The CyberWire Daily Briefing for 4.16.2013
OpIsrael may have largely fizzled, but attackers continue to seek new targets, including the Nigerian Ministry of Energy (for exporting oil to Israel). Elsewhere in the Middle East the Syrian Electronic Army defaces US NPR sites apparently out of displeasure over NPR's coverage of Syria's civil war.
The WordPress attacks, now characterized as a brute-force campaign continue, and observers note with concern their probable connection with earlier attacks on banks—the attackers appear to be assembling botnets that could be used in fresh campaigns against the financial sector.
Microsoft has found a Trojan (Nemin.gen) that erases itself to defeat reverse engineering and forensic analysis. It's also unusual in that the downloader is itself the payload.
Digital Defense announces discovery of a zero-day vulnerability in Dell EqualLogic storage solution that could enable a remote unauthenticated attacker to steal files. Kaspersky finds a new piece of Android malware targeting Uyghur activists.
A cyber riot brews up between Indian and Brazilian hacktivists: apparently national pride is at issue. Turkish hackers attack, with no clear motive, Taiwan's Gigabyte Technology.
Retailers and other businesses might learn from Schnucks' recent experience with a point-of-sale breach. The US Midwestern supermarket chain has a reputation for sophisticated early adoption of technology, and they are unlikely to have been a soft target. But their experience shows the increasing cunning and rapacity of cyber criminals.
Saudi Arabia plans a five-year $400M investment in data loss prevention. The US National Institute of Standards and Technology advances its public-private cyber framework partnership.
Notes.
Today's issue includes events affecting Algeria, Australia, Bangladesh, Brazil, China, Finland, India, Israel, Kenya, Republic of Korea, Luxembourg, Malaysia, Netherlands, Nigeria, Portugal, Syria, Taiwan, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Nigerian Ministry of Energy Website Hacked by SiR Abdou (TheHackersPost) Hacker going with the handle SiR Abdou has hacked and defaced Ministry of Energy, Nigeria Website (ministryofenergy.dl.gov.ng) for exporting Oil to Israel. At the time of writing, Site was displaying Internal Path of the website with SQL queries
Algerian Hacker Details Cyber Attack on Israel (OODA Loop) An Algerian hacker using the handle 'Ismail-man54' said that thousands of Arab and Muslim hackers opposed to Israel participated in the recent attack on 90 Israeli websites. He also said that the attack had been planned since November 2012, with the
Syrian Electronic Army hacks NPR, vandalizes headlines (Naked Security) The Syrian Electronic Army appears to have hacked into accounts belonging to the NPR media network, and defaced news stories
WordPress Sites Targeted by Mass Brute-force Botnet Attack (US_CERT) US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are utilizing over 90,000 servers to compromise websites' administrator panels by exploiting hosts with "admin" as account name, and weak passwords which are being resolved through brute force attack methods
Hackers Using Brute-Force Attacks to Harvest WordPress Sites (Threatpost) Months of distributed denial of service attacks against major U.S. banks have evolved in magnitude and ferocity causing service disruptions for online banking customers. They've also shown the way for other attackers to adapt and evolve techniques used in those attacks
Microsoft Discovers Trojan That Erases Evidence Of Its Existence (Dark Reading) This downloader is also the payload. Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: it deletes its own components so researchers and forensics investigators can't analyze or identify it. The so-called Win32/Nemim.gen!A Trojan is also unusual in that unlike most Trojan downloaders that are put in place to deliver the real payload, this Trojan is also the payload, according to Jonathan San Jose, a member of Microsoft's Malware Protection Center
Digital Defense Discovers Zero-Day Vulnerability in Dell EqualLogic Storage Solution (Wall Street Journal) Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, announced a zero-day finding, discovered by the company's Vulnerability Research Team (VRT). The flaw is a directory traversal which resides in the Dell EqualLogic solution. A remote unauthenticated attacker could potentially leverage the vulnerability to retrieve system files. This security issue was revealed using DDI's patent-pending vulnerability scanning technology
Security expert identifies targeted attack utilizing malware for Android devices (CSO) Kaspersky Lab has detected a new targeted attack against Uyghur activists which, for the first time, is based on a malicious program for Android-based mobile devices. The attack is designed and performed in a similar manner as numerous other attacks on Uyghur and Tibetan activists, but instead of relying on exploit-rigged DOC, XLS or PDF documents for Windows-based computers or Macs, it targets mobile devices
FAA and security researchers at odds over airplane hack security (Naked Security) The avionics bigwigs FAA and EASA have said "bunk!" to a researcher's claims that his new Android app could potentially hack planes. OK, says fellow plane hacker "Renderman," if that's true, there's no harm in giving public access to your test labs, now is there
In tit for tat, Indian hackers deface 37 Brazilian websites (The Hindu) In retaliation for the hacking of several Indian government websites by Brazilian hackers on April 6, a group of unknown Indian hackers has defaced 37 Brazilian websites, virtually declaring a cyberwar. The Indian hackers have not only blocked the websites but also left a provocative message claiming that the server of all the hacked websites was "now under the control of the Indian hackers."
