The CyberWire Daily Briefing for 1.13.2014
The Syrian Electronic Army counted coup thrice against Microsoft over the weekend, hacking two of the company's official Twitter accounts and its TechNet blog.
Elsewhere in the Middle East, Israeli sources dismiss claims that Iran (or Iranian-inspired hacktivists) hacked Israeli airlines as "psychological warfare." (The reports were disturbing in that they boasted an ability to take down aircraft in flight.) And the Voice of Russia circulates unconfirmed reports that twenty-eight embassies in Tehran were infected with data-mining malware.
East-European cyber-criminal forum "Verified" is hacked and exposed by a rival gang.
Neiman Marcus and other US retailers report Target-like (although not Target-scale) data breaches. The Target caper continues to grow in size and seriousness: more than 100M records, many belonging to non-customers, are now believed to have been compromised. Target confirms finding malware in its point-of-sale devices. Some analysts call the known scope of the Target breach "the tip of the iceberg," and expect more retailers to discover similar problems in their own networks.
Yahoo! finds its exploitation by a Bitcoin-mining botnet more extensive than previously believed, with more infections outside Europe (mostly in Asia) than within.
An undocumented firmware backdoor is found in some Cisco routers; Cisco promises to close it as soon as possible.
Oracle will issue "hundreds" of patches tomorrow. (Microsoft is expected to release only four.)
Surveillance backlash continues to bedevil US companies' international market position. (Canadian firms seek to benefit). President Obama is expected to announce his plans for the future of surveillance policy this Friday.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, Guyana, India, Iran, Israel, Japan, People's Democratic Republic of Korea, Republic of Korea, Netherlands, Norway, Pakistan, South Africa, Syria, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Microsoft left red-faced after official blog and Twitter accounts hacked (Graham Cluley) The Syrian Electronic Army has hijacked two official Microsoft Twitter accounts as well as the company's official blog on TechNet
Claimed cyberattack on Israeli Airports Authority dismissed as 'psychological warfare' (TechWorld) Those who can, hack. Those who can't, make it up
Despite claims, Iranians didn't hack Israeli aviation system (The Times of Israel) Hackers' declarations are simply a case of psychological warfare, according to an expert on Middle East cyber-attacks
Cyber attackers prey on 28 embassies in Tehran (Voice of Russia) Twenty-eight embassies in the capital city of Iran were affected by a brand new cyber-attack. Emails regarding the conflict in Syria included data-mining malware which no defenses had been programmed in to combat this sort of attack
Hacked Cybercrime Forum Exposes Nearly 20,000 "Bad Actors" (SecurityWeek) Cyber-criminals targeted an online community and stole member information and login credentials from the site's forum database late Tuesday. What sets this attack apart from similar data breaches is the fact that the victims were part of a community of Eastern European cyber-criminals
'PowerLocker' Project Shows Criminal Interest in Ransomware Growing (eWeek) An underground effort to create new data-encrypting malware shows that interest in ransomware remains high, according to an analysis posted by an anti-cyber-crime group
Cryptolocker ransomware protection: A new reason for old advice (TechTarget) As with anything in technology, it is only a matter of time until a newer, faster version is available. Unfortunately, this is not always for the betterment of all. Earlier this year a new ransomware virus, called Cryptolocker, began infecting computers owned by individuals and businesses alike. Cryptolocker is a Trojan horse malware program that targets computers running Windows. It primarily comes from email, but can also be passed on through any type of file transfer and, when activated, encrypts files using RSA cryptography. A Cryptolocker ransomware attack could be devastating if a company is not properly protected
Credit card hackers hit US retailer Neiman Marcus (Graham Cluley) Posh US department store Neiman Marcus has been hit by hackers who managed to break into its systems and access the credit and debit card information of shoppers
Exclusive: More well-known U.S. retailers victims of cyber attacks — sources (Reuters) Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed
Target's data breach MUCH bigger than first thought — now more than 100,000,000 records (Naked Security) US megaretailer Target is having a tough time of it. Having said that, so are its customers — and even, as it now turns out, many of its non-customers, too. Target has now joined companies like Adobe and Sony in the "hundred million plus" data breach club
