The CyberWire Daily Briefing 12.21.15

Cyber Trends

Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices (Nuix) In 2014, the inaugural Defending Data report highlighted interesting trends associated with managing and protecting an increasingly ephemeral perimeter; a shift in security policies and procedures; and the evolving role of security officers. This year, there is more recognition of damage from insider threats; a lack of familiarity with an organization's entire data landscape; and a rising appreciation for security among corporate executives

Predictions for 2016 (Information Security Buzz) A number of Touchdown Clients have predictions for 2016

Five key cybersecurity trends for 2016 (Help Net Security) The overwhelming shift to mobile and cloud computing among both businesses and consumers will see some surprising additions to the risk landscape in 2016. ISACA shares five cyber risk trends for the coming year that CISOs and CIOs should have on their radar

2016 Cybersecurity Predictions (Anitian Blog) Cybersecurity was definitively in the spotlight for 2015. From the server room to the board room and every hallway in between, everybody was talking about hacking, breaches, and vulnerabilities

Could the Internet of Things spark a data security epidemic? (BetaNews) Internet of Things this, Internet of Things that — it's all anyone can talk about these days

Insight Annual Report: Travel now in cyber attackers’ sights (Travolution) With travel companies firmly in the sights of data hunters, cyber security expert Simon Borwick of Deloitte spoke to Ian Taylor

A third of UAE firms hit by cyber security breaches (Gulf News) Country on list of the top 10 destinations targeted by criminals, survey shows

UK businesses 'slow to respond to unusual network activity' (We Live Security) UK businesses are slower to react to possible data breaches than their international counterparts, a new study has concluded

Cyber-attack risk is too great to ditch the experts (Telegraph) Cybercrime is big business these days, and is evolving fast

Legislation, Policy and Regulation

Obama Signs Cyberthreat Information Sharing Bill (GovInfoSecurity) Legislation requires scrubbing of PII before it's shared

Congress approves surveillance legislation tucked into budget package (Ars Technica) Obama to sign bill that one senator says has "unacceptable surveillance provisions"

Cyber security information sharing protections included in omnibus bill (Business Insurance) Companies that voluntarily share information about data breaches with the federal government will receive greater protection against privacy suits under a provision in the omnibus spending bill passed by both houses of Congress on Friday

Cybesecurity's winners and losers (The Hill) Congress on Friday approved its first major cybersecurity bill in years as part of a sweeping end-of-year spending deal

CISA — A win for safety or unimportant bill? (Check & Secure) Do you remember my chat about the Cybersecurity Information Sharing Act (CISA)? About how we discussed the issue of safety vs. privacy? The verdict is in. Safety won over privacy

Industry pros, tech firms displeased with cyber bill (SC Magazine) The U.S. House approved controversial cybersecurity legislation buried within a $1.1 trillion government spending agreement that was needed to prevent a government shutdown

How the United States Can Win the Cyberwar of the Future (Foreign Policy) Cold War-era deterrence theory won't cut it anymore

Final verdict on the cybersecurity bill (Politico) The good, the bad, and the ugly…The evil empire's incompetent cybersecurity. With the latest "Star Wars" flick hitting theaters, here's a timely reminder from CyberPoint that the Galactic Empire was terrible at protecting its computers

Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors (Wired) Encryption backdoors have been a hot topic in the last few years — and the controversial issue got even hotter after the terrorist attacks in Paris and San Bernardino, when it dominated media headlines. It even came up during this week's Republican presidential candidate debate. But despite all the attention focused on backdoors lately, no one noticed that someone had quietly installed backdoors three years ago in a core piece of networking equipment used to protect corporate and government systems around the world

'We're America': Why Apple's CEO thinks we can have both encryption and national security (Business Insider) Apple CEO Tim Cook remains a strong supporter of encryption, even as governments continue to question the method of securely gathering data in wake of terrorist attacks

