The CyberWire Daily Briefing 04.23.13

Summary

By The CyberWire Staff

Anonymous, having last week gone after North Korean sites, displays a lofty indifference to distinctions between the peninsula's two regimes by attacking Seoul's Korea Exchange Bank.

As Twitter extends its reach and influence, it becomes a more attractive target for hacktivists and cyber criminals. The Syrian Electronic Army continues to try to hijack Twitter accounts, and Trusteer reports finding financial fraud malware disseminated via tweet. (The Dutch especially are affected.) Kaspersky identifies botnets engaged in spamming via Twitter—these are easily detected and shut down, but unfortunately also easy to create, so volume is the criminals' business model.

An Android Trojan appears in Google Play, infecting millions of users. Russian authorities shut down a bank fraud scheme. BitCoin exchanges remain under denial-of-service attack. Portuguese and Brazilian hackers, united apparently by language, promise to attack Ecuadoran targets after their (allegedly) successful data theft capers in Hong Kong and Dubai. Data breaches compromise gamers' credentials.

Akamai, Verizon, Arbor Networks and Microsoft release threat trend studies. Among their conclusions: China leads the world as the source of 41% of global attack traffic (the US is a distant second at 13%), some 20% of data breaches are cyberespionage as opposed to cybercrime (China is—cautiously—held responsible for most), businesses of all kinds are subjected to cyber attack, and denial-of-service attacks are growing in size and speed.

China's Lenovo, undeterred by the prospect of US sanctions, considers buying IBM's server business. Hoping to reduce cyber tensions, the US and China hold high-level military talks.

Notes.

Today's issue includes events affecting Brazil, China, Ecuador, India, Republic of Korea, People's Democratic Republic of Korea, Netherlands, Portugal, Russia, Syria, Taiwan, United Arab Emirates, United Kingdom, United States.

Selected Reading

Cyber Trends

Report: DDoS Attacks Getting Bigger, Faster Than Ever (Dark Reading) DDoS attacks of more than 10 Gbps now happen several times a day across the globe, study says. Distributed denial of service (DDoS) attacks are steadily increasing in size and speed, creating new problems for enterprise defenses, according to a study published today. Arbor Networks' first quarter ATLAS report, which measures the size and speed of DDoS attacks, says the average size of a DDoS attack continues to grow at about 20% a year. The average attack during Q1 was about 1.77 Gbps, up from about 1.48 Gbps in 2012

Microsoft's Security Intelligence Report (SIRv14) released (Internet Storm Center) This past Thursday (17 APR) Microsoft released volume 14 of its Security Intelligence Report (SIRv14) which includes new threat intelligence from over a billion systems worldwide. It should come as no surprise that network worms are on the decrease and that web-based attacks are all the rage. Interesting report highlights include: the proportion of Conficker and Autorun threats reported by enterprise computers each decreased by 37% from 2011 to 2H12; in the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites (see example below); enterprises were more likely to encounter the iFrame redirection technique than any other malware family tracked in 4Q12; one specific iFrame redirection family called IframeRef, increased fivefold in the fourth quarter of 2012 to become the number one malicious technique encountered by enterprises worldwide; IframeRef was detected nearly 3.3 million times in the fourth quarter of 2012

One in five data breaches are the result of cyberespionage, Verizon says (CSO) Verizon's data breach investigations report covering 2012 includes information on cyberespionage-related breaches for the first time. Even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon

Infosec 2013: Every business a target of cyber attack, Verizon breach report shows (ComputerWeekly) Every business is a target of some kind of threat, the most comprehensive Verizon data breach report to date has shown. The Verizon 2013 Data Breach Investigations Report, launched at Infosecurity Europe 2013 in London, is based on the broadest set of data breach sources since the report was introduced five years ago

China accounts for 41 percent of global computer attack traffic (ZDNet) Perhaps there's something in China's allegations that the United States is just as bad. A new security report points the finger at China as the main source of malicious computer attacks -- and the United States came in second. In a report due to be released today by Akamai Technologies, the security firm says that the Asian country is accountable for 41 percent of all global computer-attack traffic. As reported by Bloomberg, the latest statistic suggests that cyberattacks from China have risen over three times based on last year. In addition, there has been a 33 percent hike from the last quarter

