The CyberWire Daily Briefing 06.03.16

Summary

By The CyberWire Staff

Among the many large (and old) breaches under discussion this week was one that appears bogus. Some identity theft protection companies warned their customers that Dropbox had been breached, citing figures of around 73 million usernames and passwords compromised. But this seems untrue: the lost data appear to have come from the Tumblr breach.

Researchers say password manager KeePass 2’s update check is vulnerable to man-in-the-middle exploitation.

Familiar banking Trojan Dridex is circulating (mostly in North America) impersonating a PFX certificate file and thereby evading detection by many antivirus programs.

Check & Secure looks at reports of locked devices and bank account theft and thinks it sees the common factor: possible issues with TeamViewer.

WordPress is under active attack as hackers exploit a zero-day in its mobile detector plugin.

The FBI warns that traditional, albeit electronically enabled, extortion is on the rise. Criminals threaten to release stolen, potentially embarrassing information.

Adware insinuated into the Google Play Store targets fútbol fans.

A Washington Redskins trainer’s (apparently unencrypted) laptop containing current, former, and even potential players’ medical information was stolen last month.

Google releases Chrome 51.0.2704.79, fixing fifteen vulnerabilities affecting Windows, Linux, and OS X systems.

In industry news, Blue Coat filed its expected IPO yesterday as Bain Capital takes the company public.

As US schools approach summer vacation, the Air Force Association is offering eighty-five cyber boot camps across the country.

Wired runs an op-ed proposing securitized cyber insurance as a vehicle for improving cyber security (and national behavior in cyberspace).

Notes.

Today's issue includes events affecting Albania, Belgium, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Egypt, Estonia, France, Germany, Greece, Hungary, Iceland, India, Iran, Israel, Italy, Latvia, Lithuania, Luxembourg, Malaysia, Netherlands, Norway, Palestine, Poland, Portugal, Romania, Russia, Slovakia, Slovenia, Spain, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Ben Yelin from the University of Maryland's Center for Health and Homeland Security discusses the long-term legal ramifications of a pending lawsuit against Facebook that involves the company's facial recognition products. We also talk about the state of the cyber profession with Joseph Billingsley, founder of the Military Cyber Professional Association. (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)

Selected Reading

Cyber Trends

Shadow IT 101: Beyond convenience vs. security (CSO) Shadow IT may be IT's fault, but it's security's problem. Here's what you need to know

Surprise! Most IoT products have inadequate security (Help Net Security) While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data, and devices. When security is insufficient in even seemingly harmless household appliances, wearables, or other IoT products, it presents endemic vulnerabilities and risks

The CSO 2016 Security Data Analytics Survival Guide (CSO) What you need to know about how analytics are changing cybersecurity

Are you prepared for future information management requirements? (Help Net Security) While 46 percent of federal information management professionals cite managing all types of information assets, regardless of format, as a priority for their field, many feel unprepared to handle the future requirements of doing so

Security Threats Hiding In Plain Sight (Dark Reading) IT professionals would rather manage external threats than worry about insiders, a recent survey by Soha finds. But singular focus when it comes to security can end up being a costly mistake

Tech moguls declare era of artificial intelligence (Interaksyon) Artificial intelligence and machine learning will create computers so sophisticated and godlike that humans will need to implant “neural laces” in their brains to keep up, Tesla Motors and SpaceX CEO Elon Musk told a crowd of tech leaders this week

BitSight: Looking for the Worst Cybersecurity on Earth? Check Brazil (Payment Week) It’s the kind of thing that should have a lot of people swallowing hard. A new report from BitSight—a security company operating out of Massachusetts—suggests there’s a new low point in cybersecurity when it comes to developed economies

Middle East Practitioners Bullish on New Strategies (InfoRisk Today) Active defence, cybernetics among topics discussed at recent security event

Legislation, Policy and Regulation

As Shangri-La summit looms, Ash Carter shifts focus to China's cyber strategy (Interpreter) Before heading to this weekend's Shangri-La Dialogue in Singapore, US Secretary of Defense Ash Carter addressed recent graduates of the US Naval Academy in Maryland. It's clear that he was there to talk about one thing: China and the rules-based liberal international order

