Ransomware updates. Rogue USB chargers. Possible security IPO. Snooper's charter gets scrutiny.
news from the Georgetown Cybersecurity Law Institute
We're covering Georgetown University's Cybersecurity Law Institute in Washington, DC, today and tomorrow. We'll have full reports in upcoming issues, but we are in a position to offer some preliminary notes. Early morning sessions emphasized the centrality of translation to counsel's work in cyber security. Thus corporate counsel translates the conversations over cyber risk that take place among IT, security, boards, the C-suite, privacy officers, HR, and so on. We'll follow this and other themes throughout the conference.
You'll find the Institute's website here, Follow @theCyberWire, #CSLI16, for Twitter coverage of the event.
As TeslaCrypt is retired, and superseded for the most part by CryptXXX, other strains of ransomware continue to circulate. CYBER.POLICE, puerile screen presentation and all, remains a problem for Android devices. More criminals are making use of a combined ransomware and DDoS attack. KnowBe4, Invincea, and FireEye are tracking this development, which strikes many observers as the new normal: such attacks are inexpensive to mount and promise a good payoff.
Paying ransom loses some of its meretricious luster. Kansas Heart Hospital, following the example of Hollywood Presbyterian, did pay recently, only to find that its attackers reneged on their promise to decrypt files. The criminals decrypted only a fraction of the affected files, then demanded additional payments. That was enough for Kansas Heart—they’re no longer paying.
Rogue hardware devices turn up in the wild: the US FBI warns against keyloggers disguised as USB charging devices.
Microsoft’s Azure Active Directory now blocks weak passwords that have shown up in breaches. (Like, the Register notes, “M!cr0$0ft.”)
In industry news, the next major security IPO is rumored to be Blue Coat, which could move as early as next week. And investors continue to look for buying opportunities in established companies.
In the crypto wars, some in law enforcement are coming around to the view, prevalent in the US IC, at least, that hacking, not backdoors, are the way to access systems. (Law enforcement adds “undercover work.”)
In the UK, the “snooper’s charter” will be subjected to a review before it clears Parliament.
Today's issue includes events affecting Australia, Belgium, European Union, Iraq, Switzerland, Syria, United Arab Emirates, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Markus Rauschecker, who'll consider whether Congress and the FCC are actually taking a hands-off approach to regulating the Internet-of-things. (If you feel so inclined, please give us an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
CYBER.POLICE Android Ransomware still on patrol… (Malwarebytes) Over the weekend we saw the following rogue Android APK being downloaded to mobile devices via a rogue advert. It claims to be an “Adult Player”, but is really a piece of Ransomware bearing the name “CYBER.POLICE” which has been doing the rounds for a while now
Bad guys jump ship to CryptXXX after TeslaCrypt authors release decryption key (SC Magazine) Cyber crooks look to capitalize on CryptXXX after the fall of TeslaCrypt. After TeslaCrypt's authors publicly released the ransomware's master decryption key last week, Trend Micro researchers spotted cyber crooks jumping to CryptXXX
Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS (Dark Reading) Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice
KnowBe4 CyberAlert: Double-Barrel Ransomware and DDos Attack in-one (PRWeb) Criminal developers have created a new evil way to monetize their operations by adding a DDoS component to ransomware payloads
Kansas Heart Hospital hit with ransomware, doesn't get its files decrypted after paying up (TechSpot) Yet another hospital has been hit with a ransomware attack. The target this time around was Kansas Heart Hospital in Wichita. But unlike other recent attacks, the hackers didn’t fully keep up their end of the deal after receiving their ransom, only partially restoring access to files and demanding more money to decrypt the remaining data
Consumers have no idea what ransomware is (Help Net Security) A new study reveals almost half (43%) of connected consumers today do not know what ransomware is, despite the recent aggressive spread of this type of cyber threat. In addition, a similar amount (44%) confessed that they did not know what data or information could be stolen in a ransomware attack
FBI warns about keyloggers disguised as USB device chargers (Help Net Security) A private industry notification issued by the FBI in late April may indicate that keyloggers disguised as USB device chargers have been fund being used in the wild
WPAD name collision bug opens door for MitM attackers (Help Net Security) A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns
5 active mobile threats spoofing enterprise apps (CSO) Common apps spoofed to trick users into downloading malware
Who’s tracking you online, and how? (Help Net Security) Armed with a tool that mimics a consumer browser but is actually bent on discovering all the ways websites are tracking visitors, Princeton University researchers have discovered several device fingerprinting techniques never before seen in the wild
Over 2,500 Twitter accounts hacked and linked to adult websites: Symantec (Times of India) More than 2,500 Twitter accounts have been compromised to tweet links to adult dating and sex websites, global cyber security leader Symantec said on Tuesday
Why reusing your passwords is riskier than ever (CBS News) Do you use the same password for two, three, maybe dozens of websites?
