The CyberWire Daily Briefing for 5.7.2013
Anonymous and Islamist hacktivists voice support for OpUSA, but so far there's little sign that it's having much effect (claims by Algeria's Charaf Anons to the contrary). The Izz ad-Din al-Qassam Cyber Fighters are suspending attacks this week to avoid confusion of purpose and attribution, but they also call for Anonymous to strike US banks. US banks tell customers their online transactions might be a bit slow today.
The Syrian Electronic Army claims penetration of Israeli intelligence sites. They also hijack the Onion and E! Online's Twitter feeds (the former to post pro-Assad propaganda, the latter, oddly, to spread Justin Bieber rumors).
Indian government websites continue to report attacks—there's no clear attribution yet. A new Android Trojan surfaces in Germany. AutoIt sees increasing use in malware coding. Malware posing as a Flash update appears in Dropbox. The Sans Institute sees signs of an incipient typosquatting epidemic.
More information on the IE zero-day appears—researchers note waterholes' advantages over spearphishing, and observers discern a lesson about large-enterprise software updates. A Metasploit module for the exploit is out.
The US Department of Defense officially accuses China's army with cyber espionage (which China indignantly denies).
Defense News describes the challenges of acquiring cyber companies. A new version of password cracker Cain & Abel is released. Los Alamos National Laboratory demonstrates a prototype quantum-encrypted network.
McAfee's Chief Privacy Officer suggests the key to enterprise privacy is to think like a teenager concealing something from her parents (like "a crush on a football player").
Today's issue includes events affecting Algeria, Australia, Canada, China, European Union, France, Germany, India, Indonesia, Iran, Israel, Netherlands, New Zealand, Syria, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Government Takes Precautions Over Expected 'OpUSA' Cyber Attack (ABC News) The Department of Homeland Security and the FBI are cautioning American government and financial institutions that they could be targets of a wave of cyber attacks Tuesday from Anonymous-linked hacktivists in the Middle East and North Africa
Anonymous, Islamist Hackers Plan Major Assault for Tuesday (Mashable) Anonymous and various Islamist groups claim that they will take down nine U.S. government websites on May 7, including those of the Pentagon, the National Security Agency, the FBI and the White House, along with over 130 bank websites, such as those
Izz ad-Din al-Qassam Cyber Fighters Pause OpAbabil During OpUSA (Softpedia) In April, Izz ad-Din al-Qassam Cyber Fighters revealed their contribution to OpUSA. They said they would continue focusing on their own campaign, Operation Ababil, but they urged the OpUSA hacktivist groups to help them attack US banks. However, according to a statement published a few hours ago, the hackers say they're pausing Operation Ababil. In fact, they will not be launching any attacks this week.As was specified in the previous statements, al-Qassam Cyber Fighters's purpose of DDoS attacks
1062 Websites Hacked by Charaf Anons from Algeria (Hack Read) Famous hacker from Algeria going with the handle of Charaf Anons has hacked and defaced 1062 websites from all over the world for Opersation USA (#Op:USA). Hacker left a deface page along with a simple message on all hacked websites, displaying Islamic prayer on the index page of targeted websites.Hacked by Charaf Anons, There is no god but one God and Prophet Muhammad is the final messenger of God. Jihad is coming. All hacked sites belong to different countries of the world such as China, India
Banks: Cyber attacks could slow service today (Springfield News Sun) The potential cyber attack could render online banking services unavailable, officials said. "We are taking it very serious," said Patrick Harris
Cyber-attack could target Ohio banks, credit unions (Dayton Daily News) Ohio's banks and credit unions are warning of a potential cyber-attack Tuesday that could render online banking services unavailable. U.S. financial institutions, including some in Ohio, have been threatened by an attack by the Internet activist group
Syrian Hackers Strike (Free Beacon) A hacker group known as the Syrian Electronic Army (SEA) claims to have penetrated one of Israels central Internet infrastructure systems in Haifa in response to an Israeli attack over the weekend on Syrian weapons shipments.The Anonymous-affiliated SEA, or SCADA Attackers, announced Monday afternoon that it had penetrated one of the main infrastructural systems (SCADA) in Haifa and managed to gain access to some sensitive data, according an email announcement by the group released on Pastebin
The Onion, E! Online Twitter Feeds Hacked by Syrian Electronic Army (eSecurity Planet) While the hackers posted pro-Syria tweets on The Onion's feed, they simply used E! Online's feed to claim that Justin Bieber is gay