Scholars call for relaxation of cyber rules for academic websites (Global Times) Several academics have called for China to relax cyber supervision of academic websites at a recent conference, saying that the country's strict supervision of the Internet has been detrimental to their research

NATO Weighs Making Cyber Wartime Domain (Defense News) July’s NATO Warsaw Summit will come with a major focus on cyber-related capabilities, and could conclude with a new definition of cyberspace as a warfighting domain – reinforcing the idea that a cyber-attack on a partner could trigger an Article 5 invocation

Maybe Wall Street Has the Solution to Stopping Cyber Attacks (Wired) The next American president will be tasked with deterring foreign government-sponsored cyber attacks against US citizens and companies. And under the current system, that task will be next to impossible

Federal Cybersecurity Has Room for Improvement, a Year After OPM Hacks (FedTech) While technology is critically important for cybersecurity, agencies should take a more holistic approach to security, according to a survey released by (ISC)² and KPMG

USMC wrestles with responsibility of owning network (FCW) In 2013, the Marine Corps took ownership of its computer networks after years of relying on the Navy Marine Corps Intranet. Three years later, the Corps is still training up its acquisition personnel, whose skills had deteriorated in the dozen years prior to that seismic shift in IT management, according to Daniel Corbin, the Corps' chief technology adviser for command, control, communications and computer

SEC Names Hetner to New Senior Cybersecurity Post (ThinkAdvisor) Christopher Hetner will serve as a senior advisor to SEC Chairwoman Mary Jo White on all cybersecurity policy matters

Products, Services, and Solutions

Review: Hot new tools to fight insider threats (Network World) Fortscale protects traditional networks, Avanan works in the cloud, PFU systems focuses on mobile devices

Experian Launches CrossCore Fraud and Identity Services Platform (eWeek) The new technology aims to enable the integration of multiple types of fraud and identity features to help improve security and authenticity

Pwnie Express Announces Ultimate Pentesting and Threat Detection Tablet for Cyber Security Professionals (Marketwired) Combines pentesting tools, industry-first low energy Bluetooth detection software and integrates with SaaS detection platform

Myntex Mitigates Massive DDoS Attacks With Radware Cloud DDoS Protection (Globe Newswire) Myntex has fought back against massive cyber-attacks it has endured from multiple, simultaneous attackers with Cloud DDoS Protection Services from Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud, and software-defined data centers

Deutsche Telekom, MobileIron to launch cloud-based enterprise mobility management platform (Financial News) Deutsche Telekom subsidiary Telekom Deutschland has launched Hosted MDM Basic, a cloud-based enterprise mobility management (EMM) offering built on MobileIron´s (NASDAQ: MOBL) cloud platform, the company said

Contrast Security's Contrast Enterprise (Linux Journal) With more and more businesses running on the Node.js server-side JavaScript runtime environment, application vulnerabilities are a growing threat to entire organizations

Cyber Crime in for a hard time (Times of India) Cyber-security company Symantec Corp. has announced the availability of 'Encryption Everywhere'- a website security package available through web hosting providers

SS8 makes enterprise version of traffic-analysis platform designed for intelligence agencies (Network World) SS8 built its network traffic-inspection and analysis platform as a tool for intelligence agencies to discover communications among criminals and terrorists but now has scaled it back for enterprises to stop data breaches

Endace targets DDOS-backed security breaches (Security Brief) Network monitoring firm Endace is targeting DDOS security breaches, launching its EndaceProbe 8100 Series Network Protectors

Markit strengthens KY3P with BitSight Security Ratings (Finextra) MarkitMarkit (MRKT), a leading global provider of financial information services today announced a partnership with BitSight Technologies, the standard in Security Ratings, to enhance its Know Your Third Party (KY3P) platform

Technologies, Techniques, and Standards

5 Ways To Protect Your Network From New Graduates (Dark Reading) Employers of new grads, this is your assigned reading: Batten down the hatches, they're coming and their security behaviors are appalling

Securing IoT devices (SC Magazine) The Internet of Things (IoT) introduces a large number of new devices that can be a game changer for an organization, but unfortunately many are designed for convenience and functionality without security in mind

Anti-phishing most critical defence against rife CEO email fraud (Register) 'Please', 'thanks', and GUMMY BEARS will win over anyone, scam menacer says

The whys and hows of machine learning for cyber security: does it live up to the hype? (Information Age) Karthik Krishnan, VP Product Management for behavioural analytics firm Niara shares the lowdown on the capabilities of machine learning for protecting the enterprise

10 Ways to Prepare for Cyber-Warfare (CIO Insight) If you cannot see an attack, how are you expected to stop it? If you were a detective in the physical world, would you rather investigate a burglary using random photographs of what might have occurred, or by using surveillance video of the actual event?

Build Security Around Data, Not Perimeters (InfoRisk Today) Oracle's Pickett: perimeter should not be the organizing principle

Marketplace

Cyber risks for utilities, networks, and smart factories escalate (Help Net Security) Three utilities companies in the Ukraine, the Israel National Electricity Authority and most recently a German nuclear power plant have suffered cyber attacks in recent months. As energy, transportation, telecommunication and manufacturing companies become more reliant on automation, robotics and connected networks, they are also increasingly vulnerable to cyber attacks

What is the actual value of a CISO? (Help Net Security) CISO worthFor some people, it’s hard to understand what keeps them up at night. For you, the CISO, things are much clearer. Your 3:47 am thoughts are filled with data breaches, malware, and uninterested employees

‘Vendor overload’ adds to CISO burnout (CSO) A ‘gold rush’ in the development of security products can have CISOs facing more than a thousand product pitches. Experts say the key is to focus on what an organization needs, not what vendors are selling

The 10 Baggers In Cybersecurity (Seeking Alpha) The threat to America's national security does not come from ISIS, Iran, Russia or China. It is an online hack attack. That is the view of General Keith B. Alexander, who recently retired as the head of U.S. Cyber Command after a lifetime in the intelligence business. I discovered a long time ago that a retired general can be one of the most valuable sources of information about long-term capital market trends

Better Buy: FireEye, Inc. vs. Check Point Software (Motley Fool) Two prominent software security programs face off. Which one should you allocate your invesment dollars to?

Palo Alto Networks Inc (NYSE:PANW): Stock Institutional Investors Feel Good About (Wall Street Hints & News) Palo Alto Networks Inc (NYSE:PANW) institutional sentiment increased to 1.51 in 2015 Q4. Its up 0.12, from 1.39 in 2015Q3. The ratio is better, as 300 active investment managers increased or started new equity positions, while 199 decreased and sold equity positions in Palo Alto Networks Inc

Rapid7 CEO Aims to Secure the Future (eWeek) Corey Thomas, CEO of Rapid7, discusses how his company is moving forward post-IPO and balancing the needs of the open-source community with growing the business

Cyber security firm Blue Coat files for IPO (Reuters) Network security company Blue Coat Inc filed with U.S. regulators on Thursday to raise up to $100 million in an initial public offering of common stock

Optiv Security Further Strengthens New England Presence with Acquisition of Adaptive Communications (Dark Reading) Move enables company to better meet the growing cyber security needs of New England businesses

IBM bets its future on cognitive computing (Science Business) After four years of falling revenues, the old-stager of the computer industry is remaking itself around the artificial intelligence machine Watson. A new lab in Munich will spearhead the strategy of using AI to make sense of data from billions of internet-connected devices

Microsoft Ventures Invests Cash in Startups Focusing on Cloud and Security (Windows Report) Microsoft has re-branded its Ventures branch. Now called Microsoft Accelerator, the branch helps start-ups with technology and expertise. The new outfit is also diversifying its focus and will now invest in early-day start-ups, as well

St. Louis adds cybersecurity to stable of accelerator funds (St. Louis Post-Dispatch) Add cybersecurity to the list of fields where St. Louis is trying to build new businesses using an accelerator model

Comilion Named Big 50 Startup for 2016 (BusinessWire) Innovator in cybersecurity collaboration recognized in Startup50 Companies to Watch Report

Nandkumar Saravade Is CEO of RBI's New IT Arm (InfoRisk Today) Security leaders set expectations for the new chief

Security Patches, Mitigations, and Software Updates

Google Chrome update includes 15 security fixes (Help Net Security) Google has released Chrome 51.0.2704.79 to address multiple vulnerabilities for Windows, Linux, and OS X. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

After bricking saga, Apple re-posts iOS 9.3.2 update for 9.7-inch iPad Pro [Updated] (Ars Technica) No word on whether the update fixes iPads that have already been affected

You Should Go Check Facebook’s New Privacy Settings (Wired) Last week, Facebook introduced a way to show ads across the web to everyone, not just its own users. At the same time, it added a new privacy setting for people already on Facebook to limit how their activity on the social network shows up in ads elsewhere. It gets confusing! Here’s what’s up

Cyber Attacks, Threats, and Vulnerabilities

Anti-Israel Boycott Movement Suffers a Slew of Cyberattacks (AP via ABC News) The international movement calling for a boycott against Israel on Thursday said its website was repeatedly attacked earlier this year and raised suspicions that Israel was behind the attacks

Botnet Attack Analysis of Deflect Protected Website BDSMovement.net (eQualit.ie) This report covers attacks between February 1st and March 31st of six discovered incidents targeting the bdsmovement.net website, including methods of attack, identified botnets and their characteristics

KeePass update check MitM flaw can lead to malicious downloads (Help Net Security) Open source password manager KeePass sports a MitM vulnerability that could allow attackers to trick users into downloading malware disguised as a software update, security researcher Florian Bogner warns

New Dridex Version Poses as PFX Certificate File (Softpedia) New trick allows Dridex to bypass antivirus detection

TeamViewer – smells like a hack (Check & Secure) Reports emerged over the last week of users being locked out of their computers and having their bank and PayPal accounts emptied. The common factor connecting many of these is that they are users of TeamViewer, the remote access and control technology used by over a billion people worldwide

WordPress Sites Under Attack from New Zero-Day in WP Mobile Detector Plugin (Softpedia) Over 10,000 sites were exposed to hacking

Dropbox Smeared in Week of Megabreaches (KrebsOnSecurity) Last week, LifeLock and several other identity theft protection firms erroneously alerted their customers to a breach at cloud storage giant Dropbox.com — an incident that reportedly exposed some 73 million usernames and passwords. The only problem with that notification was that Dropbox didn’t have a breach; the data appears instead to have come from another breach revealed this week at social network Tumblr

Adware Invades Google Play Store Disguised as Football (Soccer) Apps (Softpedia) It may be a good idea to stick with the official FIFA app

Extortion schemes expand, threatening consumers and businesses with data leaks (IDG via CSO) Hackers threaten to expose users' personal data if they’re not paid

FBI warns about email extortion attempts following data breaches (Help Net Security) FBI’s Internet Crime Complaint Center has issued a public service announcement warning users about email extortion attempts related to recent high-profile data thefts

Ransomware Scam Profits Not As 'Glamorous' As You'd Think (Dark Reading) Bosses typically make about $90K a year, affiliates much less, Flashpoint study finds

All about your 'fullz' and how hackers turn your personal data into dollars (PCWorld) Piecing together a full financial and medical profile is a hacker's Holy Grail

New Zero-Day Exploit Hits the Malware Market (IBM Security Intelligence) How do black-hat hackers make money from their zero-day exploits? One method is to come up with some sort of wrapper code that would deliver it. The Angler rootkit, for example, has a history of doing this; last year, it introduced four zero-days as a part of its offering while still constantly refreshing its list of new exploits

Anonymous Hacks Spanish Police Server, Leaks Data Against Gag Law (HackRead) A couple of weeks ago a hacker going with the handle of HackBack hacked into the servers of Sindicat De Mossos d’Esquadra (SME) or the Catalan Police Union and leaked highly confidential details of officials as a protest against police brutality

Stolen laptop of Redskins trainer contained players' medical info (ESPN) A laptop containing the medical records of thousands of NFL players was stolen from the car of a Washington Redskins trainer last month, the team said in a statement on Wednesday, confirming a story first reported by Deadspin

Hacked road sign dubs Donald Trump a “shape-shifting lizard” (Naked Security) “Donald Trump is a shape shifting lizard!!” an electronic road sign was informing motorists around Dallas as of Tuesday

Academia

AFA CyberCamps to be Hosted at 85 Locations Throughout the United States (PRNewswire) The Air Force Association's CyberPatriot program closed registration for its AFA CyberCamp Summer 2016 with a record number of camps scheduled. AFA CyberCamps will be held at 85 locations throughout the nation, reflecting a more than 220% growth from the previous year

The Immutability of Math and How Almost Everything Else Will Pass (Forbes) But is downplaying the importance of math a sustainable message for future generations of engineers? Right now, there’s a cultural push to untie the historical link between advanced math and programming that could partially deter engineers from entering the field. But those who have a strong foundation in math will have the best jobs of the future. Let’s stop separating math from programming for short-term relief and, instead, focus on fundamental, unchanging truths with which we’ll engineer the future

Litigation, Investigation, and Enforcement

IT Admin Faces Felony for Deleting Files Under Flawed Hacking Law (Wired) Hacking laws are generally intended to punish, well, hacking—not the digital equivalent of destroying the office printer on the day you quit

Six Things You Need to Know Before Collecting Biometric Information (National Law Review) Illinois and Texas recently enacted laws regulating the collection and use of biometric information (e., information based on an individual’s biometric identifiers, such as iris scans, fingerprints, voiceprints, or facial geometry) and a number of other states, including New York and California, are considering adopting such statutes

With Remote Hacking, the Government’s Particularity Problem Isn’t Going Away (Just Security) Electronic surveillance succeeds because it is secret. When the government seeks to record “what is whispered in the closet,” in the words of Justice Brandeis, it must use clandestine methods. Since at least 1928, when Brandeis wrote his United States v. Olmstead dissent, it has been understood that unseen surveillance also provides a “subtler and more far-reaching means of invasion of privacy” than physical searches. Recognition of this dual nature — effective but invasive — has driven evolution of the law

GCHQ and NSA routinely spy on UK politicians’ e-mails—report (Ars Technica) Microsoft's Office 365 and MessageLabs said to leave MPs' e-mails open to snooping

FBI Kept Demanding Email Records Despite DOJ Saying It Needed a Warrant (Intercept) The secret government requests for customer information Yahoo made public Wednesday reveal that the FBI is still demanding email records from companies without a warrant, despite being told by Justice Department lawyers in 2008 that it doesn’t have the lawful authority to do so

Some officials worry about briefing Trump, fearing spilled secrets (Reuters) Some U.S. intelligence officials are concerned that Donald Trump's "shoot from the hip" style could pose national security risks as they prepare to give him a routine pre-election briefing once he is formally anointed as the Republican presidential nominee

Design and Innovation

How Facebook Raises A Generation Of Intelligence Analysts (Dark Reading) In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time

Facebook’s new DeepText AI understands almost everything we write (Naked Security) “It’s raining! I need a ride!” somebody might wail on Messenger

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cybersecurity and Financial Services: Understanding the Risks (San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing and requires companies to be relentlessly vigilant in not only preventing these attacks, but also in managing them and properly communicating with key stakeholders when they do occur. The webinar panel features renowned financial cybersecurity luminaries including FICO's Chief Analytics Officer; the SVP/GM of FIS, a member of the Fortune 500 and the world's largest global provider of banking and payments technologies; as well as the CIO of Advisor Group, home of one of the largest networks of independent broker-dealers in the US with nearly 6,000 affiliated advisors. Together, they'll discuss all sides of the cybersecurity issue and outline best practices to leverage when faced with these kinds of financial threats.

upcoming Events

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game. The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided.

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Security Opportunities in Turkey Webinar (Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk. Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks.

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.

TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill open positions from companies including BAE Systems, CACI, Deloitte, CGI, Prosync, OnyxPoint, ShoreIT Solutions, Varen Technologies and many more.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.