Outdated systems placing maritime vessels at risk of cyber-attack, study suggests (Hellenic Shipping News) Vessels are under significant threat of cyber-attack because many are carrying outdated software and were not designed with cyber security in mind, according to new research
The Growing Threat of Cyber-Attacks on Critical Infrastructure (Huffpost Business) Despite the fact that cyber-attacks occur with greater frequency and intensity around the world, many either go unreported or are under-reported, leaving the public with a false sense of security about the threat they pose and the lives and property they impact
CNBC gets swift boot by money transfer group Swift (CNBC) A camera operator working for CNBC on Tuesday was ejected from a financial conference in Brussels before a speech on cybersecurity by the CEO of the group that runs the electronic financial messaging program that knits together the global financial system
Security Patches, Mitigations, and Software Updates
Microsoft bans common passwords that appear in breach lists (Register) Azure Active Directory no longer allows the likes of 'M!cr0$0ft' to gain entry
Microsoft criticised over 'deceitful' and 'nasty' Windows 10 upgrade (Independent) Microsoft have now labelled the update as 'recommended'
By the numbers: Cyber attack costs compared (CSO) Not all cyber attacks are created equal
4 Signs Security Craves More Collaboration (Dark Reading) New Intel Security report finds that companies look to work together across departmental lines to remediate security incidents
What Silicon Valley can do about cyber threats (Tech Crunch) Cyber security continues to infiltrate our daily news feeds and make headlines on a regular basis
Reputation damage and brand integrity: Top reasons for protecting data (Help Net Security) Vormetric announced the results of the European Edition of the 2016 Vormetric Data Threat Report. It focuses on responses from IT security leaders in European organisations, which detail IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances
Consumer password authentication dissatisfaction reaches tipping point (Biometric Update) Over half of consumers in the US and UK would prefer to get rid of their usernames and passwords altogether, and instead use biometrics and other modern authentication methods, according to survey results released by customer identity management company Gigya on Tuesday
Death of the Password (Gigya) Consumers now expect more trusted and personalized experiences in exchange for their personal information, but businesses are struggling to protect user privacy in light of growing global security and privacy concerns. Since tolerance is diminishing for username and password processes, today’s businesses must find new ways to secure users’ data while delivering better customer experiences
Most Swiss firms unprepared for cyberattacks (SwissInfo) More than half of Swiss firms are unprepared for cyberattacks on their networks as the so-called “Internet of Things” becomes a reality, a study has shown. Meanwhile, new information has come to light in the recent hack of the RUAG defence firm
A software company could be the next big step in the IPO market's comeback (Business Insider) Blue Coat Systems, the security-software company taken private six years ago, is close to kicking off an initial public offering, according to people familiar with the matter
HPE to spin out its huge services business, merge it with CSC (CIO) The tax-free deal will create a new company with $26 billion in annual revenue
3 Reasons Barracuda Networks, Inc. Stock Could Rise (Motley Fool) The growth of Office 365, a successful turnaround, or outright sale could reward shareholders
Cloud Security Solutions Drive Akamai’s Revenue (Market Realist) Akamai Technologies (AKAM) is a global leader in the content delivery network (or CDN) and has a market capitalization of $8.7 billion
Palo Alto Networks: Well Positioned In The Changing Cybersecurity Industry (Seeking Alpha) Palo Alto Networks' highly integrated approach will likely push the company to new heights in the changing cybersecurity realm. PANW's rapid increase in individual customer value and overall customer count is indicative of the company's growing brand appeal. While Palo Alto Networks is in a great position, the company is facing a growing number of competitive risks from peers such as Fortinet
Can Splunk, Inc. Keep Its Earnings Streak Alive? (Motley Fool) The operational intelligence company has beat expectations for five straight quarters
Digital Shadows at Level 39 hopes to continue its rapid expansion (Wharf) The IT security firm in Canary Wharf is keen to develop the technology it has to help companies defend themselves against cyber attacks
Navy official sounds alarm on cyber workforce shortage (FCW) The Navy is fighting a losing battle trying to keep cyber specialists in its workforce, according to Deputy CIO Janice Haith
GuidePoint Security Hires Former FireMon Executive, Brandy Peterson, as Principal of Technology Integration (BusinessWire) GuidePoint welcomes Brandy Peterson as new Principal to head up Engineering Unit
Apple rehires prominent security pro as encryption fight boils (Reuters) Apple Inc (AAPL.O), which has resisted pressure from U.S. law enforcement to unlock encrypted iPhones, this month rehired a top expert in practical cryptography to bring more powerful security features to a wide range of consumer products
