The CyberWire Daily Briefing for 4.25.2013

Cyber Attacks, Threats, and Vulnerabilities

Islamic group expands targets in bank DDoS attacks (CSO) The hacktivist group, which has been hammering U.S. banks since late last year, has now expanded attacks to other financial services companies. An Islamic group that launched a third wave of high-powered dedicated denial-of-service (DDoS) attacks against U.S. banks in March has started targeting other financial organizations, including credit card companies and financial brokerages, security experts say. The hacktivist group that calls itself Cyber Fighters of Izz ad-Din al-Qassam has been hammering U.S. banks since last September. The distributed-denial-of-service (DDoS) attacks have caused major disruptions in online banking, but have not resulted in system breaches or the theft of data

Cyber attack deprives millions of Dutch of online ID (Daily Nation) More than 10 million Dutch citizens were unable to use their official online signature to pay bills and taxes because of a cyber attack, officials said Wednesday. The national DigiD system "is no longer accessible since Tuesday evening because of a

The state's DigiD electronic signature system under cyber attack (DutchNews.nl) The DigiD system, a sort of digital signature for dealing with government departments, is still being targeted in a cyber attack, Nos television said on Thursday morning. The DDoS attack began on Wednesday evening and has put the service largely out of

Mac malware found in malformed Word documents - is China to blame? (Naked Security) Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents. Who could possibly be interested in targeting their computers

Potent DDoS attacks on Mt. Gox delay rollout of new virtual currency (Ars Technica) Support of Litecoin is postponed as Bitcoin exchange struggles to stay online

Indian Hackers Hit Bangladesh (eSecurity Planet) The hackers say the attacks were launched in retaliation for the Bangladeshi 3xpr1r3 Cyb3r Army's attacks on Indian Web site

Viber flaw bypasses lock screen to give full access to Androids (Naked Security) Security researchers have identified a security hole in Viber that can be exploited to bypass Android smartphones' lock screen and gain full access to the device

New incoming fax message is actually malware - be on your guard! (Naked Security) Computer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax

New Twitter virus can send malicious URL via tweets (E&T) A new Twitter virus that hijacks users' tweets has been discovered by cyber-crime prevention firm Trusteer. In research revealed at Infosecurity Europe in London yesterday, the firm reported that they had found a repurposed version of the financial malware TorRAT, normally used to target online banking transactions, spreading through Twitter

"Fundamentally broken" mobile security makes BYOD too risky, expert warns (CSO) The "fundamentally broken" security model of Google's Android operating system makes bring your own device (BYOD) strategies too risky for companies to implement safely, a senior security researcher with Romanian security vendor Bitdefender has

Vulnerable terminal servers could let bad guys hack stoplights, gas pumps (CSO) Industrial control systems, traffic signal controllers, fuel pumps are easily hacked via poorly configured serial port systems, Rapid7 says

Mandiant: No Drop in Chinese Hacking Despite Talk (Wall Street Journal) More than two months after computer-security firm Mandiant Corp. accused the Chinese military of using cyberattacks to target U.S. companies, a company official said there has been no change in the large number of Chinese attacks on U.S. companies

The Redkit malware exploit gang has a message for security blogger Brian Krebs (Naked Security) Award-winning security blogger Brian Krebs is loved by everyone on the internet…apart from the criminals. Find out what they're saying about him in their latest version of the Redkit exploit kit

Interesting Credit Card transactions, are you seeing similar? (Internet Storm Center) In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity. When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently we've started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction goes through the card number and CVC (if needed) or other details are correct. Recently however I've been seeing more interesting transactions. The transactions start with a high value and step down until the transaction is accepted

Security Patches, Mitigations, and Software Updates

Updates Fix PHP-Injection Flaw in Popular WordPress Plugins (Threatpost) A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super Cache and W3 Total Cache contained a vulnerability that allowed for PHP code injection through a simple attack vector, but both plugins have

Does Java 8 Delay Mean Oracle Finally Serious about Security? (Threatpost) It's not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it's a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but reinforce that notion