Opinion: Encryption backdoors are killers of the innovation economy (Christian Science Monitor Passcode) A government mandate for access to secure communication technologies would cripple the security of the Web and hurt the thousands of small companies that make up the backbone of the Internet

FDA Official: We Can't Share Data Without a Better Security Policy (Nextgov) The Food and Drug Administration's security policy isn't "mature enough" to share data with citizens or with the private sector, the agency's chief technology officer said during a recent panel discussion on health IT

Banks told to get tough on cybersecurity in 2016 (ZDNet) 2016 New York state cybersecurity requirements for banks, expected to be applied country-wide, include multi-factor auth, regular audits and pentests, and exacting third-party vendor cybersecurity scrutiny

How United Is Saudi Arabia's New Anti-Terror Coalition? (Defense News) Days after Saudi Arabia announced the launch of a major anti-terror Islamic military coalition, details remain scarce, including what the coalition will do, how it could affect Syria and, even, who is part of it

China's cyber-diplomacy (China Media Project) China's World Internet Conference is last week's news, but the event will likely reverberate for years to come, as China seeks international support for its notion of a "multilateral" approach to the governance of global cyberspace

Government set to clean up digital network with botnet cleaning centre (Economic Times) Dirty streets aren't the only thing the Narendra Modi government hopes to clean up

Cyber security specialists leave germany to tackle cyber policy challenges in 47 nations (DVIDS) Eighty seven cyber security specialists from 47 nations return home this weekend after attending the two week Program for Cyber Security Studies at the George C. Marshall European Center

Snowden to appear via video link at New Hampshire convention (Washington Times) Edward Snowden will appear via video link as a featured speaker at a New Hampshire convention of libertarian activists

Products, Services, and Solutions

Rogers Pitches Cybersecurity Offering (Multichannel News) Develops 'leapfrog' in Partnership with Trustwave

InterApp: The Gadget That Can Spy on Any Smartphone (Softpedia) Israeli company provides an easy-to-use smartphone hacking gadget, complete with an administration panel

PhishMe report shows employees can become assets in anti-phishing battle (CSO) PhishMe report shows employees can improve their ability to detect phishing emails with practice

Social Media Pressure Forces Google To Restore Deleted Cyber Security App (HackRead) On 17th October 2015, a generous man uploaded an application on Google Play Store named "Cybrary"

Technologies, Techniques, and Standards

This video shows why the Death Star needed a cybersecurity platform (Technical.ly Baltimore) CyberPoint International has some pointers for the Galactic Empire's IT staff

Security Tech: It's Not What You Buy, It's How You Deploy (Dark Reading) Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts

Preventing Hail from the Cloud: Securing the 3 Types of Cloud Models (Legaltech News) You need to know which of the three cloud models your organization will be using and what tools and services your CSP offers you to secure your data

5 Elements of a Reliable Cyber-Control Framework (BizTech) These steps will ensure you roll out cybersecurity smartly and strategically within your organization

Privacy And Security: Learn From Best Practices For HIPAA Compliance (Forbes) Industries such as healthcare and financial services are special targets for data breaches and cyber criminals because, as bank robber Willie Sutton said, "that's where the money is"

Validating Supply Chain Cybersecurity (Dark Reading) How to identify risks, understand downstream effects, and prepare for incidents

The Ultimate Guide to Online Privacy (Fried) Below you will find guides on how to do things from securing your email and encrypting your files, to securing your online storage and privatising your online messaging. We've also compiled 150+ tools and resources to help protect your privacy online

Advent tip #19: Grab hold and give it a wiggle! (Naked Security) The suggestion to "grab hold and give it a wiggle" may not sound like useful security advice

Advent tip #20: Free Wi-Fi is handy — but think before you connect! (Naked Security) Free Wi-Fi can be astonishingly handy

Advent Tip 21: Bought online? Watch out for bogus courier emails! (Naked Security) If you've been doing any last-minute online shopping for Christmas gifts, you may well be waiting with increasing anxiety for the items to be be delivered

