3Com Corp, a U.S. tech firm, and was once called Huawei-3Com
Anonymous Warns Canadians About Bill C-45, Enhanced Drivers Licenses (Softpedia) Anonymous Canada has released a new video statement to warn the countrys citizens about the recently introduced, controversial Bill C-45, also known as the second omnibus budget bill. The hacktivists claim that the Harper government is trying to use the 400-page bill to hide its secret agenda. Omnibus Bill C-45 was passed in Parliament just a few weeks ago and, as you may know, it unprotects hundreds of thousands of lakes and rivers and re-designates aboriginal land rights
Symantec plays down PGP hole (HITB) Symantec has quenched fears about a vulnerability in its PGP technology. According to a Pastebin statement, the pgpwded. sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058
Omnicell Breach Affects Patients of Sentara Healthcare, South Jersey Healthcare (eSecurity Planet) More than 68,000 patients in total appear to have impacted by the security breach. A recent security breach at medication management vendor Omnicell, which exposed the personal information of 4,000 patients of the University of Michigan Health System, also impacted several thousand patients of both South Jersey Healthcare and Sentara Healthcare
Ministry: No information leak confirmed, despite evidence of cyber-attack (The Daily Yomiuri) Questions have been raised about the agriculture ministry's explanation that it was unable to confirm traces of a leak of confidential documents related to sensitive trade negotiations, despite evidence showing its official computers had been remote
The TURKTRUST SSL certificate fiasco - what really happened, and what happens next? (Naked Security) A few days ago, my colleague Chester wrote an article with the no-punches-pulled headline Turkish Certificate Authority screwup leads to attempted Google impersonation. Since then, an online discussion and dissection of what happened - or, more accurately, what happened so far as one might tell - has unfolded, and seems to have reached a conclusion - or, more accurately, an acceptable hypothesis. Let me try to summarise as briefly as I dare
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Advance Notification for January 2013 (Microsoft Security TechCenter) This is an advance notification of security bulletins that Microsoft is intending to release on January 8, 2013. This bulletin advance notification will be replaced with the January bulletin summary on January 8, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
When The 'Fix It' Doesn't Fix It (Dark Reading) Microsoft's temporary fix for a new IE zero-day flaw is broken, researchers say, but software giant still recommends applying the fix until patch arrives
Researcher Who Found Nvidia Bug Confirms Security Update Clears Up Driver Zero Day (Threatpost) Nvidia patchNvidia has released a new driver for its graphics cards that includes a security update for a zero-day vulnerability in the Nvidia Display Driver Service that came to light on Christmas day. UK researcher Peter Winter-Smith posted vulnerability details and an exploit to Pastebin describing a stack buffer overflow vulnerability in the service, as well as his exploit, which bypassed DEP and ASLR on Windows machines
Cyber Trends
Personal Empowerment Worldwide Could Affect U.S. Security and Economics (SIGNAL Magazine) The release of the National Intelligence Council's Global Trends 2030: Alternative Worlds report in early December spawned a wave of media attention and crashed two websites hosting the document. For the first several days, officials tracked approximately 60,000 Tweets pertaining to the information sent out every 20 minutes. "The first thing to say is that the amount of response and amount of attention focused on it came really as a surprise to us…it did really go viral in a way we didn't appreciate beforehand," states Dr. Mathew Burrows, counselor, Office of the Director of National Intelligence, National Intelligence Council, and principal author of the report. But despite all the action surrounding Global Trends, contributors to it feel that certain facets might still need some attention
ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012 (Softpedia) The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends. According to the report, drive-by exploits malicious code injects used to exploit web browser vulnerabilities are the number one threat
Tablets will outsell notebooks in 2013, for the first time ever (Quartz) Apple will hold onto its market share, but China will be flush with home-grown tablets. In 2012, tablets outsold notebook computers in the US and China, but 2013 will be the year this trend goes global, according to NPD DisplaySearch. That's three years ahead of analysts' earlier estimates, and reflects a projected 64% growth in tablet purchases in 2013 versus 2012
