Banks on alert. DNS malvertising. Neutrino gets active. CEO fired over BEC. US State Department IG reports on email issues.
news from the Georgetown Cybersecurity Law Institute
We're continuing our coverage of Georgetown University's Cybersecurity Law Institute in Washington, DC,which wraps up today. We'll have full reports in an upcoming issue. We heard much yesterday about the role corporate counsel plays in cyber security. That role is, among other things, the role of translator among the members of the C-suite and the board, and, especially, between the CISO and the board. Panelists advised the attorneys in attendance to, as one expert put it, "be involved, be prepared, and be the voice of reason." Experts stressed the importance not only of planning for incidents, but of getting your lexicon straight in that planning, and of exercising the plans you develop.
This morning we gained some insight into the (somewhat menacing, to tell the truth) role of US Federal regulatory bodies, and we heard a lively and provocative discussion of how to think, strategically, about meaningful public-private cooperation. We'll cite one analogy a panelist invited everyone to explore: universities like Georgetown have police forces, and no one seriously sees it as a rogue body, still less as a crew of hired vigilantes. What such police forces do is stabilize a situation until it can be handed over to government law enforcement authorities. Could we do something like this in cyberspace? He didn't offer an answer, but the question's worth some thought.
You'll find the Institute's website here, Follow @theCyberWire, #CSLI16, for Twitter coverage of the event.
Bankers worldwide consider ways of reducing their vulnerability to large-scale fraud of the kind suffered by Bangladesh Bank, which SWIFT’s CEO calls “a big deal.” Kenya’s Central Bank is the latest to warn that it and related government organizations are receiving credible indicators and warnings of imminent cyber attack.
Kaspersky warns India that the threat actors behind the Danti campaign may have succeeded not only in spoofing senior officials’ emails, but in establishing persistent access to government networks.
Zscaler has observed a spike in Neutrino exploit kit activity. It’s being used in a malvertising campaign to drop the Gamarue/Andromeda Trojan.
Palo Alto researchers have found a campaign (“Pisloader”) using DNS as command-and-control for redirection of victims to sites whence they download the PoisonIvy Remote Access Trojan (RAT).
You may have seen messages inviting you to download “WhatsApp Gold,” allegedly an enhanced version of WhatsApp used by celebrities. Decline the invitation. There’s no such thing, warns White Hat Security, and all you’ll download is malware.
The CEO of Austrian aerospace supplier FACC is fired over the company’s business email compromise.
In other industry news, some analysts are tempted to go long Cisco and FireEye, and they’re waiting for Palo Alto’s results this evening. Votiro, Dashlane, and Demisto attract venture funding.
US Special Operations Command is looking for innovative cyber ops ideas and capabilities.
The US State Department Inspector General releases a lengthy report on email security and retention practices. It’s not exactly a letter of recommendation for some (one?) former Secretaries.
Notes.
Today's issue includes events affecting Bangladesh, Belgium, Canada, China, France, Germany, India, Iraq, Ireland, Israel, Kenya, Libya, New Zealand, Switzerland, Syria, Tunisia, United Kingdom, United States, and and Vietnam.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we follow up on ransomware with our partners at Level 3: Dale Drew tells us what negotiations are like when cyber crooks palaver with their victims. And we have as our guest Danny Rogers from Terbium labs, who talks about ways of scanning the Internet for sensitive data that don't require the scanner to be able to read those data. (We welcome reviews, by the way: you can provide an iTunes review here.)