Santa's datacenter is the most secure in the world. (InformationWeek) The quickest way to end up on the naughty list

Marketplace

Hack attacks and data law boost European cyber insurance demand (Reuters) New European legislation on data privacy is helping push up regional demand for cyber insurance, industry specialists say, after companies such as TalkTalk and Experian were affected by hackers earlier this year

Should you buy cyber insurance? (Network World) With the number breaches reaching an all-time high in 2014 many businesses are looking to mitigate risk with insurance

What's Wrong with Our Ad? Inside Digital Advertising Cyber Risks (Legaltech News) A session at ALM cyberSecure discussed the nature and potential of this expanding industry

Healthcare cyber security market to hit $10.85B worldwide by 2022, study says (HealthcareDive) A new report by Grand View Research, Inc., a U.S. market research and consulting firm, estimates the global healthcare cyber security market will reach $10.85 billion by 2022, thanks to the rapidly increasing number of cyber attacks, regulatory and security compliance issues, and internal data leaks

SEC Approves Plan to Issue Stock Via Bitcoin's Blockchain (Wired) The Securities and Exchange Commission has approved a plan from online retailer Overstock.com to issue company stock via the Internet, signaling a significant shift in the way financial securities will be distributed and traded in the years to come

Exclusive: CACI in the lead to buy Lockheed's IT business — sources (Reuters) Defense contractor CACI International Inc (CACI.N) has emerged as the top contender for Lockheed Martin Corp's (LMT.N) government information technology (IT) business, as the interest of rival bidders fades, people familiar with the matter said

A Look At A Potential Takeover Of CyberArk (Seeking Alpha) There has been a good amount of consolidation in the IT security industry as tech giants acquire small companies. A takeover of CyberArk would be one of the largest deals of the IT security industry. A takeover of CyberArk could carry a premium of 42% of current share prices

ManTech Awarded $5 Billion MAC IDIQ Contract to Provide Cyber Security and Information Systems Technical Support to the Defense Technical Information Center (CNN Money) ManTech International Corporation (Nasdaq:MANT) has been awarded a Cyber Security and Information Systems Technical Area Tasks (CS TAT) contract by the Defense Technical Information Center (DTIC) to provide advanced, full-scope cyber research and development to support multiple technical projects. The contract is a 5-year multiple award contract, indefinite delivery, indefinite quantity (IDIQ) vehicle. The contract ceiling value is $5 billion

Intelligence Should Recruit Like Google (TechCrunch) An interesting story made the rounds back in August. While conducting a search for "python lambda function list comprehension," programmer Max Rosett was suddenly invited to attempt a cryptic coding challenge

Research and Development

Researchers Break "Unbreakable" Quantum Cryptography (Softpedia) Before it even had a chance to be deployed within real-world applications, a group of Swedish scientists have already found a way to break quantum cryptography, a novel, advanced concept for encrypting data using the law of physics themselves

The alchemy of big data in government (The Hill) For nine luminous centuries, the Library of Alexandria was a grand beacon of innovation

Security Patches, Mitigations, and Software Updates

Schneider Electric Patches Buffer Overflow in PLC Line (Threatpost) Automation and energy management company Schneider Electric patched a vulnerability in a product line this week that was leaving a handful of programmable automation controllers at risk of being hacked

FireEye patches urgent security device flaw (SC Magazine) Researchers at Google's Project Zero discovered a critical vulnerability in FireEye NX, EX, AX and FX network security devices that run on security content version 427.334 or prior versions

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites (PCWorld) Thousands of websites will generate errors in browsers if their owners don't replace certificates in less than a month

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers (HackRead) The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC[dot]tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group

Daesh cyber-attacks cannot hurt NATO, says expert (Turkish Weekly) Daesh does not have the capacity to endanger NATO members, a senior cyber-technology expert has said