Products, Services, and Solutions
(ISC)2 Partners with PivotPoint on Risk Assessment (Infosecurity Magazine) There is much talk about why CISOs need to translate cybersecurity into business terms rather than technical terms in order to get a seat at the board table. But no one has provided an answer as to how
CrowdStrike Advances Next-Generation Antivirus with Extended Ransomware Prevention as Part of Falcon Platform Spring Release (CrowdStrike) CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced enhanced next-generation antivirus (AV) capabilities to its CrowdStrike Falcon™ Platform to help customers identify and block popular ransomware families such as Locky, Cerber and Teerac, among others
CrowdStrike Launches Open Source Falcon Orchestrator With Spring Platform Release (CrowdStrike) Offers extendable enhanced workflow automation and executing real-time security forensics and remediation actions
CrowdStrike Launches Falcon Connect With Expanded APIs as Part of Spring Platform Release (CrowdStrike) Allows customer and partner enhanced use and integration of CrowdStrike Falcon™ platform
AppSense Announces Endpoint Security Suite for Simplified Configuration of Defenses against Ransomware and Malware (RealWire) AppSense, the leading provider of User Environment Management solutions for the secure endpoint, today announced at the annual Citrix Synergy Conference its Endpoint Security Suite with enhanced features for the prevention of Ransomware and Malware attacks. The solution combines new AppSense Application Manager application and privilege control with AppSense Insight for analysis of user activity and security privilege
Fast Lane Canada Announces Global IT Security Training Partnership with NotSoSecure (rushPRnews) Fast Lane Canada is proud to announce that they have been selected as the Global Authorized Training Partner for world-recognized IT security firm, NotSoSecure
DiData adds more cloud security capabilities (ITWeb) Rapid adoption of cloud applications means that the organisation needs to have tighter controls in the cloud, says DiData
AdaptiveMobile Now Protecting Mobile Networks against SS7 Threats on Three Continents (BusinessWIre) Company expands global Threat Intelligence Unit to handle increase in customer demand for SS7 Protection
The next wave of smart Data Loss Prevention solutions (Help Net Security) Data Loss Prevention has evolved beautifully in the last few years. The measure of control that DLP now provides is extremely powerful, and helps organizations from all sectors and of all sizes minimize the risk of data theft and loss, and protect their intellectual property as well as other type of sensitive data
5 unified threat management products to simplify your cyber security (Computer Business Review) Customers increasingly want solutions that combine different security capabilities
The Best Anti-Virus (PC Gamer) Nobody wants to pay for antivirus software, particularly savvy PC users who know that the best protection is still to practice smart computing habits. You are your best line of defense and if you avoid shady websites, use different passwords for each online account, and avoid clicking on links in email and instant messages, you might be fine to roll without protection. Then again, you might not be
Centrify launches new Developer Program to help developers simplify secure access (CSO) Centrify Developer Program makes identity and security available via APIs, so developers can use the features they need, with the look and feel they require
Gemalto Wins 2016 Cybersecurity Excellence Award for Best Multi-Factor Authentication Solution (Globe Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces that it has been named a winner in the 2016 Cybersecurity Excellence Awards. Gemalto's SafeNet Authentication Service was voted best Multi-Factor Authentication Service by the 300,000 member LinkedIn Information Security Community
Deloitte highlights blockchain’s core banking potential with Temenos and Ripple (IBS Intelligence) Deloitte has been showing off the core banking potential of blockchain by integrating it with Temenos’ T24 platform
SECUDE Announces Latest Version of Halocore, an SAP Data Protection Solution (MarketWired) Halocore helps SAP users ensure data security and prevention of data loss
Guidance Software Introduces EnCase Forensic 8 and New Tableau Forensic Products (BusinessWire) New and enhanced features bring greater efficiency and accuracy to investigations
Technologies, Techniques, and Standards
Ads are for humans, not bots, say advertisers (Naked Security) Someday this may change… but, in 2016, when advertisers pay for online advertising, they still want actual humans to see those ads. Not bots. Or, as the Trustworthy Accountability Group (TAG) puts it
Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program (IBM Security Intelligence) From the latest agile development tools to innovative delivery platforms such as containers, DevOps is changing how people and businesses work
Threat Intelligence - The Answer to Threats or Another Fad? (Infosecuriy Magazine) The threat landscape has been dynamic and ever changing, and the growth and rapid advancement in cyber-attacks against enterprises and individuals have rendered traditional cyber-security measures virtually obsolete
