The CyberWire Daily Briefing for 5.9.2013
It's pleasant to open with good news. OpUSA has clearly failed to achieve results beyond nuisance-level (and most of that nuisance was experienced outside the US). US banks, which Anonymous called out as particular targets, were notably exempt from disruption ("US Banks 1, Cyberhacktivists 0," as American Banker puts it). Ironically China may have suffered more in the campaign than the US. Anonymous itself shows symptoms of disruption: many adherents viewed the call to action as a provocation, and sat it out.
Sound encryption practices appear to have contained a data breach at Name.com, and Bank Austria also seems to have successfully mitigated an intrusion.
Other, smaller campaigns continue. Victims include Bangladesh's military academy, Malaysian opposition parties, the Netherlands' government, and New York motorists.
eBay customers are subjected to bogus help-chat that redirects to malware. A ransomware campaign appears in Germany. The Apache backdoor discovered last week continues to spread, and to redirect traffic to Blackhole and other exploit kits.
Lessons are drawn from recent attacks. The Onion (seriously) describes how the Syrian Electronic Army hijacked its Twitter account. The Department of Labor attack shows the threat of waterholing. The control system vulnerability Google researchers exposed in their own facility again points out the difficulty of patching such systems. Virtualization, important as it is, is no panacea, and treating it as such leads to lax security.
Singapore and India join the list of countries releasing cyber policy statements. It's noteworthy that both see labor force development as central to security.
Today's issue includes events affecting Australia, Austria, Argentina, Bangladesh, Brazil, Canada, China, Colombia, France, Germany, India, Indonesia, Israel, Kenya, Maylasia, Netherlands, Peru, Romania, Russia, Singapore, Spain, Syria, Taiwan, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
'OpUSA' Cyber-Attacks Fail to Gather Momentum During First Day (eWeek) A few breaches and some Website defacements are the sum total of the first day of Operation USA, which aimed to "wipe you (America) off the cyber map." Hacktivists' threat to wreak digital havoc on U.S. government sites and financial institutions fell well short of the mark on May 7, the first day of the so-called "OpUSA" attack
DDoS Score: U.S. Banks 1, Cyberhacktivists 0 (American Banker) The online sites of the nation's biggest banks seem to be functioning without interruption following a hacktivist threat to launch a series of cyberattacks on financial institutions and government agencies. JPMorgan Chase (JPM), Bank of America (BAC), Citigroup (NYSE:C), Wells Fargo (WFC) and dozens of others ran mostly without digital delays on Tuesday, according to Sitedown.co, which tracks online outages
Thousands of Sites Hacked for OpUSA, but Not All Hacktivists Support the Campaign (Softpedia) Today, on May 7, several hacktivist groups from all around the world have launched OpUSA, an operation that represents a form of protest against the United States. The campaign, inspired by the recent OpIsrael, started a few hours ago and thousands of sites have already been hacked…According to a report published a few days ago by the US Department of Homeland Security (DHS), the agency is not really concerned with OpUSA either. The DHS believes the campaign will mostly consist of nuisance-level attacks. So far, it appears it is right. Of the thousands of sites hacked for OpUSA, most of them have nothing to do with the United States. Instead, they're commercial sites from Israel, Brazil, Argentina, Ukraine, the UK and other countries…Also, judging by the large number of Chinese government sites defaced as part of OpUSA, it's as if the hackers are doing the US a favor. Another noteworthy thing is that not all Anonymous hackers support OpUSA. Some hacktivists believe this operation is part of a conspiracy
Massive Coordinated Cyberattack "Hit List" (Market Oracle) Diane Alter writes: A group of mostly Middle East and North Africa based criminal hackers launched a cyber-attack campaign Tuesday that tested the cybersecurity of U.S. government agencies, financial institutions and commercial businesses. Dubbed OpUSA, the effort is the latest in a string of cyber-attacks on crucial U.S. entities aimed at slowing down or blocking these heavily trafficked sites
Hacking group warns of cyber attack on N. Korea (Arirang News) The international hacking group Anonymous has warned it will hack into several key North Korean websites next month. The group unveiled its list of North Korea
Name.com suffers breach, credit card data accessed, encryption in place (phew!) (Naked Security) Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach. Crooks have apparently made off with data up to and including credit card numbers…but it sounds as though everything was encrypted, which is a silver lining