Washington, DC: the latest from the Georgetown Cybersecurity Law Institute
Cybersecurity Law Institute (Georgetown University Law Center) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies
Cyber Attacks, Threats, and Vulnerabilities
Kenya: Central Bank Puts Firms on High Alert Over Cyber Attacks (All Africa) The Central Bank of Kenya (CBK) has received credible information that the bank and other government facilities could be the target of an imminent cyber-attack
Cyberespionage group might have “full access” to Indian govt networks: Kaspersky (Indian Express) Kaspersky claimed "the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials"
CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again (Bitcoinist) Just a few days ago, we reported how Kaspersky Labs has been able to crack the CryptXXX decryption code and create a tool which lets users restore file access without paying the Bitcoin ransom. The latest CryptXXX update nullifies this tool entirely, and security researchers are back to square one
The Day the Earth Stood Still for CryptoWall (ThreatTrack Security Labs) It’s been the norm in the cybersecurity industry to be intrigued and at the same time be infuriated by the people behind any successful large-scale malware attack. Ransomware is one such example
Ransomware: What your clients need to know (ChannelLife) CryptoWall, Locky, TeslaCrypt. To make sense of today’s tech headlines, you have to learn an entire new vocabulary. But one word sums them all up: Ransomware
Neutrino Malvertising campaign drops Gamarue (Zscaler) Neutrino Exploit Kit (EK) has not seen as much activity this year as more popular kits like Angler and RIG. But over the last month we have seen an increase in activity from Neutrino, with multiple campaigns using both compromised sites and advertising services
Palo Alto IDs another C&C-over-DNS attack (Register) 'Pisloader' hides instructions in plain sight
When domain names attack: the WPAD name collision vulnerability (Naked Security) A combination of poorly configured networks and new rules on internet domain names are giving cybercriminals a new and easy way to attack entire organisations, according to research out of the University of Michigan
WhatsApp Gold doesn’t exist, it’s a scam that spreads malware (Help Net Security) WhatsApp users are once again targeted by malware peddlers, via messages that offer WhatsApp Gold, supposedly an enhanced version of the popular messaging app previously used only by “big celebrities”
SRC-2016-22 : Microsoft Office Component FSupportSAEXTChar() Use-After-Free Remote Code Execution Vulnerability (Source Incite) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file
Skimmers Found at Walmart: A Closer Look (KrebsOnSecurity) Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals
LinkedIn sends email attempting to reassure users over ‘security issue’ (News.com.au) LinkedIn has attempted to reassure its users after a “security issue” that involved a hacker stealing more than one hundred million identities
Phishers Creating More Noise to Fool Defenses (eWeek) The criminals behind phishing attacks are creating vast numbers of unique Web pages to host their attacks in an attempt to dodge defenses, according to an industry report
Phishing attacks rise to highest level since 2004 (Help Net Security) The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history
This is the Real Threat Posed by Hacked Medical Devices at the VA (Nextgov) As the departments of Defense and Veterans Affairs work to make the digital medical records that each manages for some 10 million beneficiaries compatible, they face an unassuming foe
Hackers stole health information of 80 million Indians in 2015 : Report (International Business Times) Hackers stole the public health information — such as names, addresses, birth dates, income data and "social security numbers" of 80 million internet users of India in 2015, a report released by global security software company Trend Micro said on Tuesday
Security Patches, Mitigations, and Software Updates
Visa may reduce use of one-time passwords (Straits Times) Credit card giant Visa is looking to make online transactions easier by cutting down the use of one-time passwords (OTPs) - the codes sent to customers' mobile phones when they enter their card details
Cyber Trends
Elders way better at password security than millennials (Naked Security) Stop making fun of Aunt Millie squinting at the screen: her password kicks your password’s butt, and she’s not the one reusing the same damn password for every site
UK companies have a high cyber-security rating (IT Pro Portal) The UK is among the countries with the highest business cyber-security rating among several other high-profile players, according to a new report by BitSight Technologies
Marketplace
Swift calls for industry-wide response to cyber-threat (Global Trade Review) Swift’s CEO, Gottfried Leibbrandt, has called for industry-wide action against cybercrime, following attacks on the Central Bank of Bangladesh and TP Bank in Vietnam