Behind the Black Flag: The Recruitment of an ISIS Killer (New York Times) Since the Syrian rebel leader Hassan Aboud joined ISIS, taking with him fighters and weapons, he has been behind a sprawling mix of battlefield action and crime

United Nations moves to confront Islamic State online (Christian Science Monitor Passcode) In meetings in New York, the UN Security Council's counterterrorism committee pledged to ramp up effort to prevent Islamic State and other terrorists groups from recruiting and organizing online

Pentagon weighs cybercampaign against Islamic State (Los Angeles Times) The Pentagon is considering increasing the pace and scope of cyberattacks against Islamic State, arguing that more aggressive efforts to disable the extremist group's computers, servers and cellphones could help curtail its appeal and disrupt potential terrorist attacks

The US Needs Someone to Run the Effort to Defeat ISIS Online (DefenseOne) Lots of government agencies are doing something; the White House needs to coordinate them

Iranian Hackers Infiltrated New York Dam in 2013 (Wall Street Journal) Cyberspies had access to control system of small structure near Rye in 2013, sparking concerns that reached to the White House

AP Investigation: US Power Grid Vulnerable to Foreign Hacks (ABC News) Security researcher Brian Wallace was on the trail of hackers who had snatched a California university's housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States power grid

Taiwan Opposition Hacked as China's Cyberspies Step Up Attacks (BloombergBusiness) Chinese hackers have attacked Taiwanese targets including local news organizations and the opposition Democratic Progressive Party in a bid to get information about policies and speeches ahead of presidential and legislative elections next month

Armenian Hackers Leak Sensitive Data from Azerbaijan Ministry Servers (HackRead) The cyber war between Armenians and Azerbaijani hackers seems never ending — Like this recent cyber attack in which the Armenian hackers from The Monte Melkonian Cyber Army (MMCA) hacked top Azerbaijani ministries and stole sensitive data

New report undresses 'Russian speaking' APT 28 (SC Magazine) A new report has shown the APT28 group to be targeting European government officials and defence personnel. In "APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information", cyber-security company Bitdefender undresses the activities of the long running APT group, tracing its origins and showing its latest activity against political targets, especially in Ukraine

Russian hacking group sharpens its skills (ZDNet) APT 28 group targets political figures as well as telecom and aerospace companies and has developed new ways of attacking according to researchers

Juniper's backdoor password disclosed, likely added in late 2013 (CSO) All an attacker needs is the password and a valid username

Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756) (Internet Storm Center) We decided to move to raise our "Infocon" to yellow over the backdoor in Juniper devices. We decided to do this for a number of reasons

Juniper faces questions about spying code planted in software (ComputerWorld) Who were the attackers and how did they get in?

Phantom Squad's website defaced during hacking warfare — but not by Lizard Squad… [Update] (Neowin) Since this article was originally published, @Obstructable — who is part of hacking group SKidNP, but has no affiliation with Lizard Squad — has contacted Neowin to clarify that he defaced Phantom Squad's website, and not Lizard Squad

Lizard Squad member claims Phantom Squad could attack Xbox Live and PSN this Christmas (International Business Times) The new hacking collective Phantom Squad could attack the online networks of PlayStation and Xbox Live this Christmas, creating trouble for gamers. The group had recently claimed responsibility for an outage on Xbox Live network

As Xbox Live goes down, PhantomSquad takes credit for attack (Hot for Security) It's beginning to look a lot like Christmas might be miserable for Xbox and PlayStation video game fans

Microsoft Xbox Live suffers DDoS attack from Phantom Squad, Sony PSN also threatened (Computing) A hacker group known as Phantom Squad has attacked Microsoft's Xbox Live online games service with a DDoS attempt which caused disruption for users during the last few hours

Bernie Sanders campaign improperly accessed Clinton voter data, DNC says (Ars Technica) After breach, DNC cuts off Sanders campaign's access to voter database