What nation does most cyberspying? (Politico) In total, Verizon confirmed 621 total breaches among more than 47,000 reported cyber incidents. Three-fourths of those 621 breaches were "financially motivated" cyber crimes, according to Verizon, while state-affiliated espionage -- including from

The age of information highway robbery (Help Net Security) Distributed Denial of Service (DDoS) attacks are a widespread problem in the iGaming industry with hackers betting that they can make money from online gambling merchants by threatening to take down

Current Analysis: M2M security worries mount as enterprise usage grows (FierceMobileIT) With the increasing growth of machine-to-machine communications comes the growing concern about the security of the data collected and transmitted by M2M modules and platforms, noted Kathryn Weldon, a principal analyst for enterprise mobility at research firm Current Analysis

Data loss tops corporate concerns about BYOD security, survey finds (FierceMobileIT) Improving employee satisfaction, mobility and productivity is the top reason why enterprises implement BYOD, according to a survey of 1,600 members of LinkedIn's Information Security Group

The update jungle: PC owners have to watch 24 sources for fixes (The H) The average UK computer user has to keep their eye on 24 different update mechanisms to keep their PC up to date. That's the result that comes from Secunia's latest Security Reportfor the UK which looked at the state of security and the software installed on computer systems. Suffering from one of the worst offenders in terms of lacking updates were the 16% of users who had Adobe Flash Player 10.x installed on their systems; 88% of them were running unpatched versions. 90% of the users in Secunia's survey were running Flash Player 11.x and things were somewhat better there with only 14% being unpatched. Although open source applications are patched quickly, getting those patches to users also proved difficult

Legislation, Policy and Regulation

U.S. And China Put Focus On Cybersecurity (New York Times) The United States and China held their highest-level military talks in nearly two years on Monday, with a senior Chinese general pledging to work with the United States on cybersecurity because the consequences of a major cyberattack "may be as serious as a nuclear bomb"

China General With Dempsey Compares Cyber-Attack to Nuclear Bomb (San Francisco Chronicle) China wants to work with the U.S. on cyber-security because the effects of an Internet attack could be as serious as a nuclear bomb, a Chinese general said at a briefing with the chairman of the U.S. Joint Chiefs of Staff

Report: China Is Top Source Of Cyber-Spying (Washington Post) Analyses of hundreds of documented data breaches found that hackers affiliated with the Chinese government were by far the most energetic and successful cyberspies in the world last year, according to a report to be issued Tuesday by government and industry investigators

CISPA Blackout: Bill Strengthens Cyber Security Protection, Threatens Privacy (PolicyMic) Mr. Schiff, and all other advocates of the bill, also failed to address the immense access to private computer network data analysis the bill would grant the National Security Agency (NSA), which is already a notoriously controversial infringement on

Why Is Congress Trying to Make Our Internet Abuse Laws Worse, not Better? (Atlantic) The Computer Fraud and Abuse Act is too vague and broad to make sense in an increasingly computer-mediated world. Yet legislators don't seem to get it

Amendment to US cyber attack law banning employers from asking for Facebook (Daily Mail) An attempt to ban US bosses from asking employees to hand over their Facebook login details has been blocked by Congress. A last minute alteration to the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that would have prevented

Hanna seeks to enlist Guard in cyber efforts (Rome Sentinel) According to Alan Paller of the SANS Institute, the Pentagon alone is short by about 10000 cyber experts with only 2000 in place. The Cyber Warrior Act of

Products, Services, and Solutions

CounterTack Partners With Preventia to Provide Advanced Malware Analysis Internationally (MarketWatch) CounterTack, the industry's first and only provider of in-progress cyber attack intelligence and response solutions, today announced its first international customer and strategic partner -- Preventia, a leading IT security specialist, boutique integrator and professional services provider in London