Target admits "there was malware on our point-of-sale registers" (Naked Security) The Target data breach story has turned into a bit of a bus: it's big, has lots of momentum, and three just came along at once. First: 40M payment card details stolen. Second: 70M names, addresses and the like stolen. Third: looks like there was a specialised botnet involved
Target planning 'significant changes' after data breach (CNBC via Reuters ) Target Corp plans to make "significant changes" in light of the data breach during the holiday shopping season when hackers stole personal information of millions of customers, the U.S. retailer's chief executive said in an interview with CNBC aired on Monday
With data vulnerable, retailers look for tougher security (Reuters) A top retail trade group executive on Sunday called for tougher security standards that could mean more spending for the industry, its banks and business partners after a series of data breaches at major merchants
Data breach at Target is under close investigative scrutiny (Daily Record) As computer experts peel back the layers of Target's massive data breach, federal and state law enforcement agencies are running parallel investigations to find the cyber criminals who infiltrated the retailer's computers
'Worst breach in history' puts data-security pressure on retail industry (CNBC) The Target security breach that may have affected as many as 110 million customers — with their names, mailing addresses, phone numbers and credit card information possibly swiped — ranks as the most extensive corporate data hack ever, experts said on Friday
Yahoo update: Malware attacks more widespread that first thought (ZDNet) Initial reports that only European sites were affected were incorrect; a small number of users outside were also served Bitcoin mining malware from Yahoo ads
Backdoor exposed in Cisco small business devices (ZDNet) Several Cisco small business networking products have an undocumented "test interface" which could allow a LAN-based user to gain root access. Public exploit code is available
Six ways hackers try to break Secure Sockets Layer-encrypted data (TechTarget) Secure sockets layer (SSL) is used to protect millions of network users but how vulnerable is it? Over the last several years, there has been an array of attacks designed to subvert SSL. While the technology is fundamentally secure, attackers are always looking for loopholes to bypass security protocols and standards. And SSL is a big target. It is used to protect sensitive Hypertext Transfer Protocol (HTTP) traffic. Attackers, who like to think outside the box, are always seeking new ways to gain access to sensitive data. Let's look at some of the different ways that hackers are trying to break SSL
MIT website hacked by Anonymous on anniversary of Aaron Swartz suicide (ZDNet) Late on January 10, the hacktivism entity Anonymous hacked and defaced MIT letting the institution know Anonymous will not forget the tragic suicide of hacker Aaron Swartz
At least 22,000 Macs still have Flashback; so what? (ZDNet) The OSX/Flashback botnet is "adrift" says Intego, but still alive. Mac version research shows how this is unsurprising and not a big concern
Dieudonne fans bring down French JDL website, two others (JTA) Supporters of the anti-Semitic comedian Dieudonne hijacked three French pro-Israel websites in a coordinated cyber attack
Website security flaws in SA — shooting the messenger (My Broadband) The City of Joburg and Sanral have angered tech-savvy consumers with the way they handled exposure of their website security flaws
Malware Blamed for Data Leak at Nuclear Plant (CSO Salted Hash) A computer in the control room of the Monju fast-breeder reactor was infected by malware earlier this month, after an employee updated video software
Mysterious Message Posted on UGNazi's Twitter: "We're Back" (Softpedia) The UGNazi hacker group made a lot of headlines back in 2012 after hacking the systems of several high-profile organizations by using some clever techniques. The group's activities stopped after some members, including Cosmo the God, were arrested
Root a Mac in 10 seconds or less (Patrick Mosca) Often times, physical access to a machine means game over. While people like to think that OSX is immune to most security threats, even Apple computers can be susceptible to physical attacks. Mac OSX is capable of booting into single user mode by holding a special key combination (Command-S). From this point, an attacker has root access to the entire computer. Note that this is not a security exploit, but rather an intentionally designed feature. While of course the intruder needs to be physically present, this can become a huge security problem
Network Time Protocol (NTP) Amplification Attacks (US-CERT) A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack (DDoS) via forged requests. US-CERT and the Canadian Cyber Incident Response Center (CCIRC) have both observed active use of this attack vector in recent DDoS attacks