Cyber Trends

Security Vendors In The Aftermath Of Targeted Attacks (Dark Reading) RSA, Microsoft, and Bit9 executives share insights on how the high-profile targeted breaches they suffered have shaped things. It has been months now since any word of a security company getting hacked has surfaced, but security vendors are still getting targeted on a daily basis by attackers ultimately after their customers -- or their intellectual property

Governments' Attempts To Censor Google Have Doubled Since 2011 (TechCrunch) Governments, even democracies, are not always fans of transparency. According to Google's brand new transparency report, "government attempts to censor content on Google services has grown", doubling since the second half of 2012 (1,054 requests vs. 2,285). Brazil took the gold medal of the censorship olympics, with 697 requests, while the United States took 2nd place, with 321

FireEye: 184 Countries Now Host Malware Command and Control Servers (eSecurity Planet) Sixty-six percent of command and control servers for APT attacks are hosted in the US, according to the company

Remote users expose companies to cybercrime (Help Net Security) Results of new remote access security research show half of companies with a remote workforce had their websites compromised in 2012, over a third had passwords hacked, and twice as many companies with remote users were victims of SQL injection attacks. Conducted by Webroot, the study indicates that data theft is the primary goal in new types of mobile attacks

Zero-Day Vulnerabilities on the Rise, Trend Micro Report Warns (HSToday) "Of course, Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is its vulnerabilities and its ubiquity," Ferguson said in a statement. "This definitely won't be the last zero-day vulnerability in Java and

Cyber attacks on trust expose UK organizations to £247 million in losses reveals Ponemon and Venafi research (SYS-CON) Venafi, the inventor of and market leader in enterprise key and certificate management (EKCM) and the Ponemon Institute today reveal that every large UK business is open to £247million in possible threat exposure due to a lack of control over cryptographic keys and certificates, the foundation of trust in the modern world of secure communications, smartphones, cloud computing and almost every digital and electronic asset

Global politics: Fears of cyber war and espionage raise tensions (Financial Times) For most of the past decade, western security chiefs have been mainly concerned about the threat from jihadist terrorism and affiliates of al-Qaeda. But top security officials are also having to pay greater attention to the threat of cyber warfare and cyber espionage from foreign state actors and their proxies. It is the prospect of an epic cyber war that generates most alarm. Leon Panetta, the former US defence secretary, said last year that a "cyber Pearl Harbor" might one day take place

IT execs cite enterprise mobility as 'game changer' (FierceMobileIT) Enterprise mobility was identified as a "game changer" for the 1,100 IT executives surveyed by enterprise communications provider CommScope last month. Close to half of respondents said that the widespread use of mobile technology in the enterprise is a game-changer for IT

Where's the BYOD payoff? (IT World) Companies may be bleeding corporate dollars in the name of BYOD productivity gains that don't really exist, says Nucleus Research

Analytics a driving force behind software growth, IDC says (FierceBigData) It is unclear if the cloud will be the preferred delivery model for big data, but individually, cloud and big data, along with analytics in general, have become major drivers in the growth of the enterprise software market, according to research firm IDC

Marketplace

Pentagon Puts CIO In Charge of Cybersecurity Programs (ExecutiveGov) The latter position has been dissolved and the CIO will now be responsible for overseeing the department's programs for cybersecurity, information security and information assurance, FCW reported Tuesday. Deputy Defense Secretary Ashton Carter ordered

Pentagon Reviews Contractor Profit Guidance For Buying Arms (Bloomberg) The Pentagon is reviewing guidelines used to negotiate profits for contractors under an initiative to improve weapons-buying practices

NIST to establish cybersecurity FFRDC (FierceGovernmentIT) The National Institute of Standards and Technology says it will establish the first information system security federally funded research and development center. In an April 22 Federal Register notice, NIST says the FFRDC will support its National Cybersecurity Center of Excellence, a public-private cybersecurity effort to find remediation for cybersecurity problems

Business group appeals to China to improve Internet security, allow bigger foreign role (Washington Post) An American business group appealed to China on Wednesday to improve online security and ease restrictions on Web use by companies, warning that deteriorating access speeds might discourage foreign investment. The American Chamber of Commerce suggested the Chinese government could speed up Internet access by permitting some companies to circumvent its extensive system of Web filters