New DayZero™ Malware Detection Developer's Kit Provides 32/64-bit Platform Support (PR Web) Now, be first in detecting freshly-minted, zero day malware by building SigFree(TM) signature-free technology into a broad range of security applications and threat management suites. Share on Twitter Share on Facebook Share on Google+ Share on

DLP suite for companies with limited IT support resources (Help Net Security) Safetica Technologies has launched Safetica 5, the newest version of its Data Leak Protection/monitoring suite, which prevents "human factor" issues that can lead to the loss of confidential data

Unlocking MS Office 2007/2010 documents (Help Net Security) Cloud-based password unlocking service Password-Find introduced a new decrypting algorithm that unlocks half of Microsoft Office 2007/2010 Word, Excel, and PowerPoint documents in a matter of seconds

Cloud-based email threat protection from Dell (Help Net Security) Dell announced SonicWALL Hosted Email Security 2.0, a cloud-based service providing multi-layered email threat protection backed by 24/7 online and phone support. Dell Email Security solutions use

Qualys and FireMon enable real-time network risk visibility (Help Net Security) Qualys and FireMon announced the integration of QualysGuard Vulnerability Management (VM) and FireMon Security Manager with Risk Analyzer in FireMon's upcoming 7.0 release. This enables customers

CyberReveal: a new approach to security intelligence (Help Net Security) BAE Systems Detica launched CyberReveal, an analytics and investigation product that gives companies the intelligence they need to protect their valuable intellectual property and sensitive commercial

Protect Your Mac Or PC With Bitdefender Antivirus (Cult of Mac) Bitdefender is the first and only anti-virus software that will protect dual operating systems on one computer. It's the perfect solution for individuals who use Parallels or CrossOver to run Windows and Mac OS X on one machine because Bitdefender

Technologies, Techniques, and Standards

How financial institutions can overcome the cloud security barrier (Help Net Security) In financial services, with the hundreds of complex regulations that apply to data, private cloud adoption is still more common than the public cloud to date. However, that is changing quickly

Military Uses Big Data As Spy Tech (InformationWeek) U.S. intelligence agencies use semantic analysis software to find potential security threats from massive volumes of incoming data. The planning that led up to last week's terrorist attacks in Boston is still largely a mystery, although more details are slowly becoming known. The fact that the Boston Marathon bombings occurred, however, show the daunting challenges that military and law enforcement officials face in preventing terrorist attacks

Marketplace

Steven J. Vaughan-Nichols: The CIA and the cloud (Computerworld) As Michael McConnell, former director of the National Security Agency, said last year, "The economics of the cloud are so compelling they can't be denied. [But] we have to get the security aspects right." How do you do that? The CIA isn't likely to

VanRoekel: Fiscal 2014 request includes data-driven innovation fund (FierceGovernmentIT) The president's fiscal 2014 budget request includes funding for a new Office of Management and Budget oversight program, said Federal Chief Information Officer Steven VanRoekel. "Some of my new responsibility, presented in the fiscal 14 budget is this new evidence-based, or data-driven innovation fund," VanRoekel said, while speaking at an AFCEA Bethesda breakfast April 19. The fund will fall under the budget for Integrated, Efficient and Effective Uses of Information Technology, said VanRoekel

Lockheed Gets $217 Million to Upgrade Pentagon IT (Motley Fool) Lockheed Martin (NYSE: LMT ) has been awarded a $217 million, five-year contract to provide the Department of Defense with information technology equipment, software development tools, and relevant services to support the DoD's IT, information assurance, and information management activities. All of these activities are being performed under the aegis of the DoD's "2013 Campaign Plan" for IT modernization

AF Picks 8 Companies for $7B IT Products IDIQ (GovConWire) Eight companies have won potential $6.9 billion information technology products contract with the U.S. Air Force, covering commercial-offOffice Forms Facilitator-the-shelf products for the branch's Internet Protocol network. The Air Force awarded the potential six-year contract as a result of corrective action taken last year, the Defense Department said Friday. Netcents-2 was first awarded in Apri

2013 IT Salary Survey: How does your salary compare? (IT News) Computerworld's survey of more than 4,000 tech professionals shows optimism is running high -- but not everyone is riding the wave. Here's a rundown of how workers are doing