Malaysian government behind media cyber attacks: Sarawak Report (Radio Australia) On Thursday, the websites for Radio Free Malaysia, Radio Free Sarawak and the news portal Sarawak Report were brought down by a cyber attack strategy known as Distributed Denial Of Service - whereby millions of computers send requests at the same
After ING, now it's Rabobank's turn for a cyber attack (DutchNews.nl) Rabobank customers were unable to access their online accounts for some 15 minutes on Monday after the bank was subjected to a cyber attack. A spokesman for the bank said its firewall had managed to block the attack and the bank's systems were quickly
Cyber Attack Sent 300,000 Government E-Mails Astray (Chosun Ilbo) A cyber attack last week on government computer networks caused 300,000 official e-mails to be delivered to the wrong recipients, it belatedly emerged on Monday. The Ministry of Culture, Sports and Tourism said an unregistered IP address accessed the government's integrated computer network for half an hour, causing 300,000 official messages to be sent out to random Hanmail accounts
Online Poker Rooms Fraught With Vulnerabilities (Threatpost) In the lucrative world of online gambling, many poker rooms – especially those that rely on the user to download a client to play – are marred by insecurities
Hacker TiGER-M@TE Hits Google Kenya, Bing Kenya, LinkedIn Kenya (eSecurity Planet) The Kenyan Web sites for Google, Dell, Skype, MSN, Bing, LinkedIn, HP, Microsoft, YouTube and others were defaced. Bangladeshi hacker TiGER-M@TE recently defaced several leading Web sites in Kenya, including google.co.ke, dell.co.ke, skype.co.ke, msn.co.ke, bing.co.ke, linkedin.co.ke, hp.co.ke, microsoft.co.ke, youtube.co.ke and others
Turkish Ajan Hacker Group Hits Gigabyte Technology (eSecurity Planet) The group released a file containing employee data, sales records, PowerPoint presentations and more. Hacker Maxney of the Turkish Ajan Hacker Group recently breached and defaced four subdomains of the Web site for Taiwan's Gigabyte Technology
Schnucks supermarket chain struggled to find breach that exposed 2.4M cards (CSO) Company's experience highlights growing sophistication of attacks, analysts say
Pa. state websites go dark; cyber-attack ruled out (Philly.com) A spokesman for the Office of Administration said Monday the outages were a technical issue and not the result of a cyber-attack. Spokesman Dan Egan says the websites that are down are the ones that are usually accessible through a web portal whose
Security Patches, Mitigations, and Software Updates
Google Fixes Three High-Risk Flaws in Chrome OS (Threatpost) Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. As part of its reward program, Google paid out more than $30,000 to a researcher who found three of the vulnerabilities
New security protection, fixes for 39 exploitable bugs coming to Java (Ars Technica) Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers
Cyber Trends
Gartner: By 2015, 10 Percent Of Overall IT Security Enterprise Product Capabilities Will Be Delivered In The Cloud (Dark Reading) By 2015, 10% of overall IT security enterprise product capabilities will be delivered in the cloud, according to Gartner, Inc. The services are also driving changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and Identity and Access Management (IAM). Gartner expects the cloud-based security services market to reach $4.2 billion by 2016
Survey Show IT Managers Increasingly Concerned Over DDoS Attacks (Dark Reading) New independent research commissioned by Corero Network Security (CNS: LN) shows that businesses are more stressed than ever about being the target of a Distributed Denial of Service (DDoS) attack. A survey of UK organisation's found that 41% of IT managers were 'highly or extremely' concerned about being the victim of an attack compared to 29% in 2012. Carried out by Vanson Bourne, the survey compared attitudes over the last two years among 100 mid to large-sized UK enterprises
Anonymous Hackers Hit TeenProgram.info, RestoringFamily.com (eSecurity Planet) More than 1,800 e-mail addresses and passwords were published online as part of #OpLiberation. As part of #OpLiberation, an ongoing effort to expose abuse of children at educational institutions for troubled teenagers, members of Anonymous recently leaked login information from the online institution directories TeenProgram.info and RestoringFamily.com