Chicago CIO Pursues Predictive Analytics Strategy (InformationWeek) The city's IT team is using open source to build an analytics platform aimed at predicting and preventing big city problems

The New Digital State? (Slate) From counterradicalization to tracking the arms trade, Google is moving onto national governments' turf. Once upon a time, Google concerned itself with seemingly benign, profit-driven things: the optimal position of online ads for erectile dysfunction drugs, mapping the location of every sports bar in America, churning out free services to further cement a quasi-monopoly in global search. But these are no longer the comfortable, well-established guardrails around Google

Calibre Team Wins $217M Defense Enterprise IT BPA (GovConWire) Calibre Systems and a team of subcontractors have won a potential five-year $217.5 million blanket purchase agreement to help the Defense Department carry out enterprise information technology projects. The multiple award BPABlanket Purchase Agreement with the department's office of the chief information officer comprises of a base year and one-year options, Calibre said Tuesday

CTC Makes Military Times 'Best for Vets' Employer List (GovConWire) Concurrent Technologies Corp. was been selected by Military Times Edge magazine as the fourth- best company for veterans to work in the U.S., being chosen out of 53 companies on the list and out of 1,000 nominees

Red Hat Achieves 7 NIST Info Security Certifications (New New Internet) Red Hat has achieved seven certifications through a program run by the National Institute of Standards and Technology to certify security systems used by federal agencies in the U.S. and Canada

Huawei Changes Its U.S. Market Story (InformationWeek) Huawei clarifies executive's comments on its intentions for current and potential U.S. customers

Sameer Ramchandani, Tom Banks to Head Smartronix Cloud Programs (GovConWire) Sameer Ramchandani, a former director at Optimus, and Tom Banks, a former business development director at IntelliDyne, have joined Smartronix as strategic program directors in that company's cloud computing business. Ramchandani will be responsible for business development and forming strategies to grow Smartronix's cloud computing business in the federal market and focus on Microsoft technologies

CA's Future: DevOps, Mobile, Analytics Key, CEO Says (InformationWeek) Mike Gregoire says company already analyzes massive amounts of network, system, security and application management data

Apple CEO Promises Fresh Product Crop (InformationWeek) Reporting strong earnings, Apple says it plans to boost its stock with a $55 billion increase in its capital return plan

Conflicting reports on demand for data scientists (FierceBigData) Young job seekers and tech-happy math majors looking on the Internet for trends giving them direction on new job trends might get confused about whether or not they should pursue a career as a data scientist

CSA Establishes New SMB Membership Level And Working Group (Dark Reading) The Cloud Security Alliance (CSA) today announced a new membership level and working group designed to benefit the rapidly growing needs of cloud computing among small and medium businesses

McClaren F1 team outsource cyber security (Ihotdesk) Like many other organisations, Vodafone McLaren Mercedes strives to protect its information assets and our use of [BAE] Detica's cyber technology has significantly reduced that risk." Many businesses are becoming increasingly aware of security threats

Products, Services, and Solutions

Twitter Preps Two Factor Authentication After AP Hoax (Dark Reading) Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions

Vulns, exploits, hacks: Trusteer touts tech to terminate troubles (Register) Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering. Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given an extra line of defence using Trusteer Apex. Adobe Acrobat, Flash, Java and Microsoft Office can also be backstopped using the software. Apex is designed to defend against both malicious web pages and dodgy attachments in spear-phishing emails

CSC Unveils Self-Service Cloud Portal (New New Internet) Computer Sciences Corp. is seeking to help chief information officers enable their information technology and non-IT staff to manage enterprise-wide cloud services through a new self-service portal

Infosec 2013: Bitdefender previews Android privacy app Clueful (ITProPortal) This was identified as the most pertinent problem in mobile security when we discussed the subject with industry experts recently, and it appears Romanian firm Bitdefender - who ITProPortal met at this week's Infosec in London - is thinking along the

Samsung Galaxy S4 Oozes Innovation (InformationWeek) Samsung Galaxy S4 may be today's best smartphone, with solid hardware and software tricks such as eye tracking and a gesture UI