Unwiped Mobile Devices a BYOD Risk (eSecurity Planet) Just 16 percent of adults who use mobile devices for work wipe data from old devices when they get a new one. It's important to educate employees about the BYOD risks this creates
Virginia School District Admits Data Breach (eSecurity Planet) Student names, addresses, phone numbers, dates and places of birth, dates of attendance, and school schedules were exposed
Straight Dope Forum Hacked (eSecurity Planet) User names, e-mail addresses and hashed passwords were exposed
Oracle to release critical security fixes for hundreds of products (including Java) on Tuesday (Graham Cluley) Oracle says that it is strongly recommending that customers apply the patches "as soon as possible" because of "the threat posed by a successful attack"
Cisco promises to fix admin backdoor in some routers (TechWorld) The company plans to release firmware updates to remove the undocumented feature by the end of the month
The Future of Global Cyber-Security is in the Cloud (Forbes) Both hackers and antivirus makers were put on notice last week when two shining stars in the $67 billion worldwide cyber-security universe announced their merger. Milpitas, Calif.-based global network security company FireEye has acquired Washington, D.C.-based cyber-security firm Mandiant, which released a famous report last year about a Chinese military unit that allegedly pilfered data from at least 115 companies across major U.S. industries
Comment: Cybersecurity Lessons from the Financial Sector (InfoSecurity Magazine) Creating a cybersecurity policy is hard, largely because it's so difficult to define success. A national cybersecurity initiative should define the goals we want to achieve and provide incentives for the private and public sector to cooperate. According to Matthew Cohen of NT OBJECTives, once that is done, the private sector can do what it does best: compete to provide the most robust and cost-effective solutions to the problem
Half of UK people are not protecting themselves online, says UK government (Naked Security) People are not doing enough to protect themselves online, according to the UK government, who have today launched a new £4 million campaign to help raise awareness of cyber security issues
Would You Shout "My PIN Code Is 9876!" In The Street? (Forbes) Most readers I suspect are fairly unlikely to shout their PIN code or banking password in the middle of the street. Neither would you choose to go walking around town with banknotes hanging out of your pockets (this I should note is not a challenge). We have all learned whilst growing up that certain personal information or assets are better kept to ourselves and protected. Yet, the same can not be said for many people's behaviour online
It is time for more attention to be paid to cyber security (Stabroek News) Two years ago I suggested in this column that few Caribbean governments or companies were taking seriously the threat posed by cyber attack and cyber crime. This was despite evidence to suggest that the region was increasingly subject to damage by those who use the internet to breach national security, undertake criminal activity or behave maliciously
Enterprise computing in the post-Snowden era (ZDNet) Edward Snowden didn't just disclose embarrassing details about the NSA. He also exposed weaknesses in enterprise security. How much will things really change? It seems implausible that nothing will change in the NSA as a result of Edward Snowden's leaks of their practices. But those practices didn't affect just the government. In light of all that has happened you have to reexamine how your own business operates
RIP, information security, done in by backdoors and secret deals (InfoWorld) It seems that the very tools we use to secure our networks represent the greatest insider threat of all
The biggest challenge to IT security is marketing (Help Net Security) Most companies today are using social media and online marketing channels to tell their customers and prospects about what they do. From company Twitter accounts, LinkedIn profiles through to website CMS or marketing automation platforms, all these tools have two things in common: one, they are essential to running marketing. Two, they are all outside the control of the IT department
Knowing Your Cyber Enemy: New Services Open Up Possibilities, But Experts Differ On Techniques, Value (Dark Reading) As commercial capabilities for identifying online attackers improve, experts, service providers debate methods, costs
Trends in Targeted Attacks: 2013 (FireEye Blog) FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a cyber arms dealer, and revealed that Operation Ke3chang had targeted Ministries of Foreign Affairs in Europe
The PC's Death Might Also Mean the Web's Demise (Wired) It's not just laptops and desktops that could become curiosities on the pile of dead tech. Their loss could drag the whole web with it