Like virginity, lost privacy is gone for good -- CES panelist (CNET) Far from the barrage of gadget announcements, a comparatively unsexy discussion on the future of privacy and cloud-stored data unspooled at CES 2013.The future of privacy and the cloud occupied a sidestage at CES 2013 this morning, with one panelist comparing privacy lost to something else that can't be replaced. "Getting your privacy back is like getting your virginity back," said Jim Reavis, Executive Director of the non-profit Cloud Security Alliance, from a room on the second floor of Las Vegas Convention Center North building. The on-stage conversation between Reavis and other privacy experts focused mainly on desired changes to how to make the nebulous concept of online privacy more user-friendly
Marketplace
Defense Budget Cuts Of $45 Billion Seen By Pentagon (Bloomberg.com) The Pentagon faces a reduction of as much as $45 billion this fiscal year if automatic spending cuts take effect March 1, its comptroller said
Staring Down The Sequester Barrel (Washington Times) The 113th Congress' most pressing defense-related concern will be the military's budget, despite the previous Congress having averted the so-called "fiscal cliff"
Brad Antle: Spending Cuts Likely To Be Toned Down (ExecutiveBiz) Future spending cuts will likely come in the form of a gentle ramp and be less aggressive than previously feared, Salient Federal Solutions CEO Brad Antle told the Washington Post
Obama's Picks Signal Changes At Pentagon, CIA (Washington Post) President Obama is assembling a national security team designed for an era of downsized but enduring conflict, a team that will be asked to preside over the return of exhausted American troops and wield power through the targeted use of sanctions, Special Operations forces and drone strikes
DHS: impact of Secret Service Cyveillance system on individual privacy is limited (Fierce Governemnt IT) Although the primary purpose of the Secret Service's Cyveillance system is not to collect personally identifiable information, it may still do so as an unintended result of public web searches, says a privacy impact assessment conducted by the Homeland Security Department
USPS outlines plans for one-year Federal Cloud Credential Exchange pilot (Fierce Government IT) The Postal Service is moving forward with plans to conduct a one-year Federal Cloud Credential Exchange pilot designed to demonstrate next-generation online government applications requiring multi-factor authentication, according to a Federal Business Opportunities posting. As part of the Obama administration's National Strategy for Trusted Identities in Cyberspace, FCCX would enable the acceptance of third-party credentials to facilitate access to online government services
Northrop, SAIC, ManTech among those to bid for DHS' $6B cyber program (Washington Business Journal) Falls Church-based Computer Sciences Corp. would not officially say whether the company plans to submit a proposal, but cyber lead executive Sam Visner told
CRGT makes deal for Guident Technologies (Washington Technology) With the acquisitions, CRGT is picking up more capabilities in areas such big data analytics and business intelligence. It is the third acquisition in two
Altamont Buys Investigations Provider, Aiming for Federal Growth (Govconwire) Private equity firm Altamont Capital Partners has acquired background investigations firm Omniplex World Services Corp. for an undisclosed amount, Washington Technology reports. This is Altamont's second acquisition within a month as it bought window maker Cascade Windows in December 2012, according to the report. Altamont made the transaction to pursue growth in the federal market
Booz Allen Obtains HITRUST CSF Assessor Designation (SYS-CON Media) Booz Allen Hamilton understands the new cyber security risks and challenges facing the healthcare industry as it moves toward new models of integrated
SiteLock to Serve as Data Privacy Day Champion for National Cyber Security Alliance (Virtual Strategy) SiteLock LLC, a leading provider of website security solutions for online businesses around the world, announced today that it has volunteered to participate in the fifth annual Data Privacy Day as part of the company's ongoing commitment to cyber security
Vistronix Buys Geospatial Data Software Maker Technology Associates (Govconwire) Vistronix has acquired Stafford, Va.-based Technology Associates International Corp., a maker of geospatial and data visualization software for U.S. military and civilian agencies. Vistronix did not disclose terms of the deal and said 450 Technology Associates employees will join Vistronix. Deepak Hathiramani, chairman and CEO of Vistronix, said the company is aiming to become
Booz Allen, SAIC, URS, WBB Win Navy Program Mgmt, IT Services IDIQ (Govconwire) The U.S. Navy has awarded four companies positions on a contract, where they will compete to provide the branch with program management and information technology programming and governance services. The Defense Department said work under the indefinite-delivery/indefinite-quantity contract will support the energy and environmental readiness division within the Office of the Chief of Naval Operations
