The CyberWire Daily Briefing 05.01.13

Summary

By The CyberWire Staff

The Guardian investigates the Syrian Electronic Army (SEA). The UK newspaper, itself a victim of SEA Twitter account hijacking, reports the SEA is directed by the Assad regime, that it works to disrupt Syrian rebels' online activities, and that it both spreads the regime's "alternative narrative" of the civil war and punishes media outlets that won't. The SEA is said to operate principally from "secret locations" in Dubai, covered by Rami Makhlouf's business operations.

Twitter says the SEA's recent account hacks were accomplished through social engineering, and warns media companies to expect more.

Effects of the LivingSocial breach continue to expand, courtesy of careless password sharing and reuse. Banks in particular regard the breach as a threat to customers' security.

British bank Ramnit undergoes an attack Trusteer describes as sophisticated—HTML injection carefully crafted to mimic legitimate webpages with unusual plausibility.

Gaming software site SourceForge continues to be spoofed by sites that deliver crimeware payloads.

A firmware backdoor is found in D-Link and Vivotek IP cameras. Malicious pdfs are on the rise, and McAfee finds a vulnerability in Adobe Reader. Authorities in Mecklenburg Vorpommern decide it's easier to replace infected computers than clean them of the Conficker worm.

Peripherals are increasingly exploited in denial-of-service attacks. Tools to execute such attacks have become a staple of the crimeware black market. There are some indications that market is adopting Bitcoin as a difficult-to-trace currency.

Australia plans to upgrade cyber defenses. Mozilla tells Gamma International to cease and desist spoofing Firefox with FinSpy.

Notes.

Today's issue includes events affecting Australia, China, Germany, Japan, People's Democratic Republic of Korea, Russia, Switzerland, Syria, Ukraine, United Arab Emirates, United Kingdom, United States.

Selected Reading

Cyber Trends

Password Reuse Rampant, But Users Value Security, Survey Says (Dark Reading) More people adopt some online -- and mobile -- security, but still fail in proper follow-through, according to a new study by Varonis

20 Years On, the Open Web Faces Challenges (Threatpost) For people of a certain age in the technology industry, one of the ways of establishing a connection with someone is by asking some version of the following question: How long have you been online? Depending upon how you define "online", the answer can vary from 15 to 25 or even 30 years

Legislation, Policy and Regulation

Obama To Reportedly Nominate Former Telecom Lobbyist Tom Wheeler As FCC Chair (TechCrunch) The White House will reportedly confirm that former telecommunications lobbyist Tom Wheeler will be nominated to chair the Federal Communications Commission. Current FCC Commissioner Mignon Clyburn will act as interim chairman while outgoing Chair Julius Genachowski enjoys his luxurious new life as a fellow at the Aspen Institute policy think tank. A decade ago, before he was a venture capitalist

Is UK any safer from cyber attack today than in 2010? (BBC News) In 2010 the British government designated the protection of computer networks as one of the country's most important national security priorities. In its Strategic Defence and Security Review (SDSR) it pledged, "the National Cyber Security Programme

UK consumers fear cyber attacks on smart meters, survey reveals (ComputerWeekly.com) UK consumers believe smart meters will capture too much personal information and will be vulnerable to cyber attack, a survey has revealed. Smart meters record consumption of electric energy in intervals of an hour or less and transmit that data to

White House Responds to CISPA Petition, Concerned About Privacy (PC Magazine) The White House today formally replied to an online petition calling for the demise of CISPA, reiterating that while it supports information sharing in order to stop a cyber attack, it does not believe the bill goes far enough on privacy. "Even though

Cyber warfare boost in defence plan (The Australian Financial Review) The white paper sets out a 20-year vision for defence spending, making more provision for cyber warfare. The government is tipped to commit to building

Products, Services, and Solutions

Enfield council moves to protect sensitive emails (CSO) It has deployed the janusSEAL email classification system across the entire organisation, covering 4,000 staff

Save The Mom Puts A Family-Only Social Network On Your iPhone (TechCrunch) Italian company and TechCrunch Startup Alley participant at TechCrunch Disrupt NY 2013 Save The Mom has created an iPhone app that's designed to bring families closer together, with social networking tools designed specifically for private use. It's not only about being social, however, as it includes shared productivity and task management tools to make managing a family easier, too

Bond-style app could help UK spies (Perth Now) The company has already offered its Secure Messenger service for free to MPs and submitted the technology to CESG, the Government's National Technical Authority for Information Assurance, which provides advice on the security of communications and