Actionable threat intelligence: Key to comprehensive security in the healthcare industry (Healthcare Innovation) Advances in healthcare technology across the world and in Asia-Pacific have resulted in improved patient care, more accurate diagnostics, faster turnaround times, and a host of other benefit
Studies Offer Insight Into Third-Party Risks, Security Best Practices (eWeek) This past week, a pair of separate research reports were released highlighting two different, yet complementary areas of security
Do we need vendor allies in the malware arms race? (Computerworld) The complexity of today’s SOC functions means you probably can’t hire and keep a staff with all the necessary training
Five myths about Web security (Datacenter Dynamics) Almost 3 terabytes of data stolen in the Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications, including its Client Information Portal. Actually, few hacking groups would spend money on expensive zero-days and complicated APTs, when the information can be easily stolen via insecure web applications. Moreover, even if your corporate website doesn’t contain a single byte of sensitive data, it’s still a perfect foothold to get into your corporate network
Here's proof your cybersecurity efforts might totally fail (HousingWIre) We can't stress it enough
A locked door beats the best alarm (re/code) What good is an alarm if it only goes off after a robber has broken into your house and stolen your stuff?
12 Tips to Convince Users Their IoT System Is Secure (Engineering) “The Internet of Things is only as strong as its weakest link,” cautions Adam Fingersh of Experian, a global information services company
Army to test cyber toolkit (C4ISR & Networks) The Army is about to enter pilot testing on a new software system to help commanders in the field respond more nimbly to rapid variations in cyber threats
Design and Innovation
Driving up Cost and Complexity for Adversaries (Recorded Future) What drives interest in threat intelligence in your community? The bad guys!
Can Google replace passwords by tracking you more thoroughly? (Naked Security) We’ve written many times about the latest and greatest new technology that says it will supplant the password
The Problem with Analytics (Beta News) There is a difference between knowledge and understanding. Knowledge typically comes down to knowing facts while understanding is the application of knowledge to the mastery of systems. You can know a lot while understanding very little
Research and Development
NAVAIR wants to build cyber resiliency into weapons systems (GCN) Recognizing the complexity of securing its weapons systems, the Naval Air Systems Command issued a broad agency announcement for research and development to support in technologies to make its systems more resilient to cyber warfare in an environment of connectivity
SailPoint Awarded Patent for Identity-as-a-Service Technology (BusinessWire) Patented technology maintains ‘zero knowledge’ of administrative credentials in cloud-based identity deployments
US Department of Homeland Security Science and Technology Directorate Awards Machine-to-Machine Intelligence Internet of Things Security Contract (PR Rocket) M2Mi to develop open source security and encryption suite based on NSA cryptography for IoT devices and platforms addressing #1 IoT challenge
Raytheon Partners with AU Kogod Cybersecurity Governance Center (Washington Executive) Raytheon Company announced May 19 that the company is partnering with American University’s Kogod Cybersecurity Governance Center to promote good governance in the preparation for, prevention and detection of, and response to cybersecurity breaches in cybersecurity research and education
Walsh College Opens Cyber Lab To Advance Student Progress In Cyber Defense And Information Technology (PRNewswire) Walsh College has created a custom learning space for training future cybersecurity professionals that offers realistic, hands-on opportunities to experience the physical security countermeasures faced in information technology environments
Legislation, Policy, and Regulation
UK surveillance bill’s controversial bulk powers to be reviewed (TechCrunch) The UK government has agreed to an independent review of so called “bulk collection” — aka mass surveillance — powers in proposed new surveillance legislation, one of the most controversial elements of the Investigatory Powers bill which is currently before parliament. It’s aiming to get the bill onto the statute books before the end of this year
Stop Saying We’re Dropping ‘Cyber Bombs’ On ISIS (Defense One) It is better to see cyber operations for what they are: changing spreadsheets, intercepting email, jamming comms, and a lot of deception
Here's how the US military is beating hackers at their own game (Tech Insider) There's an unseen world war that has been fought for years with no clear battle lines, few rules of engagement, and no end in sight
House passes policy bill for intelligence agencies (The Hill) The House easily passed legislation on Tuesday to authorize intelligence agency activities for the next year with provisions to prevent officials from manipulating reports on combating terrorism