Startup Takes Military Approach to Cybersecurity (eSecurity Planet) Former U.S. Defense Department official raises $26 million to fund a new type of cybersecurity technology. Are there enterprise IT lessons to be learned from how the U.S. military approaches cybersecurity? Yes, according to a startup called Shape Security. The co-founder of Shape Security, Sumit Agarwal, spent
'The telephone network is obsolete': Get ready for the all-IP telco (Ars Technica) AT&T wants to get rid of obsolete PSTN equipment, and those pesky FCC rules
5 Things VMware Should Do In 2013 (InformationWeek) VMware's vision of the software-defined data center is still a long ways off and hard to achieve, but these steps will take it closer to its goals
Lancope Appoints Amrit Williams As CTO (Dark Reading) Williams also held positions with IBM, Gartner, and McAfee
Northrop Names Ret. Vice Adm. Stephen Stanley Cyber, C4 VP (Govconwire) Northrop Grumman (NYSE: NOC) has appointed retired Navy Vice Adm. Stephen Stanley vice president of cybersecurity and C4 (command, control, communications and computers). The company said the appointment is effective immediately and he will report to Sid Ashworth, corporate VP of government relations. Stanley, a 37-year Navy veteran, will lead the cybersecurity and C4 portfolio
Products, Services, and Solutions
Fortinet Strengthens Data Center and Cloud Security With Introduction Of New High-Performance Security Blade (Dark Reading) FortiGate-5001C blade protects low-latency networks and multitenant cloud customers against blended threats and Web-based attacks
Qualcomm Revamps Its Snapdragon Line, Unveils The High-End Snapdragon 800 And 600 Chipsets (TechCrunch) Qualcomm's isn't really a brand that figures prominently into the average person's understanding of the mobile space, and that's exactly the issue that the San Diego-based semiconductor company is trying to tackle in its newest and most prominent CES keynote to date. Cringeworthy introduction aside (facepalm material as far as the eye could see), Qualcomm CEO Paul Jacobs took the stage to
Google stops highlighting censored search terms for China (IT World) Google has quietly shut down a search function that helped users in China navigate past the country's censorship systems, after authorities had tried to block the feature
Cuckoo 0.5 is out and the world didn't end (Internet Storm Center) This one kind of slipped by unnoticed over the holidays, but Claudio & company released a new version of the Cuckoo sandbox and it has some some nice new features. Some of the more significant ones to me are: full memory dumps of the virtual machines, added packages for jar, java applet, and zip files, support for Windows 7 (yippee!!!)
Yahoo adds HTTPS support to Yahoo mail (H-online) Yahoo has begun to catch up with the other webmail providers and is now offering HTTPS as an option on its service. Support for HTTPS has been requested for a long time by users of the system to help improve their privacy when accessing mail, especially over Wi-Fi connections; logging in with HTTPS previously redirected users to an HTTP based service. Now users can select Options->Mail Options and select "Turn On SSL"; this will ensure that HTTPS is enabled on their connection
Dell SecureWorks reveals new cloud security service (Siliconrepublic.com) Security research shows that web applications are one of the most common entry points for cyber-attackers. "Dell and Dell SecureWorks are committed to
Copied Android apps sold on Google Play at higher prices (Help Net Security) App developer Root Uninstaller claims that some of his original apps for the Android platform have been copied and are currently being sold on Google Play. He offers the example of his Smart RAM
SuperSpeed USB (USB 3.0) at 10 Gbps with new capabilities (Help Net Security) The USB 3.0 Promoter Group announced development of a SuperSpeed USB (USB 3.0) enhancement that will add a much higher data rate, delivering up to twice the data through-put performance of existing
Toshiba unveils SSD with cryptographic-erase and self-encryption (Help Net Security) Toshiba announced new enterprise SAS solid state drives (SSD), mobile SATA hard disk drives (HDD), including self-encrypting drive (SED) models in both product categories, and new enterprise-grade
CES 2013: New Smartphones On Deck (InformationWeek) CES 2013 kicks off this week in Las Vegas and promises to provide a modest smorgasbord of new smartphones. Here's what we're likely to see
Technologies, Techniques, and Standards
Five Security Tools Every Small Business Must Have (Dark Reading) Small businesses often are short on security skills, staffing, and budget. Here are five tools that can help