New Linksys Smart Wi-Fi Routers with AC technology (Help Net Security) The Linksys Smart Wi-Fi Router AC 1200 and AC 1750 are available immediately and the Linksys Smart Wi-Fi Router AC 1600, model EA6400, is planned for availability in late May

Scammy Profile Viewer app is now "offered" by Facebook (Help Net Security) Once users become too familiar with a type of scam and stop falling for it, scammers tend to move on to new ones. But every now and then they go back to using old ones for a while in the hopes that

New Splunk App for Enterprise Security released (Help Net Security) Splunk announced the Splunk App for Enterprise Security 2.4. Splunk Enterprise and the Splunk App for Enterprise Security are a security intelligence platform that helps organizations discover unknown

Early Wave of Cyber Security Outsourcing Proving Successful (MarketWatch) Businesses looking to effectively address today's most pressing technology threats - computer viruses and data theft, lost productivity and corporate espionage - have traditionally had few satisfying opportunities to mitigate their risk. Off-the-shelf software from security vendors like Symantec SYMC -1.18% and Trend Micro TMICF +5.66% provide a certain degree of assurance, and on-staff IT personnel allocate at least a portion of their energies to cyber security, but few companies have the means or expertise to implement a dedicated, professionally staffed security program

New Amazon Blog Tackles Web Services Security Concerns (CRN) Enterprise IT security professionals have been looking for additional resources to protect sensitive data being migrated to the cloud, according to the Cloud Security Alliance, a nonprofit organization that promotes cloud security assurance best practices

Secunia SmallBusiness (PC Magazine) IT administrators in small businesses have a tough job keeping up with all the software updates for every single application installed on every computer in the organization. Software vendors either have their own patching schedule (Oracle CPU, Microsoft Patch Tuesday, Adobe updates, to name just a few) or don't release updates regularly. Administrators have to stay on top of all the update news, and push out updates or encourage users to not wait "for later" to install the security fixes. Enter Secunia SmallBusiness, a Web-based console wrapped around the company's Secunia Personal Software Inspector (PSI) 3.0 for small business networks

Emsisoft Anti-Malware 7.0 (PC Magazine) Emsisoft Anti-Malware 7.0 now includes technology licensed from Bitdefender, but you'd be much, much better off just buying Bitdefender's antivirus, or any of the other PCMag's Editors' Choice products. By Neil J. Rubenking. I try my best to keep up

Teambox Brings Collaboration Behind the Firewall (InformationWeek) Teambox On-Premise allows healthcare, financial and other highly regulated industries to take advantage of cloud collaboration technologies

Google Now Melds With iOS (InformationWeek) Apple's Siri now has some competition on iPhones and iPads

Cloudera Impala Brings SQL Querying To Hadoop (InformationWeek) Cloudera's SQL-on-Hadoop tool hits general release, but will it satisfy demands for faster, easier exploration of big data

IBM Makes Enterprise Mobile Security Move (InformationWeek) IBM partners with mobile security vendor Arxan Technologies to secure apps created with its Worklight platform against malware and other attacks

Technologies, Techniques, and Standards

Open Source Software Libraries Get Renewed Scrutiny (Dark Reading) The Open Web Application Security Project adds common software components to its list of threats to spur developers to look more deeply at software libraries

Q&A: NIST's Ron Ross on the fourth revision of SP 800-53 (FierceGovernmentIT) The National Institute of Standards and Technology released April 30 its fourth version of Special Publication 800-53, the catalog of controls most agencies utilize in their cybersecurity programs. We spoke that day with Ron Ross, NIST Federal Information Security Management Act implementation and leader of the joint task force that put together the new revision

Don't Sign that Applet! (CERT/CC Blog) Hi, it's Will. I've recently been looking into the state of signed Java applet security. This investigation was triggered by the Oracle blog post IMP: Your Java Applets and Web Start Applications Should Be Signed, which as the title implies, suggests that all Java developers sign their applets, regardless of the privileges required. In this blog entry, I explain why this practice is a bad idea

Why you should access online banking on your smartphone rather than your computer (Quartz) 74% of US adults with bank accounts might want to change their behavior. Clay Calvert, the director of cybersecurity for MetroStar Systems, has a strategy for banking online designed to increase its security. MetroStar is a consultancy that has worked with government agencies--from the Federal Reserve Bank of Philadelphia to the FBI--to create systems that protect highly sensitive data from cyber attacks. Calvert banks online, but with one caveat: he only does it on his phone or tablet