Technologies, Techniques, and Standards

How To Stop Making Excuses For Poor Application Security Testing (Dark Reading) Just as the old carpenter axiom warns to measure twice and cut once, the effort of putting in effective security testing practices earlier in the application development process saves many more headaches later in the application lifecycle. "We want to have applications that don't get surprise 'no's' in pre-production approval, and that don't get out there in production with more vulnerabilities," says Diana Kelley, application security strategist for IBM, who says that in her opinion it takes a "fundamental shift" in practices and in mentality for enterprises to get there

Exploding the urban myths about how to stay safe online (BBC) Are we wising up to the dangers lurking online? Or are phishing, spam and hacking just words that we still do not understand and we hope will not happen to us. Ofcom recently revealed that one in four British people still use the same password for all their activities online, suggesting we still have some way to go to fully understand computer security

An Argument in Favor of Licensing Information Security Professionals (Infosecurity Magazine) With continued focus on information security and cybersecurity in particular, we are very likely to see increased pressure to procure information assurance and security services only from licensed individuals. It is important to note that professional

How to Get and Stay Cyber-Secure (Benzinga) The National Cyber Security Alliance runs a website called "StaySafeOnline" and has some suggestions about achieving and maintaining cyber security

(ISC)2 and the CSA join forces to develop new cloud security credentials (Infosecurity Magazine) "(ISC) and CSA have each recognized that the global economy's reliance on cloud services has advanced extremely quickly", explains Jim Reavis, co-founder and executive director of the Cloud Security Alliance. "Businesses are moving vast amounts of data

Research and Development

How Ray Kurzweil Will Help Google Make the Ultimate AI Brain (Wired Business) On Tuesday, Kurzweil moderated a live Google hangout tied to a release of the upcoming Will Smith film, "After Earth," presumably tying the film's futuristic concept to actual futurists

Fighting terror with Total Information Awareness 2.0 (FierceBigData) In the battle between terrorism and big data--and yes, there is one--Foreign Policy magazine calls Admiral John Poindexter, former national security adviser to President Ronald Reagan, the wizard of big data. Though his concept of "total information awareness" was too Orwellian for the 1980s and was publicly dismissed, according to FP, his ideas about collecting and networking big data flows survive under secret programs. The recent attack in Boston illustrates why people are thinking the concept may be necessary to overcome new terrorist strategies

Academia

Our View: Intelligence grads help to keep us safe (Erie Times) The Boston Marathon bombings made us stop, watch, wonder and worry. Was the attack part of a larger plot? Would we feel as scared and vulnerable as we had after 9/11? Had any Erie people -- long-distance runners and volunteers from the exercise club at Edinboro University of Pennsylvania -- been injured

Legislation, Policy, and Regulation

Law Requiring Warrants for E-Mail Wins Senate Committee Approval (Wired Threat Level) A Senate committee today backed sweeping privacy protections requiring the government, for the first time, to get a probable-cause warrant to obtain e-mail and other content stored in the cloud.The Senate Judiciary Committee approved the package on a voice vote

5 ways to fight back against Chinese cyber attacks (The Week Magazine) Importantly, it wants to determine how to fight -- it does not want Congress to tell them how and when cyber information must be shared between private companies, the FBI, the CIA or the National Security Agency. Still, the White House has not

Top US general asks for cyber-attack help (Vancouver Sun) The top U.S. military officer said Wednesday that he has called on China to be more transparent about cyber-attacks and boost collaboration with the U.S. to tackle a common threat to their economies. Gen. Martin Dempsey said tackling cyber intrusions

InfoSec 2013: MoD Warns Cyber Attack Could Bring Down Government (TechWeekEurope UK) If the Ministry of Defence (MoD) suffered a serious cyber attack, it could result in the fall of the government, according to Adrian Price, head of information security at the MoD. The threat is genuine, not hype, Price told TechWeekEurope, during a

The putrid stench of CISPA (CSO) As the nation's attention was on the Boaston Marathon bombings last week, The U.S. House of Representatives quietly passed a cybersecurity bill that is nothing more than a license for the government and private entities to spy on citizens and customers