Report: Chinese PC Maker In Talks to Buy IBM Server Unit for $6B (New New Internet) Lenovo Group Ltd. is in preliminary discussions with IBM to buy the latter's x86 server business unit in a transaction that could be worth between $5 billion and $6 billion

How smaller rivals beat Wipro and Infosys and turned India's IT sector upside down (Quartz) The players in India's $108 billion information-technology industry are realigning. Finally. While pioneers like Infosys and Wipro have been caught wrong footed, agile rivals are banking on aggression and vision to grow their businesses

Research and Development

Boeing technology offers secure, efficient way to tie together business, industrial nets (CSO) The Boeing Company is pioneering a way to securely bring together business IT networks with what ordinarily are entirely separate networks for industrial-control systems (ICS) in order to gain efficiencies and benefits in information-sharing in manufacturing

Cyber Attacks, Threats, and Vulnerabilities

International hacking group claims cyber-attack on Korean bank (Yonhap News) An international hacking group, known to have hacked pro-North Korean Web sites, said Tuesday it has obtained personal data from Korea Exchange Bank (KEB), amid

Twitter plays cat-and-mouse with hackers of the Syrian Electronic Army (Naked Security) Twitter's security team appears to be playing whack-a-mole with a group of hackers who have made a name for themselves hijacking the accounts of high profile media organisations

Twitter malware spreading via Javascript code attack on hijacked accounts (V3.co.uk) Cyber criminals are using hijacked Twitter accounts to spread malware via tweets containing malicious links, according to security firm Trusteer. Trusteer discovered a version of the TorRAT malware traditionally used to target financial institutions being spread via Twitter on Monday

New Malware Targeting the Dutch Through Twitter (Threatpost) As Twitter continues to secure its footing in the social network spectrum, it continues to be complemented by an ongoing deluge of spam and malware, intent on tapping into - and duping - the social network's 200 million plus users. Tanya Shafir, a researcher at the security firm Trusteer recently discovered a new type of

New Malware Hijacks Twitter Accounts for Financial Fraud (Mashable) Cyber criminals are always looking for new ways to avoid detection, escape cyber sleuths, and carry out their cyber crimes. So it shouldn't be surprising that malicious hackers are now taking advantage of social media. A newly discovered malware, designed to gain access to users' banking credentials, uses Twitter to spread itself and reach more victims

Botnets target social networks with spam (CSO) Life can be short for bogus profiles, but the spam keeps on coming. Life for a phony profile on Twitter may be short, but it isn't deterring spammers from continuing to work their scams on social networkers, says one security researcher. Bots aimed at Twitter are usually easily identified and shut down, but they're quickly recreated, Kaspersky Lab security expert Vicente Diaz wrote on Monday

New Android Trojan downloaded from Google Play by millions (Help Net Security) Millions of Android users have been tricked into downloading a new Trojan masquerading a slew or legitimate apps directly from Google Play, warns Lookout researcher Marc Rogers

Prolific Russian Bank Fraud Scheme Halted (Threatpost) If you've ever sat in on a cybersecurity hearing on Capitol Hill or attended a security conference , then you're no doubt familiar with the oft-preached need for information sharing and private-public partnerships. So frequently repeated are these refrains that they're almost as meaningless as the acronym "APT." However, the security firm Group-IB and the

World's largest bitcoin exchange under DDoS attack (Help Net Security) Mt.Gox, the world's largest bitcoin exchange, has been downed earlier today by what appears to be a "strong DDoS attack". "We are working hard to overcome it and will update when possible

Portugal Cyber Army, HighTech Brazil HackTeam Hit Dubai Airport, Hong Kong Police (eSecurity Planet) The hackers say their next target will be the National Police of Ecuador

LulzSec Hackers Hit The GTA RPG, Slighter Golf (eSecurity Planet) More than 4,400 registered users' e-mail addresses, user names, encrypted passwords and IP addresses were published online

108,000+ account details of Sims players leaked (Help Net Security) NewSeaSims, a website where Sims players can download custom content for their characters, has suffered a breach which resulted in the compromise of registered users' email addresses, username and passwords