Cheapest way to rob bank seen in cyber-attack- like street hustle (Washington Post) The hackers often struck late on Fridays, starting about a year ago, sending skeleton crews at more than a dozen European banks rushing to keep bombardments of digital gibberish from crashing their websites. Damaging as the
Meet the new paid-archive malware families (Technet) In a previous post, "Fake apps: Behind the effective social strategy of fraudulent paid-archives," we exposed the social engineering technique behind Win32/Pameseg - our detection for a family of "paid-archives."We described the use of "low-ball" techniques and explained how users are led to believe they are making an informed choice. However, the choice ultimately leads to the user being deceived into doing what the attacker wants - downloading and executing an installer.The scheme begins with
Malware you can "live with", but shouldn't (Help Net Security) The main symptom of a computer being infected with the ZeroAccess (or Sirefef) malware is that online searches via Google Search often lead to unhelpful pages filled with ads and equally useless links
Heads-Up - AutoIt Used To Spread Malware and Toolsets (Trend Micro) AutoIt is a very flexible coding language thats been used since 1999 by coders looking for a fast, easy, and flexible scripting language in Windows. From simple scripts that change text files to scripts that perform mass downloads with complex GUIs, AutoIt is an easy-to-learn language that allows for quick development. The trend for malicious actors to use AutoIt to code malware and tools however has been increasing, and the trend appears to be getting strongerAutoIt Hacker Tools
Malicious Flash Player Updates Hosted on Dropbox (Softpedia) Cybercriminals often disguise malware as updates for Flash Player. An interesting example has been analyzed recently by security experts from Zscaler.The attack starts with a number of websites that redirect their visitors to click-videox.com. Once victims land on this site, they're urged in English or Turkish to update their Adobe Flash Player in order to see a video.The interesting thing about this particular attack is that the malicious Flash Player update is actually stored in a Dropbox
300 Indian Websites Hacked & Defaced by [IN]SecInjection (Hack Read) A hacker going with the handle of [IN]SecInjection has hacked and Defaced 300 Indian websites yesterday.It seems the hacker is from Latin America, as the sites are left with a deface page along with a message in Portuguese language
ZertSecurity Android trojan hits German users (lookout) We have been investigating a new piece of Android malware that was being sent out to German Android users as part of a phishing campaign targeting customers of Postbank.ZertSecurity is a banking trojan which masquerades as a certificate security application that asks the user to input their bank account number and PIN.ZertSecurity was found in the Google Play store, although less than 100 copies had been downloaded in the 30 or so days that it was live. It has since been removed by Google
US Convenience Store Chain Mapco Express Hacked, Payment Cards Compromised (Softpedia) Mapco Express, the US-based convenience store chain, is notifying customers about a security breach. The company says hackers have managed to gain access to customer credit/debit card information by planting malware on payment processing systems. The precise number of affected customers hasnt been revealed. However, all individuals that made payments with their debit and credit cards at Mapco locations between March 19-25, April 14-15 and April 20-21 could be impacted.The affected stores are
IE 8 Zero Day Found as DoL Watering Hole Attack Spreads to Nine Other Sites (Threatpost) Microsoft issued an advisory warning that an IE 8 zero-day exploit was used to attack the US Department of Labor website and nine others, including government and non-profit organizations in Europe
Internet Explorer 8 Zero Day Exploit Targeted Nuclear Workers (PC Magazine) Late in April, security researchers discovered an exploit in Internet Explorer 8 that allowed attackers to execute malicious code on a victim's computer. Most troublingly, the exploit has been found in the wild on a U.S. Department of Labor
IE8 0-day used in watering hole attacks (Help Net Security) Last week a U.S. Department of Labor website was discovered to be redirecting users to sites serving a hard-to-detect variant Poison Ivy backdoor Trojan. Researchers are now saying that the exploit
Watering Hole Attacks an Attractive Alternative to Spear Phishing (Cisco Blogs) "Watering Hole" attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a "Watering Hole" attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from the targeted group visits the "trusted" site (A.K.A. the "Watering Hole") and becomes compromised
