The CyberWire Daily Briefing 06.01.16

Summary

By The CyberWire Staff

The University of Toronto’s Citizen Lab reports that some state security and intelligence services—apparently including the United Arab Emirates—are running cyber espionage campaigns under journalistic cover.

A Windows zero-day (a purported zero-day: Microsoft points out that the vulnerability has yet to be verified) is for sale on the black market. The vendors claim that it grants admin privileges on any machine running any version of Windows from Windows 2000 through a fully up-to-date Windows 10. The asking price is $90,000. Whether the hackers’ claims are legitimate or not, this is interesting for at least two reasons. First, whoever discovered the flaw apparently thought they could make more money hawking it in a crimeware souk than by either using it themselves or selling it quietly to big buyers. Second, zero-days may be on their way to the sort of commodification long seen in the data theft racket. After all, $90,000 isn’t that much—just a bit more than a sandwich shop franchise would run.

That stolen data have become inexpensive commodities may be seen in the continuing story of the MySpace breach. Granted, the credentials are old, but to offer almost half a billion of them for about $2800 suggests it’s a buyer’s black market. MySpace has invalidated the affected passwords.

University of Michigan researchers demonstrate a microscopic hardware backdoor-on-a-chip proof-of-concept.

Wassenaar implementation may have slowed, but cyber export controls remain under consideration worldwide.

Ramadan, which begins with this Sunday’s new moon, is expected to bring heightened ISIS activity.

Notes.

Today's issue includes events affecting Bangladesh, Brazil, China, European Union, France, Germany, India, Iraq, Ireland, Jordan, Lebanon, Libya, Malaysia, Philippines, Poland, Russia, Singapore, Syria, United Arab Emirates, United Kingdom, United States, and and Vietnam.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Johns Hopkins' Joe Carrigan explains the risks of using those public photo printing kiosks, and Venafi's Kevin Bocek discusses the looming SHA-1 cert expiration deadline. (Should you enjoy the podcast, please consider giving it an iTunes review.)

Selected Reading

Cyber Trends

The future of Identity Management: Passwords and the cloud (Help Net Security) Compromised credentials are still the cause of almost a quarter of all data breaches, according to the Cloud Security Alliance. With a surge in cybercrime, it’s no wonder that the global identity and access management (IAM) market is expected to reach USD 24.55 billion by 2022, according to Research and Markets

Identity fears are holding back the sharing economy (Help Net Security) Businesses operating in the sharing economy are being held back by consumer fears over trust in the identity of the other party in the transaction, according to a new report from HooYu, a global identity confirmation service

Study claims economic globalisation brings on cyber-risk (SC Magazine) Businesses have learned to embrace economic globalisation and have expanded operations around the world. A new report from BitSight studied how entering new countries can bring on financial, operational and legal risks, including cyber-risks, to an organisation

Mobile workforce exposes businesses to security vulnerabilities (Help Net Security) U.S. business leaders are unprepared for the increased threat to information security that comes with flexible office environments. A Shred-it study shows that leaders are not providing the protocols and training needed to ensure information remains secure in a mobile work environment

Legislation, Policy and Regulation

China attempts to reinforce real-name registration for Internet users (TechCrunch) China is once again renewing its efforts to get all people who sign up for a mobile number to use their real names. According to state-run news agency China News Service (link via Google Translate), the government has declared that everyone who buys a SIM card in China, even non-citizens, need to show a passport or another form of valid identification

Pioneers of US's anti-cyber bullying movement to launch India campaign (Times of India) Despite internet and social media becoming a part of our lives, concepts of cyber-bullying and sextortion remain vague in Indian

The exportation game: why "where?" matters to FinTech (Lexology) Political and military interest in cryptography is nothing new, but international controls on the sharing and export of information security technology is an ever more pressing concern for businesses

U.S. Tech Firms Agree to EU Code of Conduct on Terror and Hate Content (Wall Street Journal) Google, Facebook, Twitter and Microsoft agree to remove extremist and racist material

Privacy Shield needs improvement, says EU privacy watchdog (IDG via CSO) The successor to Safe Harbor suffers from some of the same faults

White House Slates $19B for Cyber Defense. Next Step: Find Contractors to Help (Defense One) The Cybersecurity National Action Plan seeks a 35% increase over last year's proposed budget

FBI wants to exempt its huge fingerprint and photo database from privacy protections (Washington Post) The FBI wants to exempt its burgeoning national database of fingerprints and facial photos from a federal law that gives Americans the right to sue for government violations of the Privacy Act, such as refusing to tell a person if he or she is in the system