How to rate a comparative anti-virus test - a six-step guide (Naked Security) It sometimes seems like anyone with a computer feels qualified to do comparative anti-virus testing. There are a lot of pitfalls to look out for, which often trip up unwary would-be testers and regularly lead to wonky data and odd conclusions. So how do you know which tests are any good

Why we need security awareness training programs (Help Net Security) Lately, some of the smartest people in infosec decided that security awareness trainings are a waste of time. Last out is Bruce Schneier, who decided to speak up against awareness training

Marketplace

New [USAF] Cyber Command HQ Opens (Fox 29) We are already Military City U.S.A., but you could also call us Cyber City U.S.A. The Air Force opened a new cyber headquarters at Port San Antonio

CIA's New Tech Guru Hails From AOL (But Don't Hold That Against Her) (Wired) Intelligence chiefs like National Security Agency director Gen. Keith Alexander are now making public appearances at hacker conferences. One former CIA chief, David Petraeus, mused at a conference about turning the Internet of Things into spy system

Army Secretary: Congressman 'Was Not Correct' (DoD Buzz) The U.S. lawmaker who accused Army officials of not acting on a commanders request for commercial software to gather battlefield intelligence was not correct, the services top civilian said

Army Interested in New Office Close to Fort Meade (ExecutiveGov) Kevin Litten writes the Army wants 125,00o to 165,000 more square feet of space within 10 miles of Fort Meade. Litten writes there are no existing vacant buildings that meet the Army's request but the Corporate Office Properties Trust occupies 137,322

General Dynamics Picked To Patch Network Attack System (NextGov) General Dynamics is rolling out upgrades and logistics support for a classified Air Force network attack system, federal databases indicate. General Dynamics, the defense firm tapped for the contract from August 2012 to February 2013, is expected to continue servicing the system through the year's end, as part of a follow-on to its original contract. The Air Force estimates that it will spend an additional $233,800 on patches, upgrades and fixes for the system, according to a justification and approval document

LBMC Security And Risk Services Claims Top Prize At Cyber Readiness Challenge (The Chattanoogan) LBMC Security & Risk Services, a division of Lattimore Black Morgan & Cain, PC, earned first place in the Symantec Nashville Cyber Readiness Challenge held at the Franklin Marriott Cool Springs in Franklin, Tn. LBMC Security & Risk Services, one of LBMC's fastest growing service lines, provides a wide range of services including penetration testing, web application assessments and compliance services to numerous domestic and international companies and government entities

Peter Sherlock Promoted to MITRE SVP, Director of Bedford Operations (GovConWire) MITRE Corp. has promoted Peter Sherlock, former executive director for integration at its National Security Engineering Center, to senior vice president and director for the company's Bedford operations. Sherlock will oversee MITRE's research in cybersecurity

Skills shortage 'hindering' businesses cyber security efforts (Acumin) LivingSocial confirmed that over 50 million accounts were potentially affected by the cyber attack, with the possibility of names, email addresses, dates of birth and encrypted passwords being compromised. The company did confirm, however, that the

Research and Development

Scientists Learn to Control the Twist of Carbon Nanotubes (IEEE Spectrum) Researchers develop technique for controlling chirality of carbon nanotubes, opening the door to electronics applications

Big IT Firms Apply Talents to Fed Cybersecurity Research (E-Commerce Times) "Cyberthreats cut across networks, borders and sectors, and leaders in government and industry must work together to help protect the nation's critical infrastructure and information," said National Security Agency Director Gen. Keith Alexander at the

Data encryption solution shows promise for mHealth apps (FierceMobileHealthCare) A data encryption solution for mHealth apps, called DE4MHA, has successfully demonstrated that it can safely obtain health information with the data carried securely, according to an article in the Journal of Medical Internet Research

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army: Assad's cyber warriors (The Guardian) Phishing attack is latest by pro-Assad hackers operating out of Dubai, who target sites with views opposed to their own. In recent weeks, the self-styled Syrian Electronic Army (SEA) has launched hacking attacks on the BBC, the Associated Press (AP) and most recently the Guardian. Last week the group succeeded in hijacking AP's main Twitter account, with 1.9 million followers. It falsely claimed that President Obama had been injured in an explosion. AP corrected the message, but not before $130bn had been briefly wiped off the value of stocks