Cyberattack highlights software update problem in large organizations (CSO) Attackers targeting government employees working with nuclear weapons understood departments are using outdated versions of Windows,IE
Old Java exploit kit taught new tricks (CSO) G01pack mounts a multi-stage attack after invading computers running unpatched versions of Oracle's Java 6
Evernote Says Cyber Breach Which Cost Millions Wasn't From China (Businessweek) Evernote Corp., an online note-taking and document storage service, said a March cyber attack that obtained usernames and encrypted passwords cost "many millions of dollars" and didn't come from China. The attack wasn't state-sponsored and appears to
LivingSocial Reveals Cyber-Attack, Notifies 50 Million, Says No Credit Data Breached (Bloomberg BNA) Online daily deal company LivingSocial Inc. has contacted more than 50 million customers whose information may have been compromised in a recent cyber-attack, a company spokesman told BNA April 29
Security tools can't keep hackers at bay (CSO) Breaches like one that exposed credit card data of Schnucks supermarket customers for four months could become commonplace
U.S. Directly Blames China's Military For Cyberattacks (New York Times) The Obama administration on Monday explicitly accused Chinas military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map military capabilities that could be exploited during a crisis
Espionage fuels China's fast-paced military buildup: Pentagon (Reuters) China is using state-sponsored industrial espionage to acquire the technology it needs to forge ahead with a fast-paced military modernization program and cut its reliance on foreign arms makers, the Pentagon said in a new report on Monday
China denies Pentagon cyber-attack claims (Telegraph) China denies Pentagon cyber-attack claims. China has denied claims from the US that it is using espionage to acquire technologies to fuel its fast-paced military modernisation programme. China has denied claims from the US that it is using espionage to
It's not just about China and America—smaller countries want to wage cyberwar too (Quartz) America's Department of Defense yesterday released its annual report on China's military capabilities (pdf). The report includes "electronic warfare" and "information dominance" as part of a larger campaign it says is an "essential element, if not a fundamental prerequisite" of China's defense planning. The report is good PR for China's cyberwarriors but there is nothing surprising about the country's ambitions. America itself is relatively open about its cyberwarfare activities
Security Patches, Mitigations, and Software Updates
Google Fixes CSRF Vulnerability in Translator and Clickjacking Flaw in Gmail (Softpedia) Security researchers Prakhar Prasad has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them.The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate.[The vulnerability] allowed me to become an Editor on someone's Google Website Translator Service. The page had CSRF Protection, but the CSRF token check was skipped on server side, the expert explained
Metasploit Module Released For IE Zero-Day Flaw Used In Labor Attack (Dark Reading) A targeted attack discovered last week serving up malware from the U.S. Department of Labor's (DOL) website employed a previously unknown vulnerability in Internet Explorer 8 that Microsoft says it will fix either with an emergency patch or via its
The anonymous denizens of the Indonesian 'twitterverse' (The Jakarta Post) Oscar Wilde once said "man is least himself when he talks in his own person. Give him a mask and he will tell you the truth." Given the discreet nature of online social media, many users opt to wear masks to broadcast the truth, or some part of it
No strategy for data protection? (Help Net Security) While financial services organizations are obligated to establish and report stringent service availability objectives for mission-critical systems, they are actually among the worst performing
High Stakes And The Sequester Squeeze (Foreign Policy) It's all about national security, isn't it? Or is it? Rick's back room is alive and well in Washington, D.C. And it is shocking, just shocking, to learn that as the defense drawdown continues, not a single player at the defense table has stopped placing bets, stopped trying to fix the outcome of the game, or tried another role of the dice to end-run the impact of the sequester
Pentagon Awards Drop 52% As U.S. Automatic Cuts Trigger Slowdown (Bloomberg Government) Pentagon contracts tumbled 52 percent in April from a month earlier as across-the-board federal budget cuts took hold
Federal funding drying up for anti-terror centers (WLUK Fox 11) Two centers that link Wisconsin to a national antiterrorism intelligence network are trying to figure out how to keep functioning as federal funding is starting to dry up. The so-called fusion center in Madison has been getting state funds to