DHS to start deep packet inspection of federal network traffic (FierceGovernmentIT) The Homeland Security Department will institute near real-time deep packet inspection of traffic coming to or from .gov federal Internet protocol addresses, DHS says in an April 19 privacy impact analysis. The inspection, which the DHS Office of Cybersecurity and Communications is rolling out as the EINSTEIN 3 Accelerated program, will permit network security analysts to look at the content of electronic communications, as opposed to just the IP packet headers the department has examined through network flow data under implementation of EINSTIEN 1

DHS use of deep packet inspection technology in new net security system raises serious privacy questions (NetworkWorld) Department of Homeland Security is preparing to deploy a much more powerful version of its EINSTEIN intrusion-detection system that can capture e-mail content and personally identifiable data

Blume: Revenue working to restore credibility (SCNow) Those are the two things that computer forensic firm Mandiant determined could have prevented the theft. Blume spoke about the agency's progress at Gov. Nikki Haley's Cabinet meeting. Other recommendations by Mandiant are under way

Litigation, Investigation, and Law Enforcement

DoJ Secretly Granted Immunity to Companies that Participated in Monitoring Program (Wired Threat Level) The Justice Department plans to give internet service providers participating in a new cybersecurity monitoring program legal authorization to intercept communications traffic, according to documents obtained by the Electronic Privacy Information Center

FBI denied permission to spy on hacker through his webcam (Ars Technica) Feds provide "little or no explanation of how Target Computer will be found." Sorry FBI, you can't randomly hijack someone's webcam. A federal magistrate judge has denied a request from the FBI to install sophisticated surveillance software to track someone suspected of attempting to conduct a "sizeable wire transfer from [John Doe's] local bank [in Texas] to a foreign bank account"

Man Convicted of Hacking Despite Not Hacking (Wired Threat Level) Culminating a two-week trial in which no hacking in the traditional sense occurred, a California man was convicted Wednesday under the same hacking statute internet sensation Aaron Swartz was accused of before he committed suicide in January. Defendant David Nosal was convicted by a San Francisco federal jury on all six charges ranging from theft of trade secrets to hacking, despite him never breaking into a computer. Nosal remains free pending sentencing later this year, when he faces a potential lengthy prison term

Goodlatte vows to improve intelligence sharing post-Boston (The Hill) "We are also hearing that the Department of Homeland Security had different information than the FBI. They were not apparently sharing that information so the FBI according to what we now understand did not know that he was in Russia for six months and

Doubts raised about LulzSec 'mastermind' (Telegraph.co.uk) Mr Flannery, a 24-year-old IT worker, was arrested in Sydney after he was linked to a recent cyber-attack against an Australian government agency. The Australian Federal Police said the man was described as a leader on LulzSec chat sites and made no

Boston bombings was not about failed intelligence (CSO) Intelligence firm executive Nick Selby balks at the notion that last week's Boston Marathon bombings was the result of an intelligence failure. Amidst the emotion and confusion of the Boston Marathon Bombing investigation, a growing industry of intelligence observers (and a bunch of yahoos) found their cause celebre. The repeated use of the phrase, "intelligence failure" has been used to describe the fact that the FBI interviewed one of the suspects, Tamarlan Tsarnaev, several times

Former Reuters editor Matthew Keys pleads not guilty to giving logins to Anonymous (Naked Security) US federal prosecutors claim that journalist Matthew Keys handed over login credentials for his former employer, Los Angeles Times' parent company, Tribune Company. Keys' defense says it was the work of an imposter

Meet Europe's Favorite Data Thief (Slate) When Hervé Falciani, a former IT worker at HSBC, exposed billions of euros' worth of financial fraud, he became both a thorn in the side of his ex-employer and a hero to tax regulators across the European Union. Swiss authorities are eager to prosecute him for stealing confidential banking information, but at a time when EU governments are desperate to find any new source of revenue they can--even back taxes--they are likely to be less and less sympathetic to Switzerland's zeal. Last week, Falciani's extradition trial began in Spain, where officials don't seem willing to hand him over

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, Oct 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.

cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, Apr 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.

TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, Apr 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.

Symposium on Cybersecurity & Information Assurance (Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset.

Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.

INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.

Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.