Hayden: Political culture limits government’s ability to protect IT systems (GCN) Last year’s hack at the Office of Personnel Management that led to the loss of more than 21 million personnel records was the result of poor cyber hygiene, according to Gen. Michael Hayden, the former director of the National Security Agency and CIA. And the attack itself was rather impressive

Carter Visit Highlights Army’s Cybersecurity (Breaking Defense) On his way west for a major Pacific summit, Defense Secretary Ashton Carter made sure to stop here in the Arizona desert to visit a new cybersecurity center

The Cyber Implications of Acquisition Speed: Part II (SIGNAL) Looking at the Army Common Operating Environment approach

Cybersecurity goes beyond securing the perimeter, state experts say (StateScoop) In the fifth episode of StateScoop Radio’s “Priorities” series, state tech execs say security must be integrated into every aspect of the network

Products, Services, and Solutions

Sirin Labs unveils luxury smartphone for security-conscious traveling executives (Network World) The Solarin uses 256-bit AES encryption to secure voice and data communications

Huntsman Security updates trail-blazing cyber security analytics and automated threat verification platform (ResponseSource) Massive growth in interest around security analytics, threat management and automation has driven rapid evolution of Huntsman Security cyber risk solutions with new version released today

Trend Micro Collaborates with NXP to Showcase Virtualized Customer Premise Equipment (BusinessWire) Technology combination provides scalable and innovative network protection

Thales helps Swiftch secure first Visa Ready and MasterCard self-certified mPOS solution in the Middle East (PRNewswire) Increasing card acceptance and delivering improved customer experience in countries where cash is king

Dacuda and Unisys team up for Rapid Input MRZ (Security Document World) Dacuda and Unisys have launched the Rapid Input MRZ Reader, which aims to automate personal identity information data entry on mobile devices and transform the way police officers enter personal data in the field

Technologies, Techniques, and Standards

Businesses to be offered cyber advice by National Cyber Security Centre (MICSO) The government has announced its intelligence agency, GCHQ, will be setting up a 'National Cyber Security Centre' (NCSC) to provide businesses with cyber security guidance and advice, TechWeekEurope reports

Adobe Flash: 6 Tips For Blocking Exploit Kits (Dark Reading) While Adobe does a good job patching exploits, there are additional steps security staffs can take to hedge their bets

How Seriously Are You Taking Cyber Security? (The Startup Magazine) The fear of this has trickled down to SME’s and startups alike

JPMorgan Chase Counter Cyber-Attack Strategy (Bidness Etc.) JPMorgan Chase & Co. (NYSE:JPM) chief investment officer Dana Deasy recently highlighted the bank’s game plan for fintechs and cyber-attacks

9 Tips to Make Your Wedding Planning and Honeymoon as Safe as Possible (Pop Sugar) It's no secret that most brides-to-be plan their weddings online. After all, with so many apps and websites out there, it'd be silly not to. However, many couples forget the most important rules of internet safety, which 100 percent apply to your wedding planning and honeymoon. The National Cyber Security Alliance (NCSA) put together a fun and important infographic that outlines key tips to remember, including

Marketplace

Goldman and Amazon back cyber security start-up Ionic Security (Financial Times) Amazon and Goldman Sachs have become the latest investors to back Ionic Security, as the cyber security start-up looks to expand its reach beyond large companies

Microsoft Ventures to invest in cloud, security, machine learning startups (ZDNet) Microsoft has made over its Ventures group, and plans to use it to make early-stage investments in cloud, security and machine-learning startups

BDO Israel acquires Israeli cybersecurity advisory firm SECOZ (Conslutancy.uk) BDO Israel has acquired Israeli cybersecurity advisory firm SECOZ for an undisclosed sum. Ophir Zilbiger, the current President of SECOZ as well as its founder and former CEO, joins BDO as Partner. The SECOZ team will be integrated into BDO’s regional cyber security offering, strengthening its position within technology and intelligence advisory services

Buffett Says ‘CNBC’ is the Ultimate Threat to Markets (Uncommon Wisdom Daily) Warren Buffett just warned the market that "CNBC" represents the one gigantic threat to the global economy

A Primer On SecureWorks - Bull And Bear Cases For The Recent Managed Security Services IPO (Seeking Alpha) Strong recurring revenue profile with a growing sticky customer base and major industry tailwinds. Lack of profitability, large well-funded competitors, and relatively low gross margins are pressures on the stock. Company may present an attractive investment opportunity in the future but investors need to see execution of the business over the next few quarters before paying higher multiples