Gov. Bob McDonnell Endorses Springfield for New FBI Headquarters (Patch.com) "Locating the FBI headquarters to the Springfield GSA Warehouse property would offer numerous synergies with the United States intelligence community," McDonnell said. "The Central Intelligence Agency, the Department of Homeland Security, the
NSA plans new computing center for cyber threats (Baltimore Sun) Keith B. Alexander, the director of the National Security Agency and head of U.S. Cyber Command, said during a groundbreaking ceremony Monday at Fort Meade. The 600,000-square-foot facility, similar in function to an existing computer center
Interior Dept Picks 10 for $1B Cloud IDIQ (GovConWire) Ten companies have won positions on a potential 10-year $1 billion cloud computing services contract with the Interior Department, Federal Times reported Thursday. Nicole Johnson writes the indefinite-delivery/indefinite-quantity includes three base years and seven option years through 2023. Contractors will compete to provide cloud storage, file transfer, database and Web hosting, development and testing
TASC Names Randy Phillips Senior Vice President of Corporate Development and Chief Strategy Officer (Wall Street Journal) TASC, Inc. has appointed Randy Phillips to the position of senior vice president of corporate development and chief strategy officer. In this new role, Phillips will lead the development of TASC's corporate strategy, identify and execute acquisitions to extend TASC's core offerings, and contribute to priority growth initiatives
Allot Named Market Leader in Infonetics Deep Packet Inspection Report (IT News Online) Allot Communications Ltd. (NASDAQ: ALLT), a leading supplier of service optimization and revenue generation solutions for fixed and mobile broadband service providers worldwide, announced today that it has been named the overall market share leader
Dell acquires Enstratius (Help Net Security) Dell today announced the acquisition of Enstratius, which helps organizations manage applications across private, public and hybrid clouds, including automated application provisioning and scaling
Avast Acquires Secure.me (The Droid Guy) Avast a consumer antivirus maker has just acquires the Facebook-focuesd…cut down the amount of cyber bullying and prevent the children from spending way
BMC to go private in $6.9 bln deal led by Bain, Golden Gate (Reuters) Business software maker BMC Software Inc , whose anemic growth has been a source of frustration for its largest shareholder, said it would be taken private by a group led by Bain Capital and Golden Gate Capital for about $6.9 billion
The Challenge of Buying Cyber Companies (Defense News) Every major US defense contractor is busy building a new cyber center or announcing a revolutionary new cyber tool. And to support those cyber efforts, they are buying companies with new technology and approaches, buttressing their in-house capabilities
Procera Networks Inc. (NASDAQ: PKT) surges after it receives multimillion follow on order (WallStreetPR) Procera Networks Inc. (NASDAQ: PKT) (Closed: $14.08, Up by 27.08) registered positive movement of 27 percent in its share prices following the company's announcement of multimillion dollar follow on order
Gordon Johndroe Named Lockheed Media Relations VP (GovConWire) Gordon Johndroe, a former National Security Council spokesman and deputy White House press secretary during the George W. Bush administration, has joined Lockheed Martin (NYSE: LMT) as vice president of media relations and international communications. The 15-year communications and public relations veteran will serve as the company's chief spokesperson and lead campaigns and strategies for
DynCorp to Realign Business Units, Start New Intl Org (GovConWire) DynCorp International is reorganizing from five business units to three, with one of them a new organization intended to focus on international opportunities, the Washington Post reports. Marjorie Censer writes the company will restructure into three business units: DynAviation, DynLogistics and the new DynGlobal organization. Steve Gaffney, DynCorp chairman, president and CEO told the Post
Products, Services, and Solutions
Adobe Creative Cloud Move Elevates Company, Stymies Users (eWeek) Adobe announced it is moving to an all subscription model, delivering new functionality only through its Creative Cloud from now on - which has some customers concerned
Cray brings top supercomputer tech to businesses for a mere $500,000 (Ars Technica) Technology powering world's top supercomputers now in an entry-level package
General Dynamics Offers Real Time Threat Detection And Cyber Solutions With Fidelis XPS (Defenseworld.net) General Dynamics Fidelis Cybersecurity Solutions has integrated its flagship network security solution, Fidelis XPS, with IBM's security information and
Panda GateDefender Integra eSeries eSB (SC Magazine Australia) Panda Security's GateDefender Integra eSeries eSB is both easy to set up and offers a rich feature set
Cain & Abel 4.9.44 released (Help Net Security) Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary
Center for Internet Security Announces Partnerships for Discounted Cyber Security Training (MarketWatch) Agreements with SANS Institute, (ISC)(2)(R) and Inspired eLearning Offer Cost-Effective Solutions for Government, Not-for-Profits and Educational Institutions
Interop Las Vegas: 10 Cool Products (InformationWeek) From video conferencing knockouts to data protection tools, intriguing new products are on tap at Interop Las Vegas 2013. Take a closer look
Technologies, Techniques, and Standards
How to Stop DNS Application Attacks (Cloudshield) We already discussed strategies to secure a Domain Name Service (DNS) infrastructure from a network point of view, ways to reduce the DNS traffic load, and how to secure the DNS protocol itself…but what about DNS application security
Security Logging in an Enterprise, Part 1 of 2 (Cisco Blogs) Logging is probably both one of the most useful and least used of all security forensic capabilities. In large enterprises many security teams rely on their IT counterparts to do the logging and then turn to the IT logging infra when they need log information. That in itself isn't bad; however, the needs/requirements for IT may not be a 100% fit for a CIRT. Read on to find out how we handled it
Amid a barrage of password breaches, "honeywords" to the rescue (Ars Technica) Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardizedincluding LivingSocial, dating site Zoosk, Evernote
Companies explore self-detonating data as security control (CSO) Putting controls on what people see and putting expiration dates on sensitive documents. The popular Snapchat photo-messaging app used mainly by Android and iOS mobile device owners to share images that then self-destruct after 10 seconds is the sort of security idea that businesses say can help them secure online transactions with business partners
Design and Innovation
Vir2us, Inc. Launches Project XeroPass to Eliminate Need to Create, Remember or Enter Passwords and Login Information (MarketWatch) Crowd funding project expects to deliver new secure identity authentication technology, eliminate passwords and solve secure computing challenges for business and consumers
Research and Development
Los Alamos Scientists Build A Prototype Quantum Network (Forbes) The way quantum cryptography works is not at all simple, but here's the basic idea: in quantum mechanics, it's possible for two photons of light to become entangled. Meaning that when you change the quantum "spin" of one of the photons, the spin of the
Commercial Quantum Cryptography Satellites Coming (IEEE Spectrum) Satellites capable of performing quantum cryptography, a form of communication that is theoretically unhackable, don't even exist outside of the lab yet, but researchers at the Institute for Quantum Computing (IQC), in Waterloo, Ont., Canada, are
New Software Security Center To Evaluate Cyberthreats (Dark Reading) S2ERC will be launched at Georgetown later this month. A new Security and Software Engineering Research Center (S2ERC) that will research cyber threats and other security and technology issues will be launched at Georgetown later this month. Eric Burger, research professor of computer science, will serve as director of the new center, which will have its first face-to-face meeting on May 28
Legislation, Policy, and Regulation
Internet Sales Tax Passes — Tax Lawyers Get Ready to Go Boat Shopping (Wired Business) The internet sales tax will be a huge new experiment in regulating interstate commerce. Small businesses could wind up playing the guinea pigs as they wrestle with the tax laws of up to 46 different states
Why Tech's Finance Wizards Are Tearing Out Their Hair (Wired Business) Already overdue, SEC rules implementing the "crowdfunding" provisions of the JOBS Act aren't expected to take effect until the middle of next year. In the meantime, some startups are already burning through capital
Privacy Fail: House Passes Cyber Intelligence Law (LiveScience.com) But, unfortunately, the hacker collective largely failed recently to derail the Cyber Intelligence Sharing and Protection Act (CISPA) in much the same way that earlier efforts helped derail the Stop Online Piracy Act (SOPA). As a result, CISPA is still
DHS urged to hire outsider for new cyber chief (The Hill) [Keith] Alexander's role at the National Security Agency and the deputy undersecretary for cybersecurity at DHS," Weatherford told The Hill. "Not just because of the executive order, but when you look at DHS's responsibility of working with the 16
Australia's Privacy Commissioner gets serious about infosec (CSO) The new OAIC information security guide sets out "reasonable steps" to protect personal information, but how many organisations will comply by March 2014
Australian privacy regime leads world but 17-year-old girls lead by example: expert (CSO) Australia's pragmatic privacy legislation is "the gold standard" for world privacy legislation even when compared with the European Union's long-established privacy regime, a US-based privacy expert has concluded – while advising privacy-conscious executives to make employees think like high-school girls if they really want to guarantee data integrity
DoD forming information operations executive steering group (FierceGovernmentIT) The Defense Department will form an information operations executive steering group to better streamline IO, or the mechanisms the department uses to integrate and implement information-related capabilities during military operations, says a May 2 DoD directive
Litigation, Investigation, and Law Enforcement
Kim Dotcom Makes Another Plea For Legal Relief As U.S., UK, Canada Attorneys General Converge Down Under (TechCrunch) Kim Dotcom and his legal team are seizing the moment of a meeting of attorneys general from the U.S., UK, Canada, Australia and New Zealand in Auckland to bring more attention to his legal fight with the U.S. government, which wants to extradite Dotcom from New Zealand and try him for copyright violations related to his now-defunct Megaupload venture. Robert Amsterdam, a high-profile lawyer known
German court convicts, sentences BitTorrent site operator to nearly 4 years (Ars Technica) "Jens R." offered no defense in this case of abetting copyright infringement
Self Propagated LulzSec Leader 'Aush0k' Arrested By Australian Federal Police (Voice Of Grey Hat) Many of us knew Hector Xavier Monsegur widely known as 'Sabu' as the leader of infamous international hacker group LulzSec and Antisec. But this idea will surely be changed when you will hear the histrionic story, which came to light when a 24 old Australian proclaimed himself as the leader of notorious hacker collective group Lulz Security also known as LulzSec. The man, known online as Aush0k, is a senior Australian IT professional who works for the local arm of an international IT company
Secrecy shrouds pretrial hearing in WikiLeaks case at Fort Meade (CapitalGazette.com) A military judge has ordered what prosecutors say is an unprecedented closed
Indian Navy gets ready to dismiss officers for posting ship movements on Facebook (Naked Security) The Indian Navy says that the officers posted details about warship locations, including that of the country's one and only aircraft carrier, in the latest case of eye-rollingly bad Facebook indiscretion
Foreign Intelligence Surveillance Court denied no applications in 2012 (FierceGovernmentIT) An annual report on federal clandestine requests for information shows that the Foreign Intelligence Surveillance Court denied none of the 1,856 applications put before it during calendar year 2012
Data Hoarding: How To Stop (InformationWeek) Hoarding information, or storing enterprise data in the wrong places, can open your company to legal liability. But culture change won't be easy
European Commission rules Google's Motorola abused mobile patent dominance (FierceMobileIT) The European Commission has issued a preliminary ruling that Google's (NASDAQ: GOOG) Motorola Mobility abused its mobile patent dominance when it tried to get an injunction against Apple's (NASDAQ: AAPL) iPhone in Germany, the European Union announced on Monday
For a complete running list of events, please visit the Event Tracker.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
(ISC)² CyberSecureGov (Crystal City, Virginia, USA, May 7 - 8, 2013) Join (ISC)² for an exciting two days as they explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring during this time of transition, what new resources are emerging -- from both industry and government -- that hold promise in helping to fulfill the mission of securing government systems and citizens, and more.
ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.
The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)
ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)
Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.
CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.
GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).
Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.
FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.
7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.
Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.
CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services and development, by providing access to information and technology solutions anytime and anywhere. The U.S. Department of State has over 69,000 users worldwide at 285 posts with approximately 40,000 remote access users! Small businesses and prime contractors with products and services in Mobile Computing are invited to share information about their companies.
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.