It's Classified: The Secret To Cloud Risk Management Success (Dark Reading) Classifying data can help evaluate the risk of sending information to the cloud and better manage risk throughout the data lifecycle
3 older technologies that everyone should embrace (IT World) Sometimes the latest isn't the greatest. Technology pundit types like me are always blabbering about bleeding-edge technology. Wow! A holographic wristwatch that lets Princess Leia tell you the time! A browser plug-in that ignores your email so you don't have to! A wireless camera fork that automatically tweets pictures of your lunch! Unfortunately, some bleeding-edge technology you read about never ships. And even if it does ship, most new tech products are never taken up by most people
SkypeHide system, steganography to secure communications on Skype (Security Affairs) In this period there is an intense debate on the wiretapping of every communication channel, governments are increasing the monitoring of internet, of social network platforms and VOIP conversations in many cases with supports of the companies that provide those services. In a recent post I discussed on the control ordered by Indian Governments that ,for homeland security, decided to control every users activity on-line exactly as many other authorities in the world. Skype is one of the most diffused VOIP client used by millions of persons for business such as in the free time, simple and efficiency it has catch a large piece of the market also because in the past it was considered a secure tool to speak avoiding law enforcement interception due its architecture
Information Security Certifications: Badges of Dishonor (Infosecurity Magazine) A new certification scheme has been developed for information assurance professionals to help the UK Government meet its cybersecurity objectives
The importance of data normalization in IPS (Help Net Security) To fully comprehend the importance of data normalization in an Intrusion Prevention System, it is first necessary to understand what data normalization is and what it does, how it accomplishes its goals
Design and Innovation
TEDCO Realigns Core Investment Programs (PE Hub) The Maryland Technology Development Corporation has announced the realignment of two of its core funding and investment programs, the addition of a Patent Assistance Program and that it will be managing four new highly-focused investment funds, or TEDCO affinity funds. The organization's restructuring of existing investment programs and addition of affinity funds will position the public corporation to generate long-term income to further leverage the State's investment in innovation
CES 2013: Standout Start-ups Spotted (IEEE Spectrum) A list-based social networking site and 3-D virtual reality modeling system distinguish themselves from the crowd
HackerRank Will Host Back To School Hackathon, Bringing College Students To Hot Startups (TechCrunch) HackerRank has hosted college-focused hackathons before, but on February 2, it plans to connect some of the top coding talent in universities with some of the best-known companies in Silicon Valley
Witnessing The Rebirth Of The Greek Startup Ecosystem (TechCrunch) Thousands of years ago Greeks plied the waters of the Mediterranean as traders and merchants. They were, perhaps, amongst the first ever entrepreneurs. But somewhere along the line between then and now that history faded. Admittedly, inklings of that spirit remained in the world famous Greek shipping industry – but a reliance on government jobs and European Union subsidies did its best to quell
Academia
Singapore Polytechnic Intros Cyber Wargame Center (eSecurity Planet) The center was co-funded by the Infocomm Development Authority of Singapore. Singapore Polytechnic recently announced the launch of its new Cyber Wargame Center, which is part of the school's Diploma in Infocomm Security Management (DISM) program
Apple's Education Phenomenon: iPad (InformationWeek) iPad's popularity with students and instructors helped Apple break its own education market sales records in 2012
Legislation, Policy, and Regulation
NSA's 'Perfect Citizen' power grid security plan far from perfect (CSO) Freedom of Information Act release on the program release half-redacted, leaving many questions by privacy advocates unanswered
If You Thought Obama's Drone Godfather Was Powerful, Wait 'Til He's at the CIA (Wired Danger Room) The president's pick to head the CIA is about to become the most feared man in the intelligence bureaucracy — if he isn't that guy already
Obama's CIA nominee an advocate for federal cybersec regulations (IT World) John Brennan, nominated today by President Barack Obama to be the director of the CIA, has been a vocal advocate for federal cybersecurity legislation in recent months