32.8 Million Android Devices Infected in 2012 (eSecurity Planet) And more than 10 million devices were infected in the first quarter of 2013, according to NQ Mobile. NQ Mobile today released its 2012 Security Report [PDF file], which states that the number of mobile malware threats increased by 163 percent to more than 65,000 in 2012. The company says almost 95 percent of all mobile malware in 2012 targeted the Android operating system, and the top three methods for delivering such malware were app repackaging, malicious URLs, and smishing
Android Remains Main Target For Mobile Malware Writers Despite iOS Having More Vulnerabilities, Says Symantec (TechCrunch) Mobile malware remains a small and nascent issue, especially when compared to the scale of threats crowding around desktop OSes, but the threat that is out there continues to mostly affect Google's Android platform. This despite Apple's iOS technically having more vulnerabilities, according to a new report by security software firm Symantec
Symantec: Industrial espionage on the rise, SMBs a target (ZDNet) Security giant Symantec's latest Internet Security Threat report says that attacks focused on stealing intellectual property
Cyberterrorism Preparedness for Fire and Emergency Services (Fire Engineering) The frequency and sophistication of terrorist attacks increase with each passing year. So does the likelihood of another terrorist attack on the United States. Some believe we are living on borrowed time with each day that passes without terrorists attempting another attack. Recently, multiple intelligence experts have warned of a new phenomenon--the blended or combination terror attack. This type of attack is comprised of traditional methods used by terrorists--commonly thought of as bombs and bullets--with cyberattacks. The objective is to enhance the impact and losses that result from the physical forms of terror
Australian cyber posture is poor (ITWire) A recent Ponemon report commissioned by Juniper Networks found that IT and security ... in their organisation's ability to detect and prevent cyber attacks
Cyber criminals target employees' devices (Financial Times) It's unclear exactly when BYOD, or bring your own device, computing was born. But it was probably some time between the launch of the iPhone and its appearance in the boardroom. The trend spread quickly. According to data from Forrester Research, three out of every four employees now want to use their personal mobile devices for work
Marketplace
InfoWatch: Saudi Arabia to invest $400m in data loss prevention (CSO) According to the latest market research conducted by the InfoWatch Group, Saudi Arabia is expected to invest up to $400 million in data loss prevention (DLP) over the next five years
2014 Budget Request: DARPA (FierceGovernmentIT) Spending at the Defense Advanced Research Projects Agency would go down slightly under the White House fiscal 2014 budget proposal when the agency's requested amount is adjusted for the Office of Management and Budget's projected rate of inflation
Lockheed Martin Hosts Cyber Defense Exercise Supporting NSA For 11th Year (Sacramento Bee) Lockheed Martin (NYSE: LMT) will host emerging cyber leaders from U.S. and Canadian military service academies to test their capabilities this week against experts from the National Security Agency in the
NIST signs on vendors to develop cybersecurity framework (Health IT Security) The next step of the National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) plans will go into effect today as it officially brings in vendors to aid its cybersecurity framework development. NIST is holding a signing ceremony for companies and organizations that, as National Cybersecurity Excellence Partners, will subsidize hardware and software offerings and share best cybersecurity practices to organize and best use knowledge and technology
HyTrust Partners with National Cybersecurity Center of Excellence (Wall Street Journal) Press will have the opportunity to join U.S. Senator Barbara Mikulski and National Security Agency Director General Keith B. Alexander on a brief tour of the organization's new, state-of-the-art facilities and learn about other NIST cybersecurity programs
McAfee to Join NIST Cybersecurity Center of Excellence (The New New Internet) McAfee is joining the National Institute of Standards and Technology cybersecurity center of excellence center, according to a company statement
Peter 'Mudge' Zatko to Join Google, Led DARPA Cyber Funding Program (GovConWire) Peter Zatko, a former program manager in the Defense Advanced Research Projects Agency's strategic technology office, is joining Google in an as-of-yet unspecified role
Watchful Software Is Selected a Winner of Red Herring's Top 100 Europe Award (MarketWatch) Watchful Software, a leading provider of data-centric information security solutions, announced today that it has been selected as one of the winners of Red Herring's Top 100 Europe award, a prestigious list honoring the year's most promising private technology ventures in Europe
