The CyberWire Daily Briefing for 4.29.2013
Last week's warnings to expect more Twitter hijacking were borne out over the weekend as the Syrian Electronic Army took over accounts belonging to the Guardian.
US bank PNC, long-targeted by Islamist hacktivists, discloses it may have undergone another distributed denial-of-service (DDoS) attack Friday—the nature of the incident and its attribution remain unclear. The US government considers putting Iran on notice that it won't tolerate further cyber attacks, but wishes to do so in a way that won't exacerbate ongoing cyber conflict.
LivingSocial suffers a compromise affecting some 50 million customers. (CSO says they "learn[ed] about the weakness of hashed passwords the hard way.") A security researcher warns of the dangers of Skype account hijacking. Facebook assumes (unwillingly) a larger role as an advertising platform for the crimeware industry.
FCW continues to report that Huawei is forsaking the American market. Lenovo's acquisition of IBM's server unit is proceeding quickly toward conclusion. Quartz sees Amazon doing to enterprise cloud providers what it did to brick-and-mortar bookstores.
In the wake of recent social media hacks, security experts offer useful advice on how to make yourself a harder target. Other experts take up response to a DDoS attack—the first step should be calling your host or ISP.
Privacy concerns impede cyber legislation in both the US and UK.
Spanish police arrest one "S.K.," a Dutch citizen suspected of launching the anti-Spamhaus DDoS attacks. With a "mobile cyber van" and "bunker," he was apparently doing a good impersonation of a Bond villain.
Notes.
Today's issue includes events affecting China, European Union, Germany, India, Iran, Netherlands, Russia, South Africa, Spain, Syria, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Guardian Twitter accounts hacked by the Syrian Electronic Army (Naked Security) The Syrian Electronic Army is up to its dirty tricks again - this time hijacking Twitter accounts belonging to The Guardian
PNC Bank Reports Possible Cyber Attack Friday (The Inquisitr) PNC Bank experienced a possible denial of service attack on Friday when many customers discovered that they couldn't access their accounts online. PNC addressed the issue on its Facebook page with a series of updates to keep customers informed
US wary of warning Iran on cyber-attacks (Japan Times) In one of the most damaging such incidents, a cyber-attack last summer wiped data from computers at Saudi Arabia's state-owned oil company Saudi Aramco, rendering them inoperable. Daniel said he believes companies need to do more to defend their
50,000,000 usernames and passwords lost as LivingSocial "special offers" site hacked (Naked Security) LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach. Another day, another shed-load of password hashes in the hands of crooks
LivingSocial cyber-attack could affect 50 million customers (Christian Science Monitor) LivingSocial cyber-attack could affect 50 million customers. LivingSocial says its website was hacked, possibly compromising names, e-mail addresses, even passwords. But LivingSocial says credit-card information not affected by the cyber-attack
LivingSocial breach: Advice from security experts (CSO) After 50 million users learn about the weakness of hashed passwords the hard way, LivingSocial reconsiders and revamps its practices
Alert: Skype account hijack technique may affect all users (ZDNet) After six malicious takeovers of his Skype account, a frustrated security researcher has posted his attempts to get Skype's help. Here's how to protect yourself. According to security researcher @TibitXimer (A.K.A. Dylan) his Skype account was stolen six times, and now claims all Skype user accounts are vulnerable to the same fate due to Skype's flimsy account recovery practices - which are especially thin, as he discovered the hard way, when contacting customer service
Facebook used as billboard for malware (CSO) Most malware developers and botnet owners will sell their wares on undergroud channels. One expert called this 'a bold, bold act'
Locked and loaded, online gamers draw phishing attackers (CSO) Cyber thieves attracted to the richness of in-game commerce, report finds
Analysis of an Evasive Backdoor (lastline) A number of other posts have covered the Nuclear Pack Exploit Kit. While this EK (exploit kit) may not be as popular as kits such as g01pack or BlackHole, and may not contain nearly as many exploits as CoolEK or Phoenix, it still sees use
Trusteer Spots TorRAT Info-stealer in Fresh Version (SPAMfighter News) Trusteer the security company has just uncovered TorRAT in an unusual version, the malware that cyber thieves formerly frequently employed for filching the
Misconfigured serial port servers a widespread problem (FierceCIO: TechWatch) Over 13,000 Internet-enabled serial port servers are misconfigured and could be accessed without any need for authentication. This was discovered in a recent study by security firm Rapid7, which identified more than 114,000 unique serial port server appliances from equipment makers such as Digi International and Lantronix on the Internet. The vast majority of these systems are connected via mobile connections such as GPRS, EDGE and 3G, according to HD Moore, chief research officer at Rapid7 and the author of the study, making them hard to protect since they are located outside the corporate firewall
Kaspersky Warns UK Government Of 'Catastrophic' Cyber Attack (TechWeekEurope UK) Government officials have been warned of the "catastrophic" consequences of a cyber attack on the UK population, by Eugene Kaspersky, chief of the Russian security firm that carries his surname. Kaspersky, who recently told TechWeekEurope he backed