Canada courting U.S. web giants in wake of NSA spy scandal (The Toronto Star) U.S. industry stands to lose billions as companies spooked by security leaks seek to store banks of personal data outside U.S. The Canadian government is trying to profit from the National Security Agency spy scandal south of the border by luring frustrated American web titans such as Google and Facebook into storing sensitive banks of personal information outside the United States, the Toronto Star has learned
News briefs: NSA scandal leads Brits, Canadians to move data out of U.S. (Cloud Provider Digest) This week, a survey shows the NSA scandal has made businesses wary of storing data in the U.S., and Boston ditches Microsoft for Google Apps
NSA Fallout: Why Foreign Firms Won't Buy American Tech (InformationWeek) Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset
Internet chieftains press Obama over NSA spy swoops (AFP via Digital Journal) Bosses from Internet giants including Twitter and Facebook Tuesday pressed President Barack Obama for reforms of US spy agency snooping, adding to rising heat from the courts and American allies
No NSA fears as tech hawks data-hungry devices (Politico) The most significant privacy debate in recent history is rattling an NSA-wary Washington, but you wouldn't have known it here at one of the largest tech gatherings in the world
Patriot Technologies and RADiFlow Receive Grant for the Development of Secure Smart Grid Automation Communication Solution (Digital Journal) Patriot Technologies and RADiFlow today announced they have received a conditional grant from the Israeli/U.S. Binational Industrial Research and Development Foundation (BIRD)
IBM targets cloud, big data with upcoming Intel-based X6 systems (Modern Infrastructure Alert) IBM's X6 is a radically different architecture for Intel-based servers designed to boost performance and reliability, sources say. Will it propel its xSeries higher into the clouds
With Watson, Is IBM Riding Right Wave? (InformationWeek) IBM bets that its Watson technology will ride the cognitive-computing wave to commercial success — while rivals gear up for the connected-computing era
Orange to sell cyber defense offerings in Africa (ITWeb Africa) More African cyber defense business could come Orange Business' way thanks to its acquisition of French IT identity and security management
Ben Fathi Named VMware CTO (GovConWire) Ben Fathi, formerly senior vice president for research and development at VMware (NYSE: VMW), has been appointed to the role of chief technology officer
David Goulden Named EMC Data Infrastructure Business CEO (GovConWire) David Goulden, formerly president and chief operating officer at EMC Corp. (NYSE: EMC), has been promoted to CEO of the company's information infrastructure business unit, effective immediately
CyberRX: First industry-wide healthcare cyber attack exercise (Help Net Security) HITRUST will lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations, named CyberRX. The results will be used to evaluate the industry's response and threat preparedness against attacks and attempts to disrupt U.S. healthcare industry operations
Google+ Email Changes: How To Opt Out (InformationWeek) Google+ users can now send you messages without knowing your email address. Here's how to opt out
Twitter Security and Privacy Settings You Need to Know (Threatpost) To kick off the new year, we are restarting our tutorial screencast series where we attempt to briefly walk users through the process of locking down their various online accounts. Today's video, which is just slightly longer than we had hoped, thoroughly details the steps necessary to ensure that your Twitter account is as private and secure as possible
The Potential of Social Network Analysis in Intelligence (OODA Loop) The legality of the National Security Agency's (NSA's) use of US citizens' metadata to identify and track foreign intelligence organizations and their operatives is currently a subject of much debate. Less well understood (and consequently routinely misreported) are the capabilities and limitations of social network analysis, the methodology often used to evaluate this metadata
Take steps to defend your network using DHCP snooping (TechTarget) The numbers vary on whether insiders or outsiders are the greater security threat to the enterprise, and the line continues to blur. And if an organization has architected its network in a way that includes using insecure systems and protocols, the network infrastructure could be at risk. For example, sometimes securing a Layer 2 protocol like Dynamic Host Configuration Protocol (DHCP) is overlooked. DHCP is an example of a helper protocol that works in the background, and most end users don't give much thought to it. The fact that it doesn't get much attention means it's a potential attack vector that may go unnoticed. DHCP snooping is one such control that can be used to prevent many common attacks