Palo Alto: Buy as Market Overreacts (MoneyShow) Palo Alto Networks fell double digits after the market overreacted to the company’s earnings results, says Michael Berger, Associate Editor of MoneyShow.com, who highlights his favorite stock in the rapidly growing data security sector

Time's Myspace Data Breach: Buy This Leading Cybersecurity Stock (The Street) The latest hacking outbreak is yet another reminder that cybercrime is a global epidemic. But as we explain, in crisis there's typically a moneymaking opportunity

UK start-up Silicon:SAFE launches into channel (CRN) CEO Nick Lowe claims to have created a new niche as company makes channel debut

Research and Development

Quantum Computing Comes to the Cloud (IBM Security Intelligence) Many dismiss quantum computing as a foreign concept that won’t be available for practical use for quite some time. Unfortunately for them, they’re wrong

China To Launch World's First Quantum Communication Satellite, Will Change Face Of Cryptography (Science World Report) China will launch its first experimental quantum communication satellite in July this year, according to the Chinese Academy of Sciences (CAS). The launch will reportedly be the first quantum communication via a satellite on our planet

Security Patches, Mitigations, and Software Updates

Tor Browser 6.0 released (Help Net Security) The Tor Browser lets you use Tor on Windows, OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is portable

Why the Microsoft Windows 10 upgrade nanny is now a security nightmare (Computerworld) Users are disabling Windows Update, which could spell disaster

Cisco Web Security Appliance/Email Security Appliance Prior 9.0.1-135/9.1.1-041/9.7.0-125 Advance Malware Protection Libclamav Denial of Service (Vuldb) A vulnerability classified as problematic has been found in Cisco Web Security Appliance and Email Security Appliance. Affected is an unknown function in the library libclamav of the component Advance Malware Protection. The manipulation with an unknown input leads to a denial of service vulnerability (crash). This is going to have an impact on availability

ProcessMaker 3.0.1.7 Cross Site Request Forgery / Cross Site Scripting (Packet Storm Security) ProcessMaker version 3.0.1.7 suffers from cross site request forgery and cross site scripting vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

Turns Out That Maybe You Shouldn’t Trust the ‘Media’ (Foreign Policy) From Iran to China, repressive governments are posing as journalists to hack into the computers of dissidents and other enemies of the state

Stealth Falcon Spyware Used by UAE to Intimidate Dissidents, Journalists (HackRead) There have been a lot of stories on hacking and spying in the modern era that getting them all is close to impossible. But here and there comes a few which stand out and make people really talk about them

Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents (Citizen Lab) This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon

ISIS Forecast: Ramadan 2016 (Institute for the Study of War) The next forty-five days constitute a high-risk period for a surge of attacks by ISIS during the Islamic holy month of Ramadan. ISIS traditionally uses Ramadan – which begins on June 6 and ends on July 5, 2016 - as a justification for its attacks and as an occasion to reorient its strategy

Windows Zero Day Selling for $90,000 (Threatpost) Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000

Got $90,000? A Windows 0-Day Could Be Yours (KrebsOnSecurity) How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000

Hack Brief: Your Old Myspace Account Just Came Back to Haunt You (Wired) You may have left Myspace and its indie bands behind years ago, but Myspace hasn’t forgotten you. Or rather, it hasn’t forgotten your password, which is unfortunate, because it just revealed that a hacker stole username and password infomation from what could be more than 360 million accounts

MySpace breach could be the biggest ever – half a BILLION passwords! (Naked Security) Not two weeks ago, LinkedIn made big data breach news when hackers claimed to have more than 100 million usernames and passwords up for sale

FireEye reportedly investigating additional possible SWIFT attacks (CIO Dive) Additional banks in Southeast Asia and other parts of the world are checking into possible security breaches related to the SWIFT global financial messaging network, according to CIO

Serpent-like malware targets your bank account (CNBC) GozNym stays 'asleep' until you access your money

Dangerous New Malware Targets Online Bank Accounts (Money Talks News) A virus called “GozNym” is targeting banks and online banking customers in a unique and effective way

Device hijacking security flaws discovered in LG handsets (ZDNet) The two vulnerabilities can be used to escalate privileges and remotely attack user devices

Pre-Loaded Laptop Software Comes With Security Risks (Dark Reading) Laptops from Dell, HP, Asus, Acer and Lenovo all had at least one vulnerability that could result in complete compromise of system, Duo Security report says

OEM software update tools preloaded on PCs are a security mess (IDG via CSO) Researchers found remote code execution flaws in support tools from Acer, Asus, Lenovo, Dell, and HP

This ‘Demonically Clever’ Backdoor Hides In a Tiny Slice of a Computer Chip (Wired) Security flaws in software can be tough to find. Purposefully planted ones—hidden backdoors created by spies or saboteurs—are often even stealthier. Now imagine a backdoor planted not in an application, or deep in an operating system, but even deeper, in the hardware of the processor that runs a computer

Anonymous leads the way again as world’s most prolific hacktivist group (HackRead) This shouldn’t come as a surprise to any of us at all. Of late, the world famous group of hacktivists Anonymous has once again topped the list of the most active hacker group so far in 2016 and hence, we can term it as the leader of all hacktivists

Ransomware Domains Increase 35 Fold in Q1 2016, According to the Infoblox DNS Threat Index (Marketwired) Explosion in ransomware drives all-time high in malicious domain creation

Cyber-attack threat to nuclear facilities underestimated by UK - report (Russia Today) British authorities underestimate the risk posed by malicious cyber-attacks, spy drones and data breaches to UK nuclear facilities and systems of transit, expert analysis suggests

Satellite broadband not immune to cyberattacks: Singtel (Telecom Asia) Cyberattacks are on the rise, and satellite operators are not immune, especially as they make bolder moves into broadband data connectivity

Security concerns rising for Internet of Things devices (CSO) Call it the Attack Vector of Things

Hackers want you to continue ignoring this critical home cybersecurity flaw (American Enterprise Institute) With the number of Internet of Things (IoT) devices expected to grow to over 20 billion by 2020, it is time to take a closer look at one of the Internet’s most vulnerable points: your home router

WiFi Security Issues Go Unnoticed in America (eWeek) Americans as a whole are still disclosing sensitive information over public WiFi, such as their address and credit card number, according to a SecureAuth survey

Components of modern hacking operations (Network World) Attack planning is handled like a business operation and includes hiring plans, budgets and timelines

93% of phishing emails are now ransomware (CSO) As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today

Vietnam world’s second biggest source of spam: Kaspersky (Tuoi Tre News) There is one field where Vietnam is second only to the United States, but it is barely worth celebrating: spreading unwanted emails across the globe

Academia

IWP launches Cyber Intelligence Initiative (Institute of World Politics) The Institute of World Politics announced the launch of its Cyber Intelligence Initiative at a sold out inaugural conference at the Ritz Carlton Pentagon City

Flatiron School teams up with Re:Coded to help Syrian refugees learn to code (TechCrunch) There are now more than 6.5 million scattered Syrian refugees throughout the world and many of them are left without any way to make a living as the war wages on in their home country. Iraqi NGO Re:Coded and New York-based code school Flatiron are putting together a plan to help those refugees most susceptible to extremism in Iraq by teaching them programming skills

Litigation, Investigation, and Enforcement

Hillary Clinton Aide Says Little Thought Was Given to Potential Issues Over Private Email (New York Times) Hillary Clinton’s chief of staff at the State Department said in sworn testimony released Tuesday that Mrs. Clinton’s advisers gave little thought to the problems her private email server might create if they were forced to turn over her communications under public records law

Clinton: I didn't tell anyone to hide that I was using private email (Politico) Hillary Clinton on Tuesday rejected the idea that she instructed anyone at the State Department to keep quiet about her private email server, after an inspector general report released last week found that some staff were told to hush up about the unusual setup

Hillary Clinton Has a Lot to Say About Her Emails. Much of It Isn’t True (Time) Over the months, Hillary Clinton misstated key facts about her use of private email and her own server for her work as secretary of state, the department’s inspector general reported this week

Emails Block Clinton's Pivot to the Positive (Politico) Allies say she needs to reboot her image, but a certain homebrewed server stands in the way

Birmingham robber recognised on Facebook is jailed (BBC) A robber who was caught after one of his victims recognised him on Facebook has been jailed

Victim identifies armed robber after Facebook suggests he add him as a friend (Naked Security) You never know who Facebook’s going to suggest you friend. People with 45 mutual friends? A friend’s friend who you loathe? Or how about this: that guy who pulled a knife on you and stole your car?

Design and Innovation

Facebook spares humans by fighting offensive photos with AI (TechCrunch) Facebook’s artificial intelligence systems now report more offensive photos than humans do, marking a major milestone in the social network’s battle against abuse, the company tells me. AI could quarantine obscene content before it ever hurts the psyches of real people

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill open positions from companies including BAE Systems, CACI, Deloitte, CGI, Prosync, OnyxPoint, ShoreIT Solutions, Varen Technologies and many more.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

upcoming Events

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game. The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided.

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Cyber espionage under journalistic cover? Alleged Windows 0-day selling for $90k. MySpace breach updates. Cyber arms control. New ISIS activity expected.