Austria's FACC, hit by cyber fraud, fires CEO (Reuters) The head of Austrian aerospace parts maker FACC has been fired after the company was hit by a cyber fraud that cost it 42 million euros ($47 million)
Dashlane Raises $22.5 Million in Series C Funding; Announces Strategic Partnership with TransUnion (PRNewswire) Dashlane, an award-winning password manager and leader in online identity management, announces the closing of $22.5 million in a Series C round of funding
Votiro Raises $4 Million in Series A Round to Neutralize Zero-Day Threats (Dark Reading) Entirely self-funded since 2010, Votiro will use the new capital to further enhance its solutions and expand its global reach
Security ChatOps Innovator Demisto Exits from 'Stealth Mode' (Newsfactor) Demisto exits stealth mode with industry’s first chatbot to improve security operations center productivity and reduce incident response time -- company secures Series A funding from Accel and security industry experts to back go-to-market efforts for just-launched product
Courion, Core Security, SecureReset and Bay 31 Come Together To Form The New Core Security (PRNewsire) Courion, the market leader in Vulnerability and Access Risk Management solutions, today announced the company has changed its name to Core Security. The name change reflects the company's strategic vision following the recent acquisitions of Core Security and SecureReset
Cisco Systems Is a Terrific Buy (Investors Guide) Cisco Systems (CSCO) announced third quarter ended April 30, 2016 total non-GAAP revenue of $12.0 billion, up 3 percent year-over-year from $11.6 billion during the same period last year. Going forward, Cisco’s year-over-year revenue growth for fourth quarter of 2016 is estimated to be in the range of 0% to 3%
Cybersecurity Firm FireEye's Stock Should Continue Gains (The Street) There seems to be no stopping this growth company as it taps the booming network security niche for multi-year capital appreciation
Jim Cramer Is Watching Palo Alto Networks’ Earnings on Thursday (The Street) Jim Cramer is keeping an eye on Palo Alto Networks' quarterly results, due out on Thursday, after the markets close
Telstra: Multi-cloud security is 'critical' for our strategy (ZDNet) A new strategic partnership with a hybrid cloud security company is 'fundamental' to Telstra's overarching cloud plans
IDC: Mobile security products market ruled by three innovators (Mobile Business Insights) According to the International Data Corporation (IDC), three vendors of mobile security products — Skycure, Wandera and Zimperium — are leading the charge when it comes to keeping enterprises ahead of the latest security threats
SAIC sees opportunity in feds' 'offensive cyber' efforts (Washington Business Journal) Science Applications International Corp. (NYSE: SAIC) sees the White House’s increased willingness to embrace “offensive cyber" tactics as good for business
The White Knights of Hacking to the Cyber-rescue (Haaretz) Facebook, Google and other tech heavyweights are increasingly compensating those benevolent geeks who report their security breaches. Not surprisingly, the ‘good guys’ include quite a few Israelis
How the Constant Threat of War Shaped Israel’s Tech Industry (Bloomberg) Unit 8200 is Israel’s most mysterious agency. No one outside knows exactly how it operates, who works there, or how they learn. All the public knows for certain is that Unit 8200 has been the beating heart of Israel’s spectacular—and in many ways unmatched—technology boom
LightCyber plots European takeover (Channel Web) Vendor aims to fight dark side of security as it launches sales teams in UK and Germany
Products, Services, and Solutions
Procera Networks makes FCC's broadband labeling initiative a reality for US ISP (PRNewswire) Procera's technology chosen by North American ISP to improve overall network quality and give subscribers better access to performance information for broadband services
CRN Exclusive: Malwarebytes Extends Endpoint Detection And Response Capabilities To Mac (CRN) Malwarebytes is expanding its endpoint detection and remediation capabilities to Mac environments in a move executives said will help partners increase sales and services opportunities
Startup Tempered Networks Takes Aim at IoT Security (No Jitter) New products give IT a way to create a zero-trust model of security -- that is, trust nothing and build the trust relationships as needed
Proactive Cybersecurity: Defending Industrial Control Systems From Attacks (IBM Security Intelligence) Cyberattacks on industrial control systems (ICS) are on the increase due to the Internet of Things (IoT) revolution. With more and more connected endpoints, the increased volume of sensitive data only serves to increase the viable attack surface
Technologies, Techniques, and Standards
PCI Standard's Multi-factor Authentication Mandate Delayed 'Til 2018 (Infosecurity Magazine) Deadlines for compliance for two of the most important mandates in PCI DSS version 3.2 have been delayed to 2018