Ruppersberger: Hacker group Anonymous made threats over CISPA (The Hill) Last year, Anonymous took credit for crashing the websites of two major trade associations, USTelecom and TechAmerica, which supported the cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA). The group has published a torrent
Apple iMessage "censors" mention of Obama: international conspiracy…or software bug? (Naked Security) Try sending the message "I could be the next Obama" via the iMessage service from your iPhone or your iPad! Paul Ducklin takes a look at a humorous bug that teaches us some serious lessons
Cyber Trends
Data breaches increase IT budgets (Help Net Security) Protecting brand reputation and observing security best practices should be organisation's primary motivators for data protection, while meeting compliance requirements also remains a major driver
35% of businesses experienced a DDoS attack in 2012 (Help Net Security) When DDoS attacks hit, organizations are thrown into crisis mode. From the IT department to call centers, to the boardroom and beyond, it's all hands on deck until the danger passes
Phishing attacks skyrocketing (Help Net Security) A new phishing survey by the Anti-Phishing Working Group (APWG) reveals that phishers are breaking into hosting providers with unprecedented success, using these facilities to launch mass phishing attacks
Over 2400 threats blocked per second in first quarter of 2013 (MIS Asia) Trend Micro expects a continued cyber criminal interest in the mobile space, going forward. Although the US showed the maximum number of computers accessing
Marketplace
Michael Donley To Step Down As AF Secretary (GovConWire) Michael Donley, Air Force secretary for nearly five years, plans to step down from his position as the branch's top civilian official on June 21
Indian cybersecurity startup counts on being street smart, hands on (ZDNet) As glamorous as it may sound, the seed to the idea was based on Saket's interest in "reverse engineering" and the excitement it drove for him as a student
IBM-Lenovo Server Talks Move Quickly, Sources Say (InformationWeek) IBM's negotiations to sell Lenovo part of its x86 server business are heating up and a deal could be consummated soon
Chinese company drops US market (FCW.com) Two recent high-profile reports on cybersecurity, one from Mandiant and one from Verizon, have tagged China as the leading source of cyber breaches. The Mandiant report linked a specialized unit of the People's Liberation Army to cyber attacks
Huawei CEO Ren Zhengfei Insists His Company Is "Completely Transparent" In An Internal Email (TechCrunch) An internal email written by Huawei founder Ren Zheng-fei and obtained by Sina Tech (link via Google Translate) sheds light on the secretive Chinese firm's future. In it, Ren downplays his company's reputation for opacity, which has fueled charges that Huawei, the world's second largest maker of telecom equipment, is involved in espionage for the Chinese government. Ren, who is 68 and rumored to
Amazon is going to do to enterprise cloud companies exactly what it did to book stores (Quartz) "I find it really hard to believe that we cannot collectively beat a company that sells books," said Carl Eschenbach, the chief operating officer of VMWare, at the company's recent annual confab with its partners and resellers. VMWare competes with Amazon to provide businesses with computing and IT services in the cloud and—I'm sorry to say to Eschenbach—he might soon have to suspend his disbelief
Cyber criminals beware of the 'certified ethical hackers' (The News International) The council's CEH certification is recognized by US governmental agencies like National Security Agency (NSA), Federal Bureau of Investigation (FBI) and the Committee on National Security Systems (CNSS). The CEH training will be conducted using the
Products, Services, and Solutions
Google Now Launches On iOS (TechCrunch) Google just released Google Now for iOS through an update to the Google Search app for iOS. Google maintains that the service is exactly the same as Google Now on Android, though certain flourishes like swiping upward to launch the application sadly cannot carry over to Apple's closed iOS ecosystem
Facebook deserted by millions of users in biggest markets (Guardian) Facebook's dominance in the social media world has come under threat from newer services such as Instagram and Path
Free Community Tool: CrowdInspect (Crowdstrike) CrowdInspect is a free community tool for Microsoft Windows systems from CrowdStrike aimed to help alert you to the presence of potential malware that communicates over the network that may exist on your computer. It is a host-based process inspection tool utilizing multiple sources of information, including VirusTotal, Web of Trust (WOT), and Team Cymru's Malware Hash Registry to detect untrusted or malicious network-active processes. CrowdInspect can be used during Incident Response process to rapidly identify potential malicious running processes on a machine
Google tightens up Play Store policy, officially bans "off-market" updates (Naked Security) Google has made a number of changes to its Android Play Store ecosystem recently. There's now a rudimentary anti-virus provided with the OS, a ban on ad blockers, and, most recently, an official policy on sneaky "off-market" updates
Sophos conducts live hacking demo using cryptography [Video] (Inquirer) Security firm Sophos has shown how hackers can exploit user data from victims' machines using cryptography. Demonstrating the walkthrough live at the Infosecurity Europe 2013 conference in London this week, Sophos' director of technology strategy