Twitter blames spear-phishing for recent hacks - and warns news companies to expect more (WeLiveSecurity) Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain's Guardian newspaper became the latest high-profile news site to fall victim. Twitter says the attacks are the results of spear-phishing - and has sent out guidelines to help companies resist such attacks

Japan Mistakenly Gives Coast Guard Data to Pro-North Korea Group (eSecurity Planet) A coast guard vessel that may have held stored navigation data was sold to a company run by the General Association of Korean Residents in Japan

LivingSocial breach scope widens on finding of 60% sharing logins (CSO) Finding of heavy password sharing across more sensitive sites like banks worrying because odds of criminals gaining access improve

Why changing your LivingSocial password won't save you (CSO) Changing your LivingSocial password is a good first step, but the attackers already have crucial information you can't change or undo

"Wire transfer canceled"? Watch out for spammed-out malware attack (Naked Security) If you've received an email in your inbox telling you that your wire transfer has been cancelled, take care - as it's the latest attempt by online criminals to infect the general public's Windows computers

Fake PayPal "Reset your password" request leads to malware (Help Net Security) PayPal customers are being targeted with a fake email impersonating the e-payment service, claiming that their account has been put "on hold" and will stay that way until they reset their password

Cyber-criminals Target UK Banks with Sophisticated Malware (IB Times) Customers of a UK bank are being targeted by sophisticated cyber-criminals who go to great lengths to avoid detection. Awareness levels regarding potential threats online are growing among the public, but according to security firm Trusteer, this is only spurring cyber-criminals to be more innovative in creating sophisticated malware which targets online banking services

More Malware Showing Up on Fake SourceForge Web Sites (Threatpost) Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some

Backdoor found in firmware of IP cameras (FierceCIO: TechWatch) Security researchers from Core Security have discovered critical security vulnerabilities in the firmware powering IP cameras made by D-Link and Vivotek. In the case of D-Link, the researchers found multiple flaws that include the ability to inject arbitrary commands into the camera from its administrative web interface

Washington Hospital Hit By $1.03 Million Cyberheist (Krebs on Security) Organized hackers in Ukraine and Russia stole more than $1 million from a public hospital in Washington state earlier this month. The costly cyberheist was carried out with the help of nearly 100 different accomplices in the United States who were hired through work-at-home job scams run by a crime gang that has been fleecing businesses for the past five years

Texas Hospice Acknowledges Security Breach (eSecurity Planet) Information on 818 patients may have been exposed. Hope Hospice of New Braunfels, Texas recently announced that a routine audit on February 25 found that an employee had e-mailed a report of recent referrals and admissions to themselves on December 27, 2012 and February 22, 2013

Google Glass Cracked (Threatpost) On Friday, Jay Freeman announced on Twitter that he exploited a known vulnerability and subsequently achieved root access to his developer-model of Google Glass - Google's highly anticipated, wearable, head-mounted computer

Malicious PDFs On The Rise (TrendLabs Security Intelligence Blog) Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the "MiniDuke" campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is associated with ongoing APT campaigns

McAfee Warns of Adobe Reader Security Flaw (eSecurity Planet) The vulnerability can be exploited to determine where and when a PDF was opened. Researchers at McAfee Labs recently came across some PDF samples that exploited an unpatched vulnerability affecting every version of Adobe Reader, including Adobe Reader XI

German ministry replaced brand new PCs infected with Conficker worm, rather than disinfect them (Naked Security) After computers in Germany became infected with the notorious Conficker worm, 170 of them were disposed of and replaced with new equipment at the taxpayers' expense. Wouldn't it have been easier (and cheaper) to have wiped the drives and restored from a backup

Printers, Routers and Other Internet Devices Being Hijacked to Participate in DrDoS Cyber Attacks (MarketWatch) New Prolexic white paper explains how to secure your devices and infrastructure from SNMP, NTP and CHARGEN attacks

Employee Negligence Makes U.K. 'Sitting Duck' For Cybercrime (Dark Reading) Swivel Secure survey reveals that almost a fifth of employees reuse same username and password across every single online business and personal application

Cheap and Accessible--1-Day DDoS Attacks Gain Traction, Expert Warns (Virtual-Strategy Magazine) Researchers at Nexusguard have found that many tools on the market are developed specifically for zero-day vulnerabilities, but a new type of exploit is also gaining traction--one-day exploits. Speaking at Info Security 2013, Nexusguard researcher