Will New Hires Impede Future Security? (Bank Info Security) The rush to find qualified IT security professionals to meet current cyber-threats could jeopardize IT systems' security in the not-too-distant future, say two leading IT security experts, Eugene Spafford and Ron Ross. Spafford, a Purdue University computer science professor, and Ross, a leading IT security and information risk management expert at the National Institute of Standards and Technology, presented differing views, at times, on the role cloud computing performs in helping mitigate information risk in the first of a two-part interview
Products, Services, and Solutions
Microsoft eyes ditching browser for secure Web apps (CSO) The company is developing Embassies, a more secure client-side architecture using Internet addresses for external communications
Facebook affirms its privacy commitment with national campaign (CSO) Facebook is teaming up with the nation's attorneys general to launch a public awareness campaign aimed at keeping young people safer on the site
Vulnerabilities up nearly 20%, reveals new HP research group (CSO) HP has formed the HP Security Research (HPSR) organization, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio. Under the direction of the new organization, the company also introduced findings from its annual Cyber Security Risk Report
Linux Foundation takes over Xen, enlists Amazon in war to rule the cloud (Ars Technica) Xen virtualization gains support from Amazon, Cisco, Google, Intel, and more
Panda Global Protection 2013 review (ITProPortal) Panda Security was the first company to pioneer the cloud as the ideal place to hold AV signatures and other data used in checking for threats on a PC. Though many companies now do things more or less this way, the key feature of cloud-based protection is the light footprint it has on its host machines. The new full version of the Panda product is Panda Global Protection 2013 and it offers most of the components usually seen in Internet security (IS) products, although it's yet to take a multi-platform approach for the wide range of devices many of us use now. That's promised for the 2014 versions
Salient Commercial Solutions Introduces Two New Assure6 Products to Detect and Block IPv6-based Malicious Attacks (ITNews) Salient Commercial Solutions, Inc. (Salient), a Salient Federal Solutions Company providing information technology and engineering solutions in the cyber security and agile development commercial markets, today announced two new cyber security solutions to its patent pending Assure6 product line designed to prevent, detect, and block IPv6 malicious attacks through IPv4 and IPv6 networks
ViaSat KG-200R Ruggedized Data at Rest Encryptor is Now NSA Certified (Sacramento Bee) The National Security Agency/Central Security Service (NSA/CSS) has certified the KG-200R Hardware Encryptor, a ruggedized inline media encryptor from ViaSat Inc. (NASDAQ:VSAT) that protects
Guidance Software Announces New Services to Accelerate Bringing E-Discovery In-House (4-Traders) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations, today announced two new professional services designed to help companies fundamentally improve the way they manage electronic discovery to gain efficiencies, achieve compliance, and reduce costs: EnCase eDiscovery Started Right and EnCase eDiscovery Done Right
Stonesoft Receives Fourth Consecutive NSS Labs 'Recommend' Status (MarketWatch) The Stonesoft 3202 appliance has received the "recommend" status in the latest Next Generation Firewall test by the world's leading independent network security research and analyst organization NSS Labs
Technologies, Techniques, and Standards
Marrying IT Risk Management With Enterprise Procurement (Dark Reading) Third parties represent a big chunk of data breaches and experts say the only way to address the risk is to get IT risk managers working with vendor management executives
NIST: It's Time to Abandon Control Frameworks as We Know Them (Tripwire) Developing a Framework To Improve Critical Infrastructure Cybersecurity: On February 12, 2013, the White House announced the "Improving Critical Infrastructure Cybersecurity" Executive Order. Subsequently, on February 26, 2013, the National Institute of Standards and Technology (NIST) published in the Federal Register a Request For Information (RFI). NIST takes its definition of "critical infrastructure" from the 42 U.S.C. 5195c(e) which states that it is all "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters"