Spymaster: Pentagon Needs Encryption to Defend Secrets (US News and World Report) Government needs strong encryption as the threat of data theft increases, says former head of CIA, NSA
Obama promised transparency. But his administration is one of the most secretive (Washington Post) Some things just aren’t cool. One of those, according to our no-drama president, is ignorance
Department of Defense opening new office in Cambridge (AP via Gazette) The Department of Defense is hoping to tap into the East Coast's cutting-edge technology by opening a new office in Cambridge
GSA May Offer Bug Bounty Program For Federal Agencies (Dark Reading) Researchers will be eligible for bounties of up to $3,500 for discovering bugs in federal agency systems
Litigation, Investigation, and Law Enforcement
Pressure Mounts on FBI To Reveal Tor Browser Exploit (Motherboard) Things are only getting more complicated for the FBI around its investigation into dark web child porn site Playpen
More hacking and undercover work: Police chiefs answer to strong encryption row (ZDNet) International police and cybersecurity agencies tackle the row over strong encryption -- but their answer is likely to cause almost as many headaches as government-ordered backdoors
Industry reactions to the EU General Data Protection Regulation (Help Net Security) As of today, businesses have just two years to become compliant to the EU General Data Protection Regulation (GDPR) or risk major fines. Businesses will need to take adequate measures to ensure the security of personal data, actively demonstrating that they comply with the GDPR and implement “privacy by design"
Man hacks highway sign to read “Drive Crazy Yall” (Naked Security) A Texas man has admitted to guessing at what must have been a forehead-slapper of an easy login for a highway sign, changing what should have been a “construction ahead” warning to “Drive Crazy Yall”
Facebook party invitation leads to teens barricaded in bedroom (Naked Security) A brother, believed to be 17, and his younger sister barricaded themselves into a bedroom along with some guests in a Melbourne suburb after a Facebook party invitation drew gatecrashers battering down the door to get in
Teen pleads not guilty to threat against military personnel (Fox News) A Pennsylvania teenager accused earlier of trying to assist the Islamic State group has pleaded not guilty to accusations he tweeted out the names and addresses of military personnel with threats of violence
Reports: Emirati teen convicted for joining IS in Syria (AP) State media in the UAE are reporting that an Emirati teenager who joined the Islamic State group in Syria and fought there has been sentenced to five years in priso
Facebook Facing Lawsuit for Scanning Users’ Private Messages for Likes (HackRead) According to reports, Facebook historically scanned private text messages of its users for identifying links to websites and treated them as Likes. We do know that Facebook often finds itself in hot water over its observation of user privacy but this time, the matter is far worse than what we may have presumed
For a complete running list of events, please visit the Event Tracker.
Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.
HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity professionals in the country. These experts, from private practice, the government and corporate worlds, will share proven tips, valuable lessons learned and insightful prognostications about the year ahead. You owe it to your clients and yourself to attend the only law school-sponsored CLE program in the country that is devoted 100% to cybersecurity legal developments.
MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions, prize giveaways and more. Learn the latest in techniques and trends, network with your cybersecurity peers, and discover how the Michigan Cyber Range can help you improve your cybersecurity
C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, Jun 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.
SecureWorld Atlanta (Atlanta, Georgia, USA , Jun 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
ISS World Europe (Prague, Czech Republic, Jun 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with firstname.lastname@example.org to receive 20% off the conference price.
New York State Cyber Security Conference (Albany, New York, USA, Jun 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.
SecureWorld Portland (Portland, Oregon, USA, Jun 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SIFMA Cyber Law Seminar (New York, New York, USA, Jun 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.
Cleared Job Fair (Tysons Corner, Virginia, USA, Jun 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, Jun 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’
Show Me Con (St. Charles, Missouri, USA, Jun 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint
CISO DC (Washington, DC, USA, Jun 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
The Security Culture Conference 2016 (Oslo, Norway, Jun 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, Jun 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.
National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, Jun 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.
Cyber 7.0 (Laurel, Maryland, USA, Jun 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.