Bank Austria suffers cyber attack, says clients unaffected (Reuters) Computer hackers penetrated systems at UniCredit subsidiary Bank Austria but were unable to break into client accounts, the bank said
Homemade Browser Targeting "Banco do Brasil" Users (TrendLabs Security Intelligence Blog) Cybercriminals in Brazil appear to have come up with a new tactic to lure users into giving up their login information. A few days ago, we found a post on a Brazilian forum offering a browser that could access the website of the Banco do Brasil without using the needed security plugin
Website of Bangladesh Military Academy Hacked (Softpedia) The official website of the Bangladesh Military Academy (bma.mil.bd) has been breached and defaced. Interestingly, the site has been hacked by two separate collectives
Malaysian election sparks web blocking/DDoS claims (The Register) Opposition leaders and human rights activists have warned that Malaysia's recent elections were tarnished with widespread web blocking and DDoS attacks designed to deprive voters of information about opposition coalition Pakatan Rakyat (PR) before going to the polls
Cyber attack targets Dutch government websites (AFP) Dutch government websites were paralysed for several hours overnight after a mass cyber attack which targeted several ministerial sites, a spokesman said on Wednesday. "The government's sites have been the target of a DDoS attack since
Cybercriminals impersonate New York State's Department of Motor Vehicles (DMV), serve malware (Webroot Threat Blog) Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State's Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they've received an uniform traffic ticket, that they should open, print and send to their town's court
Phishers target eBay customers via live chat support (Help Net Security) U.K.-based ISP Netcraft is warning users about phishers impersonating eBay's live chat support feature in the hopes of getting their hands on eBay users' login, personal and financial information
Porn-downloading ransomware targets German users (Help Net Security) The German Anti-Botnet Advisory Centre is warning (in German) users about a new ransomware / BKA Trojan variant that accuses users of being involved in the reproduction of pornographic material involving minors
Hackers Steal Cash from Bank ATMs (The Commercial Appeal) The hackers often struck late on Fridays, starting about a year ago, sending skeleton crews at more than a dozen European banks rushing to keep bombardments of digital gibberish from crashing their websites. Damaging as the bandwidth-choking attacks were, they were merely smokescreens. Once employees dropped their guard to fight one attack, hackers struck again, exploiting the openings to steal account information and create counterfeit debit cards
Backdoor targeting Apache servers spreads to nginx, Lighttpd (Help Net Security) Last week's revelation of the existence of Linux/Cdorked.A, a highly advanced and stealthy Apache backdoor used to drive traffic from legitimate compromised sites to malicious websites carrying Blackhole
A closer look at the malicious Redkit exploit kit (Naked Security) In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit. Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads
No joke: The Onion tells how Syrian Electronic Army hacked its Twitter (Ars Technica) Phishing attack, grabbing of Google credentials from employees exposed accounts
Department Of Labor Attack Points To Industry Weaknesses (Dark Reading) Security pros say latest watering hole attack patterns expose the 'ecosystem of mediocrity' set out by today's baseline of protection. As researchers dig deeper into a Department of Labor (DOL) attack that some say was the front end of a watering hole attack designed to infect sensitive targets within the Department of Energy, the industry is learning more about the advanced patterns of attack that black hats are using to strike out at very specific targets
Lesson from the Google office hack: Do not trust third-parties (CSO) Many Tridium Niagara systems in use today are left unpatched, and the company acknowledges there's a problem with update deployments
Organizations failing to secure primary attack target (Help Net Security) Despite repeated warnings, a majority of organizations are failing to enact recommended best practice security policies around one of the primary targets of advanced attacks – privileged accounts. According to the results of Cyber-Ark Software's global IT security survey, 86 percent of large enterprise organizations either do not know or have grossly underestimated the magnitude of their privileged account security problem, while more than half of them share privileged passwords internally