GFI Software adds patch management to GFI Cloud (Help Net Security) GFI Software announced the addition of patch management capabilities to its cloud-based platform for the delivery of services via a web-based user interface
Software for complex Android device security needs (Help Net Security) Wind River has introduced three Solution Accelerators for Android Security that allow developers to quickly begin working on security requirements for Android-based devices
Report: Samsung to delay release of KNOX security platform until summer (FierceMobileIT) Samsung is delaying the release of its KNOX enterprise security platform until the summer, according to a report by the New York Times citing sources familiar with the company's plans
Technologies, Techniques, and Standards
Tech Insight: Time To Set Up That Honeypot (Dark Reading) A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats. Many companies are simply doing security wrong. While they might have perimeter security nailed down, they are probably failing at securing their workstations from insider abuse or have no true visibility as to what's going on within their internal networks
What is "up to date anti-virus software"? (Internet Storm Center) On the heels of my post on Microsoft's SIRv4 earlier this week, reader Ray posed a great question that elicited some nuanced responses from fellow handlers Mark H and Swa F. All parties have agreed to allow me to share the conversation with the ISC readership
HTG Explains: The Security Risks of Unlocking Your Android Phone's Bootloader (How-To Geek) Android geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders – unlocking your bootloader creates security risks. We're not advising against rooting and using custom ROMs if that's really what you want to do, but you should be aware of the risks. For the same reason Android doesn't come rooted, it doesn't come unlocked – with more power comes more risks
Online security: your two-factor authorization checklist (CSO) As Twitter gets ready to roll out two-factor authentication, here's a rundown of how other major online services use the security feature
Take steps to secure what little online privacy you still have (CSO) Living in a connected, online world is encroaching on our privacy, but if you use security tools you can maintain some sense of control
Hosted virtual desktops can increase security (Help Net Security) One of the most commonly cited motivations for implementing hosted virtual desktops (HVDs) is to increase the security of end-user computing, according to Gartner
Who to call when hit by a DDoS attack (Help Net Security) Recent reports all point to the same fact: despite the different motives of the attackers, DDoS attack have become more frequent and more intense. So what are businesses and organizations to do
AP Twitter hack casts spotlight on improving online security (FierceCIO: TechWatch) Hackers broke into the Twitter account of the Associated Press news service this week, posting a fake message that triggered a stock-market reaction that saw $200 billion briefly erased from United States markets
Twitter Trouble: 9 Social Media Security Tips (InformationWeek) Two-factor authentication is coming to Twitter, but that's not your only social media security worry. Here's how to lock down individual and corporate accounts
Design and Innovation
Chris Dixon Plans On Investing In More Bitcoin Startups, Says More Entrepreneurs Are Getting Involved (TechCrunch) Chris Dixon joined our co-editor Eric Eldon this morning at Disrupt NY 2013 to discuss his move out to San Francisco for a job at Andreessen Horowitz. One of the areas that interests him the most is the much-hyped Bitcoin space. The reason why Dixon is so interested is because it solves many problems for those who have tried to start a financial company in the past
Google Joins FIDO Alliance Effort to Move Beyond Passwords (Threatpost) Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the
Research and Development
Edgar Allan Poe and cryptography: Are there hidden messages in ''Eureka'? (Baltimore Post-Examiner) Edgar Allan Poe had a fascination for cryptography. And he was certainly not the only one, because in his time cryptography played an important role in society. There was no internet or telephone, and plain letters could be dangerous and incriminating
Academia
U.S. cranking out cyberspace warriors (Windsor Star) About 25 air force cadets will graduate this year with the computer science-cyber-warfare degree, and many will go on to advanced studies and work in their service's cyber headquarters or for U.S. Cyber Command at Fort Meade, Md., the Defence
Education Data: Privacy Backlash Begins (InformationWeek) Privacy and education experts worry about the movement to capture and analyze student data, even as edu tech companies decry ulterior motives
Legislation, Policy, and Regulation
Symantec executive endorses civilian control of cyber threat information sharing (FierceGovernmentIT) Civilian agencies should take the lead for information sharing efforts with the private sector, a cybersecurity executive told a House panel on the same day that Sen. Jay Rockefeller (D-W.Va.) said the House-approved Cyber Information Sharing and Protection Act won't advance beyond the committee stage in that chamber
UK government dumps controversial web snooping bill (CSO) Nick Clegg says it's not going to happen
German security chiefs in US for talks and memorial (Deutsche Welle) He is due to hold talks with Department of Homeland Security Secretary Janet Napolitano and discuss ways to tackle electronic cyber crime during a visit to the US National Security Agency (NSA) in Washington. The NSA serves the US military and
DHS use of deep packet inspection technology in new net security system raises serious privacy questions (Telepresence Options) Department of Homeland Security is preparing to deploy a much more powerful version of its EINSTEIN intrusion-detection system that can capture e-mail content and personally identifiable data