Security delays digital adoption in banks, billions at stake (Help Net Security) $405.3 billion, that’s the Digital Value at Stake (VaS) retail banks have the potential to realize from 2015 to 2017. Yet, in 2015, financial services as a whole captured just 29 percent of that opportunity, according to Cisco
After LinkedIn heist, here's how Microsoft is tightening password security (ZDNet) LinkedIn's latest list of leaked credentials is helping Microsoft refine its list of banned passwords as it also issues new best-practice guidelines
Microsoft highlights email security following Panama Papers fiasco (WinBeta) Last month one of the largest data leaks in history occurred when 2.6 TBs of emails and data from law firm Mossack Fonseca made the headlines
Why Companies Must Share Cyber-Threat Intelligence (Baseline) If it seems as if the cyber-security landscape just keeps getting more threatening, you're not imagining things
Design and Innovation
Social Media, Electronic Warfare Tools Among SOCOM's Technology Gaps (National Defense) Special Operations Command is looking for a few good ideas to help it fight the Islamic State and other adversaries, a top acquisition official said on May 25
Why the U.S. military turned a hipster tattoo parlor into a Special Operations lab (Washington Post) From the outside, U.S. Special Operations Command’s latest attempt to find and test the best technology for its operators looks like one more downtown storefront here
How do you outsmart malware? (TechCrunch) The growth of data breaches in recent months and years is in large part because of the new generation of smart malware being developed on a daily basis
Research and Development
DARPA Awards Galois $10 Million Contract To Secure Legacy Cyber Systems (Defense News) The Defense Advanced Research projects Agency (DARPA) awarded Galois a $10 million contract under its Cyber Fault-tolerant Attack Recovery (CFAR) program to secure cyber vulnerabilities in military and commercial legacy systems, the company said today
Deloitte to open blockchain development lab in Ireland (IBS Intelligence) Deloitte has announced its plans to open a new development centre in Dublin, Ireland, to work on the possibilities of blockchain technology
DHS Navigates the World of Vehicular Digital Forensics (SIGNAL) Cars used by terrorists and other criminals yield information about their drivers
Academia
Polytechnique and Deloitte partner to fight cybercrime (CNW) Two key players join forces to train next generation of cybersecurity specialists
Legislation, Policy, and Regulation
Cybersecurity a platform for business growth and innovation (Scoop NZ) Budget 2016 has allocated $22.2 million to establish a national Computer Emergency Response Team (CERT) to help business understand and respond to cyber threats. But more than just a response to risk, cybersecurity should be seen as a platform for business growth and innovation in New Zealand, according to Deloitte
China’s Emerging Cyberspace Strategy (Diplomat) A closer look at China’s cyber strategy, and what it means for the world
Senators ask what OPM hack means for global cyber relations (FCW) Lawmakers want more clarity from the State Department on how breaches, including the Office of Personnel Management hack, affect the push to establish cybersecurity norms with countries such as Russia and China
Rounds Proposes Cyber War Act (SDPB Radio) Federal officials warn that cyber-attacks are becoming greater threats to American security. U.S. Senator Mike Rounds is sponsoring an act that defines cyber war. Proponents say it helps America defend itself, some opponents say there is no one size fits all strategy for war
State CIOs Urge Feds to Finalize Cyberattack Response Plan (Wall Street Journal) State chief information officers and cybersecurity officials are calling on the federal government to finalize a plan of action for responding to major cyberattacks, which the U.S. Department of Homeland Security drafted over six years ago
Maryland senators introduce measure to elevate status of Cyber Command (Baltimore Sun) Maryland's U.S. Senators filed a measure on Wednesday to amend an annual Defense Department funding bill to create the 10th top-level American military command at Fort Meade
Bill Would Put Maryland at Forefront of War on Cyber Terrorism (WJZ CBS News) Terrorist groups trying to attack critical computer systems in the U.S. remain a top security threat. Now one Maryland congressman is pushing hard for changes that would keep us safe, and keep military secrets out of enemy hands
What the US government really thinks about encryption (Christian Science Monitor Passcode) The encryption debate can't be simplified to a Silicon v. Washington fight over your privacy. Even though FBI concerns about "going dark" in its pursuit of criminals and terrorists have captured the headlines, the Obama administration is still deeply divided
For Director of New Cyber Center, Personal Leadership is the Ultimate Hack (Cipher Brief) Tonya Ugoretz, the President’s appointee to head the newly created Cyber Threat and Intelligence Integration Center (CTIIC), would not be faulted for wondering, “What have I done to deserve this?”