IEEE approves update to 802.11ac for faster Wi-Fi (FierceCIO: TechWatch) The IEEE officially approved the 802.11ac -2013 update for up to 7Gbps of theoretical wireless data rates over the 5GHz Wi-Fi spectrum, reports Enterprise Networking Planet. An addendum to the initial 802.11ac specification, the new specification gets its speed boost primarily from the use of Multi User, Multiple-Input, Multiple-Output (MU-MIMO) technology, which supports the use of multiple concurrent downlink transmissions
Air Force Academy's cyber team reaches rare heights (Stars and Stripes) The team practices four days a week, two hours at a crack. Members hone their speed and skills, with each gaining specialized skills. And they only sweat when an Internet server crashes
RBR Tech Teacher Recognized by SANS Institute for Cyber Security (Red Bank Patch) Red Bank Regional High School's (RBR) Academy of Information Technology teacher Mandy Galante was recently recognized by the SANS Institute with its award dubbed People Who Made a Difference in Cybersecurity in 2013
Critical sectors get cyber attack protection (Hindustan Times) The government has cleared a proposal to put technical-spying agency NTRO in charge of securing the IT installations of key infrastructure bodies including telecommunications, power, railways and airports
Big Brother is curtailing net freedom in South Asia (al Jazeera) In 2013, India and Pakistan stepped up their efforts to aggressively monitor and control their citizens
Iranian Officials Scrutinize Oil Ministry's Preparedness to Stand against Cyber Attacks (Fars News Agency) Head of Iran's Civil Defense Organization Brigadier General Gholam Reza Jalali and Iranian Oil Minister Bijan Zanganeh in a meeting on Sunday discussed the strong and weak points of the oil ministry's civil defense structures against the enemies' possible cyber attacks
Don't let data protection turn into protectionism (Xinhuanet) We live in a global, digitally networked world. Cloud, mobile and in-memory technologies are its engines. Our new world has no boundaries; there is a huge potential for growth, employment and new business models. But it also comes with challenges for policy and industry. In response to leaks about the US National Security Agency's widespread surveillance, there have been lots of understandable concerns. Unfortunately, some parties have suggested building fortresses around national data
Sources: We were pressured to weaken the mobile security in the 80's (Aftenposten) Four men who were part of a group that wrote mobile history tell for the first time how strong protection against eavesdropping of cell phones was weakened
President Obama May Introduce Major NSA Changes On Friday (Tapscape) Intrusive surveillance programs implemented by the National Security Agency (NSA) have been a point of controversy throughout the past year. Amid the controversy and outrage from US citizens as well as the citizens of the US's allies, President Obama will reportedly introduce massive reform for the NSA this coming Friday
Obama to speak on NSA reforms Jan. 17 (The Washington Post) President Obama will deliver his highly anticipated speech on National Security Agency reforms Jan. 17, White House press secretary Jay Carney said Friday
What will happen to NSA programs? That's a secret (MSNBC) More than six months after the leaks from former National Security Agency contractor Edward Snowden began, critics and supporters of the NSA are waiting for President Obama to announce what changes to government surveillance policies he can support
Why Hasn't Obama Reined in NSA? (Huffington Post) After the 2008 election, Barack Obama supporters had high expectations for his national-security policy. We thought he'd end U.S. involvement in Iraq and Afghanistan, and open talks with Iran. We expected he would close down Guantanamo and end the National Security Agency's (NSA) domestic surveillance program that collects Americans' phone and email data. He's accomplished some of these objectives but he hasn't reined in the NSA
The limits of President Obama's power on NSA reform (Politico) President Barack Obama on Friday will try to put the ongoing surveillance controversy behind him, laying out reforms to U.S. intelligence-gathering activities aimed at reassuring Americans that his administration will right the balance between civil liberties and national security. But Obama's powers have significant limits
I Spent Two Hours Talking With NSA's Big Wigs. Here's What's Got Them Mad (Wired) My expectations were low when I asked the National Security Agency to cooperate with my story on the impact of Edward Snowden's leaks on the tech industry. During the 1990s, I had been working on a book, Crypto, which dove deep into cryptography policy, and it took me years — years! — to get an interview with an employee crucial to my narrative. I couldn't quote him, but he provided invaluable background on the Clipper Chip, an ill-fated NSA encryption runaround that purported to strike a balance between protecting personal privacy and maintaining national security