Oops - You Mean That Deleted Server was a Certificate Authority? (Internet Storm Center) I was recently working at a client, implementing wireless. As in many Enterprise Wireless projects, we needed an Enterprise Certificate Authority (CA). Imagine my surprise, that when we went to create an Enterprise Root CA, that one already existed. And when we went to take a closer look at that Root CA, when we found that the server was retired - dead and gone, I got that sinking feeling and realized we might be on a trip down the project-over-run rabbit hole
APT 1: Technical backstage malware analysis (Malware.lu) The company Mandiant published in February 2013 a report about an Advance Persistent Threat (APT) called APT1. The report can be freely downloaded here: http://intelreport.mandiant.com/. Inspired by this article, we have decided to perform our own technical analysis of this case. In the report, Mandiant explains that the attackers were using a well-known Remote Administration Tool (RAT) called Poison Ivy and that they were located in China. We based our investigation based on those two facts only
Luxembourg: The Steve McQueen of Cybersecurity (Volokh Conspiracy) Here's the scant good news on cybersecurity It's getting harder for attackers to hide. The same security weaknesses that bedevil our networks can be found on the systems used by our attackers. A shorter version is something I call Baker's Law: "Our security sucks. But so does theirs." That's good news because, with a little gumption, we can exploit hacker networks, gather evidence that identifies our attackers, and eventually take action that will make them regret their career choices. Unfortunately, the United States has been sitting out this attribution revolution…Justice wants to cut off the debate over hacking back. But it's too late for that. Even if Justice adopts something tougher than its carefully qualified (and longstanding) statement that hackbacks are "likely a violation" of federal law, all it can really do is drive hackbacks offshore, leaving US companies more exposed to intrusions than companies in more tough-minded jurisdictions. Exhibit A for this theory is a recent cybersecurity report from two Luxembourg entities, a private computer incident response team and iTrust Consulting. Because it turns out that, as far as hackbacks go, little Luxembourg has more cojones than the entire United States cybersecurity establishment
Design and Innovation
Government Secrecy Orders on Patents Have Stifled More Than 5,000 Inventions (Wired Threat Level) If the government thinks your patent-pending invention has national security implications, it can slap a secrecy order on it that prevents you from developing it. More than 5,300 such orders have been issued, with some of them in effect for
Academia
Military academies take on NSA in cybersecurity competition (CSO) 'Cyber Defense Exercise' pits spy agency spooks against students from West Point, Annapolis and the Air Force Academy
Stanford's NovoEd Brings Collaboration And Group Learning To MOOCs To Help Fight Attrition (TechCrunch) What is it with Stanford professors and Massive Open Online Courses (a.k.a. MOOCs)? For those who have no idea what I'm talking about, two of the three most popular MOOCs — Udacity and Coursera — were both founded by Stanford professors. Then there's Class2Go, an open-source MOOC platform created by a team of Stanford engineers and professors, which recently "merged" with edX (the third member)
Legislation, Policy, and Regulation
Cyberwarrior Medal Is Canceled By Hagel (Washington Post) The special medal for the Pentagon's drone operators and cyberwarriors didn't last long. Two months after the "distinguished warfare medal" for troops that don't set foot on the battlefield was announced, Secretary of Defense Chuck Hagel has concluded that it was a bad idea. Some veterans and some lawmakers spoke out against the award, arguing that it was unfair to make the medal a higher honor than some issued for valor on the battlefield
US agency denies data center to monitor citizens' emails (Reuters) The U.S. National Security Agency on Monday denied that a $1.2 billion data center it is building in the Utah desert will be used to illegally eavesdrop on or monitor the emails of U.S. citizens. The secretive agency, which
US House to vote on CISPA cyber threat bill this week (InfoWorld) The Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cyber threat information-sharing bill, will be debated on the floor of the U.S. House of Representatives this week, despite continued opposition from some privacy and digital