CIOs fail to protect mainframe customer testing data (CSO) A fifth of CIOs (20 per cent) admit to not masking or protecting their customer data before providing it to outsourcers for mainframe application testing purposes. On the other end of the spectrum, 82 percent of companies that do mask their customer data before providing it to outsourcers describe the process as "being difficult"
Advanced Persistent Threats: The New Reality (Dark Reading) Once rare and sophisticated, the APT is now becoming a common attack. Is your organization ready
Security practices wanting in virtual machine world, survey finds (CSO) While organizations have been hot to virtualize their machine operations, that zeal hasn't been transferred to their adoption of good security practices, according to a survey released on Wednesday. Nearly half (42 percent) of the 346 administrators participating in the security vendor BeyondTrust's survey said they don't use any security tools regularly as part of operating their virtual systems, and more than half (57 percent) acknowledged that they used existing image templates for producing new virtual images
Nordstrom tracking customer movement via smartphones' WiFi sniffing (Naked Security) The department store has installed sensors in 17 US stores to collect information from customers' smartphones as those phones automatically scan for WiFi service. Nordstrom promises it's keeping the data anonymous
"De Flashing" the ISC Web Site and Flash XSS issues (Internet Storm Center) You may have noticed that earlier today, I removed the flash player that we use to play audio files on our site. The trigger for this was a report that the particular flash player we use (an open source player usually used with Wordpress) is suscepible to cross site scripting . Instead of upgrading to the newer (patched) version, we instead decided to remove the player
China isn't wrong to call the US "the real hacking empire" (Quartz) The cyberwar between China and the US has spread from computers into the halls of diplomacy. In a report this week, the Pentagon said for the first time that the Chinese government and military have been launching cyber attacks against the US. Today, Chinese state media called the US "the real hacking empire" and said the country has "an extensive espionage network."
Security Patches, Mitigations, and Software Updates
Spotify Fixes Security Hole that Allowed Free Song Downloads (Threatpost) One of the largest online music streaming services was briefly singing a different tune after learning a new Google Chrome plug-in allowed users to download copies of songs for free. Google this week pulled from its Chrome Web Store the browser extension known as Downloadify, which exploited a vulnerability in Spotify's web player to allow
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day (Naked Security) The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE. Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability
Cyberwar is breaking out all over (MSN Money) Costly and dangerous attacks on government and corporate computer systems are soaring. The Pentagon alone wants $4.7 billion to combat them. History may remember this week as the moment when the shadowy concept of cyberwar between countries went public
Lack of standards, interoperability problems holding M2M back (FierceMobileIT) A full 86 percent of wireless industry executives surveyed by IHS Research identified lack of standards, diverse architectures and interoperability problems as the top challenges to mass machine-to-machine communications adoption
Mobile devices, M2M flooding enterprises with unstructured data (FierceMobileIT) As a result of the flood of data generated by mobile devices and machine-to-machine communications, enterprises are struggling to keep up with data collection and analysis. However, unless the data is collected and analyzed, it is useless for senior executives to make decisions. That is where big data projects come in
IBM opens its first East Africa innovation center in Nairobi (PC Advisor) The facility is IBM's 41st global innovation center. Continuing a series of investments in East Africa and Kenya, IBM has opened a global innovation center in Nairobi, targeting startups and businesses interested in expanding
TASC unveils new cybersecurity lab in San Antonio (Washington Business Journal) TASC started its San Antonio operation is 1996. It has more than 100 scientists and engineers working in cybersecurity, bio-sciences and intelligence
Products, Services, and Solutions
New Tool Focused On Removing The Overhead And Complexity Of Code Reviews (Dark Reading) Klocwork Cahoots simplifies the code review process. Klocwork Inc, the global leader in automated source code analysis (SCA) solutions for developing more secure software, today announced Klocwork Cahoots, a flexible and easy-to-use peer code review tool that simplifies the code review process. Language-agnostic and designed for development teams of all sizes, Klocwork Cahoots fits into the developer workflow to ensure code reviews are both effective and fast