LulzSec Hackers Hit The GTA RPG, Slighter Golf (eSecurity Planet) More than 4,400 registered users' e-mail addresses, user names, encrypted passwords and IP addresses were published online

Chrome and Java Pwn2Own Vulnerabilities Explained (Threatpost) Details have been disclosed about vulnerabilities exploited in Chrome and Java during the Pwn2Own contest. Google made patches available for the Chrome flaw within 24 hours, while Oracle patched Java fully last week. Details were not disclosed by the researchers, who netted tens of thousands for their exploits, until last Friday, more than a month

Academia

Why Amherst College is not running toward online education (Quartz) How should a small liberal arts college sustain itself amid "intense ferment" and "unparalleled technological change?" In 1944, as Amherst College hit a critical turning point in its history, president Stanley King put that question before the faculty

Cyber Everything at MTSU in May! (WGNS) It is indeed a hightech world in which we live - - The 2013 Middle Tennessee Cyber Summit will be held May 7-8 at MTSU in the ballroom of the new Student Union Building

Rochester Institute of Technology Crowned National Collegiate Cyber Defense Champion (Wall Street Journal) Platinum sponsors included the Department of Homeland Security -- Science and Technology, Splunk and Walmart. "As a first time attendee to the NCCDC I was as impressed with the quality of the event as I was with the talent level of the competitors

Litigation, Investigation, and Enforcement

Lawsuits Bring Clarity To SMBs In Corporate Account Takeovers (Dark Reading) Small businesses have had millions of dollars stolen from their accounts by online thieves; court cases have started creating a clear picture of responsibilities. A ruling in a Missouri lawsuit may define the required security standard for small- and medium-sized businesses, and their banks, to prevent online thieves from stealing hundreds of thousands of dollars and sending it overseas

#Freejahar Hashtag Rallies Emerging Cult of Boston Bomb Suspect (Wired Danger Room) Mirroring the crowdsourcing techniques favored by 4chan and Reddit to find the Boston Marathon bombers, now a Twitter campaign has begun to exonerate Suspect #2. Yet online extremism forums aren't playing along

Manhunt Turns Ustream Into a Crowdsourced CNN (Wired Business) The manhunt for Dzhokhar Tsarnaev was one of only a handful of landmark moments in the history of six-year-old online video startup Ustream

Hacking Trial Devoid of Hacking Awaits Jury Verdict (Wired Threat Level) The same hacking statute internet sensation Aaron Swartz was being prosecuted under until his January suicide is quietly being tested in a San Francisco federal courtroom — to little fanfare in a case devoid of hacking in the traditional sense

Wisconsin Man Charged with Engaging in Cyber-Attack Against Koch Industries (WUWM Milwaukee Public Radio) A 37-year-old man from Black Creek, Wisconsin faces two federal counts of joining a cyber-attack against Koch Industries. Erick J. Rosol is accused of damaging a computer and conspiracy to damage a computer. Investigators allege Rosol sent a code that

Naval Reactors Program lacks 'fully effective' cybersecurity program (FierceGovernmentIT) Auditors say the Naval Reactors Program within the National Nuclear Security Administration continues to lack a "fully effective cybersecurity program." In an April 12 report, the Energy Department office of inspector finds much to laud--noting that recent vulnerability scans turned up just 335 high- and medium-risk vulnerabilities, as opposed to a July 2011 scan that turned up about 9,000 such vulnerabilities

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)

VizSec 2013 (Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

TrustED 2013 (Berlin, Germany, November 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. In this context we particularly are interested in the participation of industry representatives.

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences.

cybergamut Technical Tuesday: Secure VoIP & Messaging for Mobile Platforms (Laurel, Maryland, USA, April 23, 2013) Phil Zimmermann of Silent Circle will show you how to communicate securely without relying on PKI. cybergamut Technical Tuesday is for cyber professionals to exchange ideas and discuss technical issues of mutual interest.

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, April 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.

TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.

Symposium on Cybersecurity & Information Assurance (Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset.

Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.

INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.