Iran and India, control and monitoring of networks (Security Affairs) The news is circulating for days, the Iranian head of the national security forces , Esmail Ahmadi Moghadam, declared that law enforcement of the country is developing a software for smart control of social-networking sites, the authorities have understood that the control of the powerful platforms is more important filtering. Moghadam exposed the consideration made by the Supreme Council of Cyberspace, the entity that is controlled by President Mahmoud Ahmadinejad and brings together other top Iranian officials, including the intelligence chief and the head of the Revolutionary Guards
Park: Governmentwide data memo coming 'soon' (Fierce Government IT) The Obama administration will soon issue policy requiring new government data to be open to the public and machine readable as a default, said Todd Park, chief technology officer within the Office of Science and Technology Policy
Litigation, Investigation, and Law Enforcement
Why Facebook Data Tends to Condemn You in Court (Wired Business) Prosecutors can obtain Facebook data more easily than defense attorneys, thanks to the federal Stored Communications Act
Study Says Yahoo, Google Help Fund Pirate Sites (Wired Threat Level) Google and Yahoo were among the top advertising networks servicing the most ads on pirate sites, according to a new study unveiled Thursday. The analysis by the Annenberg Innovation Lab at the University of Southern California found that Pasadena, California-based
Congressman calls for investigation of leaks in Google antitrust case (Ars Technica) Not all press leaks proved accurate, but Rep. Issa says they violate federal law
Algerian Hacker Wanted in the US Arrested by Thai Police (Softpedia) 24-year-old Algerian National Hamza Bendelladj has been arrested by Thai police at Bangkok's Suvarnabhumi Airport while transiting from Malaysia to Egypt. Laptops, a tablet computer, a satellite phone and some external hard drives were found in the suspects possession. According to authorities from Thailand, cited by the Bangkok Post, Bendelladj is wanted by the US Federal Bureau of Investigations on suspicion of hacking into private accounts in over 200 banks and other financial organizations from all around the world
Counterfeit Controversy: Internet Feeds Rise in Fake Currency (ABC News) Online tutorials show scammers how to print millions of dollars with everyday office equipment
Feds Dismantle Piracy Ring That Stole Super-Expensive Software (Wired) A Chinese national was set to plead guilty Monday for his role in a massive $100 million online software piracy scheme that authorities said was one of the most significant copyright infringement cases ever uncovered. According to Delaware federal court papers, Xiang Li has agreed to plead guilty to two federal charges related to the selling, without authorization, of high-end software programs for a fraction of their retail worth
Kaiser Permanente Case Underscores Due Diligence Requirement (Threatpost) California and U.S. authorities are investigating whether Kaiser Permanente violated some 300,000 patients' privacy when dealing with a Mom and Pop document storage company that kept medical records in a shared warehouse and stored sensitive data on home computers. The investigation, according to the Los Angeles Times, was triggered by a complaint filed last year by Stephen and Liza Dean of Indio, Calif., who claim Kaiser failed to safeguard patients' medical records. The Deans contend Kaiser gave the paper files to them for almost seven months without a contract and that employees routinely e-mailed them for patient records, providing full names, dates of birth and Social Security numbers and treatment dates to ensure the proper folders were pulled
Romanian sentenced for multimillion-dollar payment card hack scheme (Net-Security) A Romanian national was sentenced today to serve 21 months in prison for his role in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants computers, announced the U.S. Department of Justice. Cezar Butu, 27, of Ploiesti, Romania, was sentenced by Judge Steven J. McAuliffe in U.S. District Court in New Hampshire. On Sept. 17, 2012, Butu pleaded guilty to one count of conspiracy to commit access device fraud
GI's Hearing In WikiLeaks Case Focuses On Motive (Associated Press) An Army private charged with sending reams of classified documents to WikiLeaks is returning to Fort Meade for a pretrial hearing about whether his motivation matters
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TED X Baltimore: Baltimore Rewired (Baltimore, Maryland, USA, Jan 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but individual TEDx events, including ours, are self-organized.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
ATMiA US Conference 2013 (Scottsdale, Arizona, US, Feb 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, Feb 26 - Mar 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
CTIN Digital Forensics Conference (Seattle, Washington, USA, Mar 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.
IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, Mar 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.