Mindful of the Snowden effect, the Air Force moves closer to cyber's private sector (Air Force Times) The Air Force is reviving its annual information technology conference in Montgomery, Alabama, which has been dormant since 2012 due to budget constraints, and the rebranded event has a new focus on cybersecurity
US nuke arsenal runs on 1970s IBM 'puter waving 8-inch floppies (Register) Uncle Sam blows billions a year on legacy tech
Litigation, Investigation, and Law Enforcement
State Dept. inspector general report sharply criticizes Clinton’s email practices (Washington Post) The State Department’s independent watchdog has issued a highly critical analysis of Hillary Clinton’s email practices while running the department, concluding that Clinton failed to seek legal approval for her use of a private server and that agency staff members would not have given their blessing if it had been sought because of “security risks”
Key Findings From Inspector General Report on Clinton Emails (ABC News) Key findings from the State Department inspector general's report on former Secretary of State Hillary Clinton's emails and private server and the department's email practices
Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements (Office of Inspector General, Department of State) As part of ongoing efforts to respond to requests from the current Secretary of State and several Members of Congress, the Office of Inspector General (OIG) reviewed records management requirements and policies regarding the use of non-Departmental communications systems. The scope of this evaluation covers the Office of the Secretary, specifically the tenures of Secretaries of State Madeleine Albright, Colin Powell, Condoleezza Rice, Hillary Clinton, and John Kerry
Clinton expressed worries about exposure of personal emails at State Dept. (Politico) The worry came after her top aide said they needed to discuss putting Clinton on State's email system
The State Department’s Top Cop Imperils Hillary Clinton’s Campaign (Observer) Explosive new State Department report delivers an 83-page doozy, outlining Ms. Clinton's apparent white collar crimes
Belgian Authorities Detain 4 Suspected ISIS Recruiters (AP via Time) Police say they may have planned new attacks in the country
List of French targets found in Adeslam's home (Local (France)) Investigators have found a list of targets for future terror attacks in France on a computer believed to belong to attacker Salah Abdeslam
Islamic State group recruited practising NHS doctor (BBC) An NHS doctor left his family in the UK and joined the Islamic State militant group in Syria, the BBC has learned from leaked IS recruitment papers
Sheffield doctor who joined Isis sparks call for stronger border checks (Guardian) MP says people like Dr Issam Abuanza, who reportedly left his family to join Isis, should know they will not be able to return
Two of her daughters joined ISIS. Now she’s trying to save her two younger girls. (Washington Post) In a small box in her bedroom, Oulfa Hamrounni keeps the photo she treasures most. It shows one of her daughters, brown hair flowing, a smile on her round face. The photo was taken before the girl and her sister left home to join the Islamic State’s affiliate in Libya
Hacker Guccifer Pleads Guilty to Hacking Bush Emails (AP via Time) The Romanian hacker known as Guccifer will serve at least two years in prison after pleading guilty to breaking into computer accounts of the Bush family and others
The Bank Robber (New Yorker) The computer technician who exposed a Swiss bank’s darkest secrets
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Upcoming Events
Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.
HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more
4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity professionals in the country. These experts, from private practice, the government and corporate worlds, will share proven tips, valuable lessons learned and insightful prognostications about the year ahead. You owe it to your clients and yourself to attend the only law school-sponsored CLE program in the country that is devoted 100% to cybersecurity legal developments.
MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions, prize giveaways and more. Learn the latest in techniques and trends, network with your cybersecurity peers, and discover how the Michigan Cyber Range can help you improve your cybersecurity
C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, Jun 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.
SecureWorld Atlanta (Atlanta, Georgia, USA , Jun 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
ISS World Europe (Prague, Czech Republic, Jun 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.
New York State Cyber Security Conference (Albany, New York, USA, Jun 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.
SecureWorld Portland (Portland, Oregon, USA, Jun 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SIFMA Cyber Law Seminar (New York, New York, USA, Jun 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.
Cleared Job Fair (Tysons Corner, Virginia, USA, Jun 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, Jun 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’
Show Me Con (St. Charles, Missouri, USA, Jun 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint
CISO DC (Washington, DC, USA, Jun 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
The Security Culture Conference 2016 (Oslo, Norway, Jun 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, Jun 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.
National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, Jun 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.
Cyber 7.0 (Laurel, Maryland, USA, Jun 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.