U.S. Senators Implore Obama to Rein in NSA Surveillance (Mashable) Three U.S. senators say they think it's time for U.S. President Barack Obama to rein in the National Security Agency's surveillance tactics. The three Democrats, Sen. Mark Udall of Colorado, Ron Wyden of Oregon and Martin Heinrich of New Mexico, wrote a letter to Obama earlier this week, urging him to follow the advice of an independent panel that recently recommended ending the NSA's bulk telephone metadata collection and storage program, as well as other proposed NSA reforms. Each of the three senators sits on the U.S. Senate Select Committee on Intelligence
FBI Director Defends NSA Spying As What 'Founders Intended' (Opposing Views) FBI Director James Comey recently told reporters that the federal government's spying on American citizens via the National Security Agency is the "way the founders intended"
Working With Law Enforcement In 2014 And Beyond (TrendLabs Security Intelligence Blog) Last December, I spoke at a cybersecurity summit sponsored by the International Telecommunications Union (ITU) in Baku, Azerbaijan. I was there to discuss one thing that Trend Micro will focus on in 2014 and beyond: how we can we work together with law enforcement to stop cybercrime
Qualcomm chief: Why is China probing us? We haven't a clue (The Register) Chipmaker unaware of antitrust violations that might have sparked investigation
French Privacy Watchdog Fines Google €150,000 (Search Engine Watch) Google has been fined €150,000 (roughly $203,000) by the French data protection authority after it ruled that the firm doesn't comply with the country's data protection laws
Cybergendarmes: "Ce que vous effacez, on le retrouve" (Le Point) Le Point.fr s'est rendu dans les bureaux des enquêteurs N-Tech, les experts en cybercrime de la gendarmerie nationale. Rassurant et terrifiant à la fois
Intel panel: DOD report finds Snowden leaks helped terrorists (The Hill) Edward Snowden's leaks about National Security Agency programs have put U.S. troops at risk and prompted terrorists to change their tactics, according to a classified Pentagon report. House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-[Md.]) said that the Pentagon report found a significant portion of the 1.7 million documents Snowden took were related to current U.S. military operations
Carafano: Snowden is a traitor in all but name (The Statesman) Edward Snowden stole hundreds of thousands of American secrets and sprinkled them across the Internet. Should he be considered a traitor? The Australian government thinks so. Snowden's revelation of highly sensitive intelligence operations "down under" led Australian Federal Attorney-General George Brandis to brand the former National Security Agency contractor an "American traitor"
Snowden would be better off in Brazil, says Ellsberg (ZDNet) The former military analyst who leaked the Pentagon Papers says Brazil should help Edward Snowden regardless of any potential retaliation from the US
After 30 Years of Silence, the Original NSA Whistleblower Looks Back (Gawker) The four-story brownstone at 141 East 37th Street in Manhattan has no remarkable features: a plain building on a quiet tree-lined street in the shadow of the Empire State Building. In the summer of 1920, Herbert O. Yardley, a government codebreaker, moved in with a gang of math geniuses and began deciphering intercepted Japanese diplomatic telegrams. This was the Black Chamber, America's first civilian code-breaking agency. From this was born the American surveillance state, and eventually the sprawling National Security Agency, which you may have heard about recently
Hacker hijacked YouTube channels to milk AdSense for money (Naked Security) A US man, Matthew A. Buchanan, has admitted that he and his accomplice jimmied open YouTube accounts via Google's password recovery process. They also hacked AOL email, right on up to the inbox of the AOL CEO himself
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
FloCon2014 (Charleston, South Carolina, USA, Jan 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
Federal Intel Summit (, Jan 1, 1970) The Potomac Officers Club is proud to host the 2014 Federal Intel Summit featuring Congressman Mike Rogers and leadership from across the Federal Agencies focused on protecting our national interests.
cybergamut Tech Tuesday: Malware Reverse Engineering — An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, Jan 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Federal Mobile Computing Summit (, Jan 1, 1970) The Federal Mobile Computing Summit: Digital Government Strategy II will feature government leaders who played an instrumental role in the development of the DGS and worked on the resulting deliverables. These IT thought leaders will examine the mobile landscape over the next 18 months — and beyond.
Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, Jan 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.