Hackers are trying to create an untraceable and comprehensive financial system using bitcoin (Quartz) What's often missed about alternative currencies like bitcoin is that they weren't just made for buying and selling things. Nor are they simply tools for financial speculation. Bitcoin is also a payment system, allowing anyone to transfer money anonymously, immediately, irreversibly--and, if you like, illicitly

Hacking Pacemakers (IEEE Spectrum) Manufacturers are still not putting security first when designing implantable medical devices. Steven Cherry: Hi, this is Steven Cherry for IEEE Spectrum's "Techwise Conversations." A few million people probably first thought about the security of pacemakers and other implantable medical devices last December when watching the TV show "Homeland." The character of Nick Brody contributes to an electronic attack on the pacemaker of the U.S. vice president. The pacemaker is made to fail once the attackers get some key security information from Brody

Chinese Cyberespionage: Brazen, Prolific, And Persistent (Dark Reading) New research from multiple sources illustrates dominant role of China in cyberespionage

APT1: Exposing One of China's Cyber Espionage Units (PC Fórum) This video shows actual attacker sessions and intrusion activities conducted by one specific Advanced Persistent Threat (APT) group, which Mandiant has named APT1. This group has systematically stolen confidential data from at least 141 organizations

Academia

GradFly Launches An Online Portfolio Platform To Let High School Students Showcase And Explore Technical Projects (TechCrunch) The resume is going the way of the dinosaur. In the not-so-distant future, it's easy to foresee a time when a one-sheet becomes a interactive, multimedia portfolio of your skills and greatest hits. And when we say the "not-so-distant future," really, it's already happening. LinkedIn brought the resume online, and, today, startups have begun to "vertical-ize" the online CV, helping to turn it into

Philadelphia to host DHS cyber lab for community college students (GIMBY) The U.S. Department of Homeland Security has identified cyber threats as one of the most "serious economic and national security challenges we face." And cybersecurity has emerged in recent months as a major issue at both the national and state levels

Litigation, Investigation, and Enforcement

Mozilla moves to stop spyware company from spoofing Firefox (CSO) Gamma International disguised its FinSpy program as the web browser, according to a new report. Mozilla sent a cease-and-desist letter on Tuesday to a European company that created a piece of spyware masquerading itself as the Firefox browser. The move comes after computer security researchers said on Tuesday that they discovered that a well-known spyware program called FinSpy was spoofing Firefox. Mozilla was alerted by the researchers, who are with Citizen Lab, a research project that is part of the University of Toronto's Munk School of Global Affairs

Man Charged with $2.5 Million Fraud Scheme Using Prisoners' Identities (eSecurity Planet) Harvey James allegedly obtained stolen identities from people with access to inmate information from the Alabama Department of Corrections. The U.S. Department of Justice and the IRS recently announced that Harvey James of Montgomery, Ala., has been charged with participating in a scheme in which stolen identities were used to file more than 2,000 false tax returns claiming more than $2.5 million in fraudulent refunds between 2010 and 2012

Use a Software Bug to Win Video Poker? That's a Federal Hacking Case (Wired Threat Level) On Monday, July 6, 2009, two engineers from Nevada's Gaming Control Board showed up at the Silverton Casino Lodge. The off-the-strip South Las Vegas casino is best known for its mermaid aquarium, but the GCB geek squad wasn't there to

U.S. Court Rules For Facebook In Its Case Against Typosquatters On 105 Domains; $2.8M In Damages (TechCrunchc) A victory for Facebook in its case against typosquatters -- those who own domain names that are similar to those of a popular site, which they use to confuse people and potentially capitalize on that. The U.S. District Court for Northern California has ruled in favor of the social network in an action it took against several squatters, recommending the turnover of 105 domains and statutory damages

As cyberthreats mount, hacker's conviction underscores criticism of government overreach (Washington Post) Their guns drawn, a dozen federal agents, police and forensics experts kicked in the door of a run-down two-story home in Arkansas shortly after dawn, barged inside and ordered the occupants to put their hands on their heads. The target of the raid was neither terrorist nor bank robber. He was a 24-year-old computer hacker suspected of handing off stolen e-mail addresses to the media

Design and Innovation

CERN Geneva celebrates 20 years of the World Wide Web (Naked Security) It was twenty years ago today/That the World Wide Web came out to play…On 30 April 1993, CERN Geneva officially put the Web, and the early client and server side software that made it work, into the public domain

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, April 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.

Symposium on Cybersecurity & Information Assurance (Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset.

Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.

INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)

Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).

Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.