WatchGuard Expands Network Security Support For Microsoft Hyper-V Customers (Dark Reading) Today at Interop 2013, WatchGuard Technologies, a global leader in manageable business security solutions, announced it is expanding its network security offerings for customers using Microsoft Hyper-V virtualized environments
Triumfant Launches Its First Monitored Service Solution For Advanced Malware Detection And Remediation (Dark Reading) Triumfant collects all malicious activity on the endpoint and provides a detailed analysis leading to remediation
Malwarebytes adds antivirus scanning to cloud backup software (ComputerWorld) Left-field antivirus firm Malwarebytes has launched the first ex-beta version of Secure Backup, a cloud security system designed to scan users' files for infection before storing them in the cloud
WePay Debuts Veda, An Intelligent Risk Engine That Leverages Social Media Data To Prevent Merchant Fraud (TechCrunch) Online payments startup WePay is announcing the launch of Veda, an intelligent social risk engine that leverages social media data as well as traditional business data to catch merchant fraudsters
Check Point Introduces 600 Series Security Appliances for SMBs (eWeek) Web security specialist Check Point Software Technologies launched its 600 ... to medium-size businesses (SMBs) against cyber attacks, including viruses
Qosmos Integrates Cavium Chips (Light Reading) Qosmos, the market leader in embedded Deep Packet Inspection (DPI) and Network Intelligence (NI) technology, today announced full integration with the latest generation of Cavium OCTEON II processors. This results in a best-of-breed
Symantec SSL Certificate Enhanced Cryptography Claimed 10K Times Stronger (Dazeinfo) It is now providing its customers with SSL certificate which is created by multiple algorithms including Elliptic Curve Cryptography (ECC) and Digital Signature Algorithm (DCA), which will not only beat the traditional approach but also is 10,000 times
The Kwikset Kevo lock opens at your touch (CSO) New deadbolt turns your smartphone into a virtual key
6 Super Security Freebies (PCWorld) Secunia PSI examines your system for programs that need security updates, and points you to the required patches. Software updater: Now that almost every PC
Procera Beefs Up Network Analytics (Light Reading) Procera Networks, Inc. (NASDAQ: PKT), the global network intelligence company, today announced the availability of Dynamic LiveView, the industry's first real-time, dynamic query capability for network analytics. Procera's first-to-market capability
Technologies, Techniques, and Standards
Five Questions To Ask When Choosing A Threat Intelligence Service (Dark Reading) Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one? Today's emerging threat intelligence services have the potential to change the way enterprises measure security risk and prepare their defenses for the next wave of attacks. If you subscribe to the Art of War's mantra, "know your enemy," threat intelligence is a key weapon in any IT security arsenal. As they hit the market, however, it's becoming painfully clear that there is a huge disparity between the offerings that vendors are calling "threat intelligence service." Some of them are single-source RSS feeds, not too much different than what you might get from CERT (or even Dark Reading). Others are in-depth analytical services that can not only report and analyze the threats, but also tell you how they might affect your specific IT environment
Panic Now (Dark Reading) "The auditors are coming! The auditors are coming!" If your organization is prepared for an audit with little notice, you have my congratulations and highest regard, because you are a person of rare foresight
How Not To Look Stupid On Twitter (TechCrunch) When the AP Twitter stream was hacked a few weeks ago leading to a massive drop in the equities market, I went off. I found the fact that the AP – a news organization staffed by intelligent people and with a long history of adapting to new media – could be hacked through a phishing attack was unconscionable. It would be like Bank of America being hacked by a group of script kiddies
You're doing passwords wrong. Here's how to make them uncrackable. (IT World) For years now I've harangued relatives about their shoddy password practices. Either they use easily-hacked passwords or forget the passwords they've created--sometimes both. If you won't take it from me, beloved family, consider this Password Day (yes, apparently it's a thing) statement from McAfee's Robert Siciliano: "74% of Internet users use the same password across multiple websites, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss."
Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won't Work (infosec island) When we ask security contacts at our enterprise clients What software development methodology does your company use? - they usually pause for a moment and answer everything.Individual development teams tend to adopt processes that work best for them. Heterogeneous development processes wreak havoc on plans for adopting enterprise-wide secure SDLC efforts. There are at least three reasons why development teams within the same company have different development styles, including
Do You Have a Vendor Security Check List? You Should! (infosec island) So a vendor calls you and wants to sell you a new application for your organization that will help you to be more secure and increase productivity they claim. Good thing you have that vendor security checklist so that you can see if this new application and vendor conforms to the security controls that your organization has put in place. Wait, you don't have a checklist or know what one is? Let me help you with that. A security check list is a list of security controls that a vendor or application
Use These Secret NSA Google Search Tips to Become Your Own Spy Agency (Wired) The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. But the most interesting is the chapter titled "Google Hacking
Research and Development
Quantum key air to ground transmission could be future of cryptography (Gizmag) For the first time, quantum cryptographers have successfully transmitted a quantum key from a fast-moving object – a Dornier 228 turboprop. The experiment involved sending a secure message from the aircraft to a ground station via laser beam, and can
Google's Schmidt: what we need is an internet "Delete" button (Naked Security) There are two things we humans could do to wipe clean our internet data tracks. To wit: (1) Get everybody to legally change their names at the age of 18, or (2) Create an internet "Delete" button
Oxford and Royal Holloway to train cyber security graduates (EPSRC) Two new Centres for Doctoral Training (CDTs), that will provide the UK with the next generation of researchers and leaders in cyber security, are announced today by Minister for Universities and Science, David Willetts
Introducing digital forensics in schools key to cybersecurity's future (ZDNet) Vrizlynn Thing, acting head of Singapore's cybercrime research department, is pushing for digital forensics to be taught in schools, to help address the shortage of talent amid the rising incidence of cyberattacks
Cyber Security Challenge (Swinburne University Media Centre) The Swinburne B team was the best of the Victorian teams in the Cyber ... Dr James Hamlyn-Harris, said Swinburne, which entered three teams in CySCA 2013
UNSW wins Cyber Security Challenge Australia (ComputerWorld) Forty-three teams tested the networks and hardware of a fake company over 24 hours. A team of students from the University of New South Wales will be off to the US Black Hat Security conference in July after winning the annual Cyber Security Challenge Australia (CySCA)
UK universities get £7.5m cyber security research funding (Computer Weekly) Oxford University and London University will receive £7.5m government funding for cyber security research
Legislation, Policy, and Regulation
'Fresh proposals' planned over cyber-monitoring (BBC) Fresh proposals to investigate crime in cyberspace are being promised, after the so-called "snoopers' charter" was dropped from the Queen's Speech. The measures to be brought forward would help protect "the public and the investigation of crime in cyberspace". The main plan is to find a way to more closely match internet protocol (IP) addresses to individuals, to identify who has sent an email or made a call
New Zealand isn't exactly outlawing software patents—it's doing something more interesting (Quartz) Despite what you may have read, New Zealand is not "banning" software patents. Indeed, the country has never explicitly allowed the patenting of software in the first place, and excluding software from patentability would violate New Zealand's international patent obligations. Instead, today's amendment to the country's in-progress patents bill skirts international law in a creative way: the country's government will instead declare that software is simply not an invention in the first place
Government approves National Cyber Security Policy (Times of India) The government approved the National Cyber Security Policy that aims to create a secure computing environment in the country and build capacities to strengthen the current set up with focus on manpower training. The Cabinet Committee on Security (CCS) approved the policy which stresses on augmenting India's indigenous capabilities in terms of developing the cyber security set up
A National Security Imperative: Protecting Singapore Businesses From Cyber-Espionage (Eurasia Review) But this is not only an economic issue to be left to private companies to deal with: Joel Brenner, former inspector general of the U.S. National Security Agency, rightly argues that the boundary between economic security and national security has
Senate Bill Calls For 'Watch List' Of Nations Cyberspying On US, Trade Sanctions (Dark Reading) The Deter Cyber Theft Act specifically requires that the U.S. National Director of Intelligence to create a "watch list" of nations engaged in cyberespionage activity against the U.S. and a priority list of the "worst offenders"
Advanced Cyber Attack Tools Seen Available to Hackers (Bloomberg) Advanced cyber attack tools have become readily available for use by foreign governments and terrorists to infiltrate or cripple U.S. computer networks, two federal law enforcement officials told a congressional panel. Dozens of countries now have
Symantec advises Senate on complexity of cyber threats (USA Today) Symantec's government policy vice president Cheri McGuire brought a summary of the antivirus giant's rich metrics showing the intensity and pervasive nature of daily cyber attacks to a U.S. Senate hearing today. Sen. Sheldon Whitehouse (D-R.I.)
How to end content piracy right now (FierceContentManagement) The key to stopping content piracy isn't tougher laws or other over-the-top government intervention. It's actually pretty simple. If you provide a reasonably priced, legal alternative, most people will use it and traffic to sites that typically host pirated content goes down
Litigation, Investigation, and Law Enforcement
Cybercriminals Capitalizing on Ineffective Law Enforcement in Latin America (SecurityWeek) Cyber-criminals are increasingly setting up shop in Latin American and the Caribbean to take advantage of low security awareness among users and ineffective law enforcement, according to a recent report from Trend Micro
Judge Allows Evidence Gathered From FBI's Spoofed Cell Tower (Wired) An Arizona judge has denied a motion to suppress evidence collected through a spoofed cell tower that the FBI used to track the location of an accused identity thief
Network Solutions seizes over 700 domains registered to Syrians (Ars Technica) Domain names pointed mostly to sites hosted in Damascus taken under embargo rules
Taiwan Police Arrest Man Suspected of Hacking Popular Music Website (Softpedia) Police in Taiwan seem to be pretty efficient when it comes to identifying and apprehending cybercriminals. The second possibility is that Taiwanese hackers don't really know how to hide their tracks, allowing authorities to easily identify them
Another Romanian National Accused of Hacking Subway Computers Pleads Guilty (Softpedia) 29-year-old Romanian national Adrian-Tiberiu Oprea, accused of participating in the massive payment card data theft scheme that targeted the point-of-sale (POS) systems of hundreds of US merchants, has pleaded guilty to the charges brought against him
Dutchman appears for 'biggest ever' cyber attack (Sydney Morning Herald) A Dutchman arrested in Spain in connection with an unprecedented cyber attack has been extradited to the Netherlands where he appeared before a judge, Dutch prosecutors say. The attack has been
FBI says it doesn't need a warrant to snoop on private email, social network (ZDNet) The U.S. Federal Bureau of Investigation is able read your emails, Facebook chats, Twitter messages and other private documents without the need for a search
Head Of PCeU British Cyber Police To Quit Force (TechWeek) Charlie McMurdie tells TechWeek it is the right time to go, ahead of PCeU's merger with SOCA. The chief of the Police Central e-Crime Unit (PCeU), the division of the Metropolitan Police dealing with national digital threats, is to leave the force ahead of a major shake up of British cyber policing, TechWeekEurope has learned
Few businesses appear ready to defend themselves from cybercrime, report finds (Calgary Herald) Few companies may be ready to handle an attack from criminals lurking in cyberspace, and fewer know about the government's three-year-old cyber-security efforts, according to a national study. The study's authors concluded that results, while only a small snapshot of the millions of businesses big and small in Canada, point to gaps in how companies protect themselves from cybercrime, a finding that could be chalked up to little monetary damage to companies that fall victim to hackers
Testifying on cybersecurity before the Senate Judiciary Committee (Volokh Conspiracy) I'll be testifying this morning before the Senate Judiciary Committee's subcommittee on crime and terrorism. My testimony will touch on the Attribution Revolution in cybersecurity, the need to move from attribution to creative forms of retribution, and the need to give victims more leeway to investigate the hackers who attack them
Justice Dept. position on ECPA warrant requirement unclear, says ACLU (FierceGovernmentIT) Justice Department documents obtained through the Freedom of Information Act suggest that some U.S. attorneys may continue to authorize law enforcement access to opened emails less than 180 days old without first obtaining a warrant, says the American Civil Liberties Union
For a complete running list of events, please visit the Event Tracker.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.
The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)
ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)
Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.
CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.
GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).
Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.
FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.
7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.
Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.
CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services and development, by providing access to information and technology solutions anytime and anywhere. The U.S. Department of State has over 69,000 users worldwide at 285 posts with approximately 40,000 remote access users! Small businesses and prime contractors with products and services in Mobile Computing are invited to share information about their companies.
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.