When All Else Fails During a Cyber Attack, Shoot Down a Satellite (Motherboard) Everybody in the United States government seems basically horrified about the destructive possibilities of a major cyber attack hitting our infrastructure. President Obama is describing apocalyptic outcomes involving toxic sludge and poisoned drinking water. The Pentagon is scrambling to recruit grey-hat hackers with enough skills to stand up against cyber nightmares like the People's Liberation Army in China. Anonymous is just laughing at everybody (as usual). But really, pranking, recruiting and fear-mongering aside, what do we do if we get hit with one of these scary attacks and can't defend ourselves? We cut the cord, of course. At least of the guys who plays a role in building our cyber security strategy from the ground up says that when all else fails, the US may start shooting down satellites to stem the flow of toxic code onto American networks. Michael Schmitt, a former Air Force intelligence officer and current chairman of the international law department at the U.S. Naval College, sat down for an interview with The New Scientist this week and spoke frankly about the worst case scenario
Cyber Security Goes Ballistic (HS Today) The Whitehouse recently announced that President Barack Obama has the authority to initiate a preventive cyber strike in the event that an attack on the US is threatened. This announcement means that in the cyber domain, the military now has the authority to attack foreign nations, regardless of whether or not the US is involved in a conflict with them. This pre-emptive cyber policy has numerous implications for international politics.
Cyber war is just a dangerous guessing game (Aljazeera) Getting to the bottom of Stuxnet is a sticky business, though plenty of researchers are trying. What is known is that it was a worm targeted at a uranium enrichment site in Iran, ostensibly to slow down the country's nuclear production programme. It is also known that it was the first cyber attack that has directly caused physical damage. What is not so clear is who was behind the attack, nor whether a Stuxnet-like virus could potentially knock out a city's power grid or other critical infrastructure - and panic around the latter has led to much rhetoric around the growing threat of cyber war
Litigation, Investigation, and Law Enforcement
Hacker pleads guilty to attacks on UK Police, Oxbridge university websites (Naked Security) A 21-year-old British man has pleaded guilty to charges that he attempted to bring down a number of websites, including those belonging to Oxford and Cambridge universities, as well as the site belonging to the Kent Police force who ultimately arrested him
Taiwan's Fair Trade Commission Investigating Samsung For Online Attacks Against HTC (TechCrunch) Taiwan's Fair Trade Commission is investigating charges that Samsung paid students to attack rival HTC's smartphones online. The South Korean tech giant could potentially face a fine of up to NTD $25 million ($835,000 USD) if the charges of false advertising are upheld. Samsung's Taiwanese agent allegedly hired students to write online articles attacking HTC and recommending
BlackBerry charges stock manipulation, asks for government probe into report (FierceMobileIT) Returns of BlackBerry's (NASDAQ: BBRY) Z10 smartphones are exceeding sales in "several cases," according to a report by Detwiler Fenton & Co. that was cited by a Bloomberg article. This is a "phenomenon we have never seen before," the report said. It cited user dissatisfaction with the interface as the reason for the returns. But BlackBerry quickly shot back, charging that the information was "false" and that Detwiler Fenton was deliberately trying to manipulate the stock price
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
SANS 20 Critical Security Controls Briefing (Washington, DC, USA, Apr 18, 2013) The SANS Institute presents an Executive Briefing on the 20 Critical Security Controls.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
cybergamut Technical Tuesday: Secure VoIP & Messaging for Mobile Platforms (Laurel, Maryland, USA, Apr 23, 2013) Phil Zimmermann of Silent Circle will show you how to communicate securely without relying on PKI. cybergamut Technical Tuesday is for cyber professionals to exchange ideas and discuss technical issues of mutual interest.
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.
cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, Apr 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.
TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, Apr 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.