White House backs off mandatory cybersecurity standards for companies (Washington Post) The administration still wants cyber legislation, the official said, but that means creating incentives to meet voluntary standards, revised procedures for government cybersecurity and the removal of barriers to the sharing of cyberthreat data between
Mathis & Boychuck: How well is US balancing security, liberty? (ReporterNews.com) Warrantless wiretapping is now legal. The National Security Agency is probably capturing (if not directly peeking at) every single one of our electronic communications. Civil libertarians, who celebrated the night of Obama's election, have instead kept
Have we got the privacy-safety balance right? (CNN) Fareed speaks with Michael Hayden, former director of the CIA and National Security Agency, about tackling terrorism in the wake of the Boston attack. Suppose you have a few of these people and they get radicalized on the Internet and they learn how to
Full Show: Trading Democracy for 'National Security' (BillMoyers.com) GLENN GREENWALD: We are close to that already. There is a Washington Post series in 2010 called Top Secret America, three-part series by Dana Priest and William Arkin. And one of the facts that reported was that the National Security Agency, every day
CISPA Changes Show Power of Internet Advocacy (Huffington Post) A second major flaw in the bill was that it would have changed decades of federal policy by shifting control over private sector cybersecurity programs to a super-secret military agency, the National Security Agency. Last year, in the face of criticism
U.S. government doesn't need CISPA to monitor communications (Help Net Security) Civil rights and privacy advocates are mobilizing their forces to combat the passing of Cyber Intelligence Sharing and Protection Act (CISPA), but documents obtained by Electronic Privacy Information
CISPA is (practically) dead, says Senate representative (Help Net Security) There's finally some good news for CISPA opponents: according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation, the Senate is unlikely to pass the controversial
Infosec 2013: Big disagreements over European data breach law (SC Magazine UK) Daniele Cattedu, managing director EMEA at the Cloud Security Alliance said the draft legislation published last year was 'very bad', and said that it was trying to force data breach laws and principles which were very difficult to apply
House Homeland Security Chairman to develop cybersecurity bill (The Hill) House Homeland Security Chairman Michael McCaul (R-Texas) on Wednesday said he is crafting his own cybersecurity bill that will clarify the Department of Homeland Security's role in sharing information about cyber threats with companies
California Proposes 'Do Not Track' Honesty Checker (InformationWeek) After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy
Obama administration is right to turn up the pressure on China about hacking (Kansas City Star) In February, the Mandiant Corp., a private security firm, verified that Chinese sources were behind much of this activity. China denies it and says it's not a perpetrator, but a victim. Yet Mandiant traced the hacks to the Shanghai headquarters of a
Litigation, Investigation, and Law Enforcement
How effective are data breach penalties? Are ever-bigger fines enough? (Naked Security) Since 2011, data security company ViaSat UK has spiced up the Infosecurity Europe conference by filing a Freedom of Information request for data breach statistics. In previous years they've fallen out with the regulators over the matter, but things turned out better in 2013
Suspect in 'biggest cyber attack in history' had hack van, bunker (Sydney Morning Herald) A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyber attack in internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said on Sunday
Dutch cyber attack suspect arrested in Spain (New Straits Times) Prosecutors say a Dutch citizen has been arrested in Spain in connection with what experts described as the biggest cyber attack in the history of the Internet, launched against an anti-spam watchdog group last month
BYOD could prompt employee lawsuits, cautions AirWatch chief (FierceMobileIT) BYOD could lead to lawsuits from employees over privacy and overtime pay, warned John Marshall, chief executive officer of mobile device management firm AirWatch. Marshall told Network World that he is concerned that there could soon be a BYOD class action lawsuit related to employees required to work overtime hours without compensation or privacy issues
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.
Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.
SANS Thailand 2013 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, Apr 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.
TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, Apr 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
Symposium on Cybersecurity & Information Assurance (Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset.
Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.
INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)
ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)
Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.
CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.
GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).
FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.
7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.
Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.
CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.