DNC Data Breach: What Happened and What It Means for Bernie Sanders' Campaign (ABC News) A Bernie Sanders campaign staffer was fired on Wednesday after allegedly accessing data from the Hillary Clinton campaign, and it has created quite a problem for the Sanders campaign

Democrats' database bug spotlights the rise of big data in elections (Naked Security) In recent election cycles we've heard a lot about big data in political campaigns, and in the future it's possible we'll hear a lot more about big campaign data breaches, too

Crooks update their exploits — have you updated your Office? (Naked Security) Microsoft Office exploits are cunningly-crafted, deliberately malformed chunks of data, inserted into Office files, that crash the application in a way that gives cybercriminals control, so that they can install malware without you noticing

Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them (TrendLabs Security Intelligence Blog) Operation Black Atlas has already spread to a multi-state healthcare provider, dental clinics, a machine manufacturer, a technology company focusing on insurance services, a gas station that has a multi-state presence, and a beauty supply shop

Database leak exposes 3.3 million Hello Kitty fans (CSO) Database storing 3.3 million sanriotown.com accounts found online

Password Thieves Target E-Giftcard Firm Gyft (KrebsOnSecurity) Digital gift card retailer Gyft has forced a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers

Twitter Account of Pharma CEO Martin Shkreli Hacked (HackRead) Twitter account of the former CEO of Turing Pharmaceuticals Martin Shkreli aka pharma bro has been hacked by an unknown hacker who then published a series of tweets on his account

HIV dating company accuses researchers of hacking database (CSO) Hzone CEO calls the disclosure a condemnable act, accuses researcher and Databreaches[dot]net of malicious hacking

Facebook Denies Threatening Security Researcher To Keep Quiet Over Major Instagram Security Breach (International Business Times) Facebook has been accused of threatening a security researcher who uncovered a vulnerability that allowed him to access Instagram servers that hold the photos of its 400 million users. But the world's biggest social network is denying the accusation, saying the researcher went too far in an attempt to highlight a problem and claim a reward

Facebook spars with researcher who says he found "Instagram's Million Dollar Bug" (Naked Security) A spat erupted last week between Facebook and a security researcher who reported a vulnerability in the infrastructure behind its Instagram service

Hacker Earns 50k Miles by Exposing Vulnerability in United Airlines Website (HackRead) Earlier this year we reported about security measures taken by United Airlines that they'll give you up to a million miles to find a Security Bug in their system. An Indian researcher Rahul Mohanraj who read about the United Airlines' bug bounty program was perhaps excited to travel those million miles so he started working on it!

Academia

Oxford University to launch cybersecurity centre in Victoria (ZDNet) Oxford University's Global Cyber Security Capacity Centre will open a new office in Australia, which will see Melbourne become the first location for the global initiative outside of the United Kingdom

Litigation, Investigation, and Enforcement

Bernie Sanders campaign sues the DNC after data breach (Engadget) Sanders' campaign calls the DNC's decision to block it from voter data 'sabotage'

Who Backdoored Juniper's Code? (Data Breach Today) Flaws allow silent authentication bypass, VPN decryption

Should visitors to Islamic State sites face punishments like fines or jail time? (Naked Security) In the US, it was called Operation Avalanche. In the UK, its name was Operation Ore

Venzuela Sues U.S.-Based Currency Exchange Website for 'Cyber-Terrorism' (World News Daily) Desperate attempt to disguise South American nation's economic collapse

Design and Innovation

Vuvuzela, a next-generation anonymity tool that protects users by adding NOISE (TechFinancials) Cryptography is the science of keeping secrets, with encryption algorithms and methods such as public key encryption the gold standard. Despite widespread usage and heavy scrutiny, these ciphers remain unbroken. But while encryption can keep messages secret, it cannot protect the identities of the sender and receiver

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

upcoming Events

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Orgnaization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, January 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives