The CyberWire Daily Briefing 06.06.16

Summary

By The CyberWire Staff

The latest round of attacks in South Asia cyberspace came to light at the end of last week as FireEye reported that hackers operating from Pakistan posed as journalists in a spearphishing campaign targeting Indian civil servants. The bait was purported news about their pay (referencing the Seventh Pay Commission); the payload was BreachRAT. The threat group is believed to have been active for several years in campaigns against the Indian government and Pakistani dissidents.

Continuing investigation of the Bangladesh Bank fraud suggests that the New York Federal Reserve Bank rejected thirty-five bogus transfer requests before releasing $81 million to the thieves. More observers are convinced that North Korea’s government is implicated in the theft.

Criminals are giving Android security a close look. Among other things, they’re looking at ways to exploit the UsageStatsManager API. And Github is serving as their collaborative R&D platform.

Russian IT security companies have developed monitoring apps that raise privacy concerns (but not within the Russian government).

The war against ISIS proceeds. Observers characterize US cyber operations against ISIS networks as obvious battlespace preparation. ISIS itself shows signs of autocannibalism as its leaders’ mutual mistrust grows.

In a gift to those who treasure anxiety, Carnegie-Mellon offers the ten riskiest emerging technologies: augmented reality, smart homes, enterprise 3D printing, networked dashboard telematics, smart medical devices, smart robots, smart sensors, commercial drones, driverless cars, and car communications.

Germany prepares to restrict BND surveillance. UK observers wonder if similar restriction of GCHQ are likely to have any effect.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Canada, China, Germany, India, Iraq, Democratic Peoples Republic of Korea, Pakistan, Russia, Saudi Arabia, Syria, Turkey, United Kingdom, United States

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Malek Ben Salem (of our research partner Accenture) on the challenges identity poses for the Internet-of-things. We'll also interview our guest Zach Schuler from Zinjio on his company's innovative training videos. (And we welcome iTunes reviews.)

Selected Reading

Cyber Trends

From Hunted to Hunter (Raytheon) Raytheon survey reveals much cyber defense comes after an attack

Human error more damagaing than cyber attacks (Charity Digital News) Figures obtained by Egress Software Technologies via a Freedom of Information (FOI) request to the Information Commissioner’s Office (ICO) highlight a concerning upward curve in reported data breach incidents, with human error remaining the main cause

Was Sicherheitsexperten derzeit den Schlaf raubt (IT-Markt) Komplexer Stuxnet-Doppelgänger, schädliche E-Glimmstängel und die schönsten Bedrohungskarten im Netz. Die Redaktion hat die Neuigkeiten zu Cybercrime und Cybersecurity der Woche zusammengefasst

Cyber security a growing threat in aviation (My Broadband) Protection against cyber attacks is becoming a growing challenge in the aviation industry, according to Tony Tyler, CEO of the International Air Transport Association

Unsurprisingly, malware incidents set to grow (Help Net Security) Up to half of US organizations have experienced malware attacks which have had a severe impact on their business operations, according to new research by IDG Connect

Legislation, Policy and Regulation

The US is 'almost certainly' trying to hack ISIS before launching ground operations (TechInsider) The US military is "almost certainly" trying to hack ISIS before a major ground operation kicks off, according to a cybersecurity executive with close ties to the military

Islamic State kills dozens of its own in hunt for spies (AP) In March, a senior commander with the Islamic State group was driving through northern Syria on orders to lead militants in the fighting there when a drone blasted his vehicle into oblivion

Money Laundering, Cyber Theft: Where Won't North Korea Go? (Diplomat) The U.S. Treasury Department sees North Korea as a top “money laundering” concern

Will US Money-Laundering Designation Hurt North Korea? (Diplomat) Is the new move a game changer, or more of the same?

Thinking through the threat of cyber war (Business Insurance) Sound risk management requires its practitioners to perform many tasks, and to perform them well. Some are obvious, like making sure insurance purchased adequately covers the exposures involved. Others may not be so obvious

The ‘Little Boy’ of Cyberspace (Foreign Policy) Academy Award winner Alex Gibney on how cyber weapons like Stuxnet are changing the future of war -- and why Washington isn't prepared for the fallout

German government agrees to reform BND spy agency - sources (Reuters) Germany's coalition government on Friday agreed to tighten controls over the country's BND spy agency and impose new legal restrictions on its surveillance activities, according to sources familiar with the agreement

Letters prove GCHQ bends laws to spy at will. So what's the point of privacy safeguards? (Register) Something to bear in mind as Snoopers' Charter looms

Private sector should lead Canada’s cyber security strategy, say experts (IT World ) In the global war against crime Canada is one of a number of countries with a national cyber strategy, aimed at strengthening important departments and working with the private sector to shore up critical infrastructure

No more hoarding zero days (The Hill) Imagine how angry you would be if you found out that the last time someone stole your banking information something could have been done to stop that from happening. Or, better yet, how violated you would feel if some creepy digital predator was able to take over your family's home surveillance system only because someone failed to update the system's security settings?

Without solid training options, mysterious Cyber Command remains a work in progress (Military Times) The military's demand for cyber capabilities is soaring. Defensive and offensive operations, including those targeting the Islamic State group, are occurring with greater frequency. There's talk of elevating U.S. Cyber Command's profile within the Defense Department. And yet six years after its creation, the organization does not have a training environment for large-scale exercises and to evaluate the readiness of its force

Tackling Cyber Warfare (Defense News) Matthew Swartz, executive director of the Navy’s Fleet Cyber Command, discusses his work as manager for “Task Force Cyber Awakening," the Navy’s approach and response to cyber security

Interview: Matthew Swartz, Executive Director and Command Information Officer, US Fleet Cyber Command/10th Fleet (Defense News) The Task Force Cyber Awakening. If you know what that is, you probably understand the grand potential in terms of impact, and if you don’t know what it is, you are probably intrigued by the name alone. Matthew Swartz led the effort, which sought to nail down the true state of the Navy’s cyber posture and now — eight months after the initiative wrapped — is putting those lessons learned into practice

Security Industry Association Names Legislators of the Year: Reps. John Ratcliffe, Susan Brooks and Rick Larsen (PRWeb) Reps. John Ratcliffe, Susan Brooks and Rick Larsen have advanced cybersecurity and school safety initiatives

Products, Services, and Solutions

Encryption launched by Symantec for Web Hosting Companies (SirG) ecurity major Symantec recently launched the Encryption Everywhere, an encryption, and security package that can be used by web hosting companies. It aims at providing better safety and security for web hosts and therefore the clients who use web hosts for their websites

Verizon Launches IoT Solution for Water Utilities (CivSource) Verizon has launched a new IoT offering for water utilities that is part of the company’s broader on-demand IoT platform for utilities. The platform will support electric, water and gas services and has been in development for the past two years

Dashlane Launches 'Dashlane Business'; Robust Enterprise Identity Access Management Solution (Sys-Con Media) Dashlane, the award-winning password manager and leader in online identity management, announces the launch of Dashlane Business. Dashlane Business is a user-friendly and easy to deploy solution that provides IT managers with complete access control and password management capabilities at both the user and group level

Atari is embracing the Internet of Things with new smart home devices (TechCrunch) Admittedly, Atari isn’t the entertainment powerhouse it once was. The company has spent the last few years digging attempting to reinvent itself after declaring bankruptcy in 2013, focusing largely on mobile gaming plays and casino deals. Now the one-time gaming juggernaut is lending its legendary name to a line of connected home devices. It’s not exactly a new console, sadly

Technologies, Techniques, and Standards

The Art of Intelligent Deception in Cyber Security (Information Management) While tools that protect a network’s perimeter are undoubtedly an important part of an organization’s security architecture, no solution – whether it’s a firewall or antivirus software – can prevent every attack. This is because it’s not an even fight

How to shift the economic balance of cyber attacks (CSO) A harsh reality for the information security sector is that the businesses we are asked to protect are battling businesses that are built to attack

BYOD Security: How To Shift Device Control & Grant Users More Choice (Dark Reading) Gartner's 'managed diversity' model offers an ITIL-compliant information security solution to the problem of Shadow IT

The security concerns of free email service provider use (Help Net Security) Thanks to modern collaboration tools, today’s workforce can be more secure, efficient and powerful than ever. However, leading organizations recognize that security threats are evolving, and agree that mitigating cyber risks is a job for everyone — from the sales team up to the board of directors. Yet, a recent Ponemon study found that 35% of board members admit cyber security is not on their agenda and 26% reported having minimal to zero cyber security knowledge

9 reasons why your security awareness program sucks (CSO) As a person who primarily focuses on the human aspects of security and implementing security awareness programs, people are surprised when I am neither upset nor surprised when there is an inevitable human failing. The reason is that I have come to the conclusion that most awareness programs are just very bad, and that like all security countermeasures, there will be an inevitable failing

Connected Cars: 6 Tips For Riding Safely With Onboard Devices (Dark Reading) Carnegie Mellon researchers note that the cheaper the after market device, the easier it can be hacked

How can you be a good security researcher (Techworm) So You Want to Be a Security Researcher? Here is how its done!

Marketplace

Are buyouts the new IPOs? (TechCrunch) Buyouts may replace IPOs as the exit of choice for tech companies in the coming months. This comes as the number of startups unable to exit into a frozen market continues to grow. With only two tech IPOs so far in 2016, and poor market returns for the majority of those already public, companies are turning elsewhere to cash in on their efforts. Just this week, analytics firm QLik was

The CISO Job Market in 2016: Time to Jump Ship? (IBM Security Intelligence) For CISOs that are even remotely considering switching jobs, the sky appears to be the limit. A quick search of job offers for CISOs returns thousands of results, and there should only be more to come as organizations realize the importance of having a security leader firmly ensconced in the enterprise.

Stock Update (NASDAQ:FEYE): FireEye Inc Cyber Security Coalition Adds 12 New Technology Partners, Leads Simplification of Security Within FireEye Global Threat Management Platform (Smarter Analyst) FireEye Inc (NASDAQ:FEYE), the leader in stopping today’s advanced cyber attacks, today announced the addition of 12 new technology partners to the FireEye® Cyber Security Coalition (CSC) — an ecosystem designed to simplify customers’ complex security environments via the intelligence-led FireEye Global Threat Management Platform

Symantec lays out details of its cost-cutting plan (CIO Dive) A large part of the cost savings will come from moves such as outsourcing back office positions to India and cutting about 1,200 employees, Andrew Nowinski, Piper Jaffray senior research analyst, told CRN

Check Point Trouncing Palo Alto as Investors Dump Growth Stocks . (Bloomberg via Yahoo! Finance) Check Point Software Technologies Ltd., the world’s top firewall provider, grew at a fraction of the pace of its upstart rival, Palo Alto Networks Inc. last year. In today’s stock market, that’s a plus

3 Things Investors Need to Know About IBM (Motley Fool) There's more to the story than the headline numbers and a scary stock chart

Akamai's Impressive Cloud Connectivity And Security Solutions Make It A Compelling Buy (Seeking Alpha) Cloud solutions are the future of an economy moving towards digitization. AKAM's product platforms are trying to offer solutions to some of the most pressing challenges in the space of digital security and cloud based data management. Strong numbers in fiscal 2015 show the company's ability to develop sustainable solutions in a field where data management and security is fast becoming a major inflection point for corporations

Cybersecurity Firm, Praesidio, Announces New Company Name DefenseStorm and Product Offerings Amid Unprecedented Success and Growth. (PRWeb) The leading security data platform provider for financial institutions, announces company will operate under a new name and expand their product offerings beyond the financial sector

LogicNow GM outlines three-year goals for MSPs post SolarWinds acquisition (Channelnomics) GM tells Channelnomics of priorities for LogicNow following its buyout

root9B Awarded Subcontract Supporting U.S. CYBER COMMAND (PRNewswire) root9B, a root9B Technologies (OTCQB: RTNB), company and leading provider of advanced cybersecurity services and training for commercial and government clients, announced today that it has been awarded a subcontract from prime contractor Science Applications International Corporation (SAIC). The USCYBERCOM multiple award, indefinite-delivery/indefinite-quantity (IDIQ) contract awarded to SAIC, has a period of performance of 5 years, and a ceiling value of $460 million for all awardees

Naval Research Lab wants cyber risk help (FCW) A draft request for information from the Naval Research Laboratory for cyber risk management services

Kudelski Group will expand HQ to Phoenix (Arizona Business Magazine) Digital content distributor and security firm, Kudelski Group (SIX:KUD.S), is opening its second global headquarters in Phoenix

Chris Inglis Elected to KEYW’s Board of Directors (Globe Newswire) The KEYW Holding Corporation (NASDAQ:KEYW) announced today the election of John C. (“Chris”) Inglis to its Board of Directors. The Board also appointed him to the Nominating and Governance Committee

Security Patches, Mitigations, and Software Updates

WordPress Patches Zero Day in WP Mobile Detector Plugin (Threatpost) A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability

Lenovo urges users to remove updater app from computers after critical flaws exposed (International Business Times) Major consumer PC manufacturer Lenovo is urging users to remove one of its updater applications that comes pre-installed in dozens of Lenovo laptop and desktop PC models following a damning report showing that security vulnerabilities in the app would make it possible for hackers to easily hijack the system

Now you can Google yourself into better privacy and data protection (Naked Security) Want to find out everything Google knows about you? Well, you can just Google yourself!

Bing's Malware Warnings Get More Specific (eWeek) Microsoft will alert users of its search engine not only when they're about to visit dangerous Websites, but also what types of malware await them

Cyber Attacks, Threats, and Vulnerabilities

Pak-based group behind cyber attacks on government officials: FireEye (Times of India) The suspected Pakistan-based threat group has been active for several years, conducting suspected intelligence collection operations against South Asian political and military targets

Pakistani hackers masquerade as media in anti-India cyber campaign: Report (Washington Times) Pakistani hackers posed as members of the press in an effort to compromise the computers of government officials in India, an American cybersecurity firm said Friday

Seventh Pay Commission: Know how Pak based cyber attackers lured Indian govt officials (One India) At a time when Central government employees are waiting for the implementation of Seventh Pay Commission, a shocking information has come to light. Reportedly, a Pakistan based cyber attackers are luring Indian government officials with emails referencing Pay Commission

Exclusive: NY Fed first rejected cyber-heist transfers, then moved $81 million (Reuters) Hours before the Federal Reserve Bank of New York approved four fraudulent requests to send $81 million from a Bangladesh Bank account to cyber thieves, the Fed branch blocked those same requests because they lacked information required to transfer money, according to two people with direct knowledge of the matter

Malware Finds New Ways to Bypass Security Controls on Android 5.0 and 6.0 (Softpedia) Crooks leverage the UsageStatsManager API for evil deeds

Malware devs scour GitHub for new ideas for bypassing Android security (Help Net Security) Android malware developers are misusing techniques unearthed in GitHub projects to bypass security measures introduced in the latest versions of the mobile OS

Russian hi-tech spy devices under attack over privacy fears (Interaksyon) New Russian technologies, including phone call interception and a facial recognition app, have stirred a fierce debate about privacy and data monitoring. Infowatch, a Moscow-based IT security company managed by businesswoman Natalya Kasperskaya, found itself in hot water last month after it revealed it had invented a system that companies can use to intercept employees’ mobile phone conversations

Will the next major data breach start on mobile? (Help Net Security) Over the past few years, we have seen a spike in major data breaches from noteworthy businesses such as Target, Home Depot, and Sony (to just name a few). While data breaches continue to dominate headlines, the news often focuses on the cost to the business and consumers. What is often missing are the details on how attackers gained access to the organization in the first place

Need to bypass Google's two-factor authentication? Send a text message (CSO) Do you cover these types of threats in your awareness training? If not, you should

GhostShell is back and leaked 36 million records (Security Affairs) GhostShell is back and leaked 36 million records from vulnerable networks to invite experts to pay attention to the new MEAN Stack

New FastPOS Malware Focuses on Data Exfiltration Speed (Twrix Technology News) FastPOS is the name of a new malware family discovered by Trend Micro that uses a unique approach to data exfiltration, focusing on getting the stolen credit card data as soon as possible to one of its servers

A new WordPress plug-in exploit endangers thousands of websites (IDG via CSO) WP Mobile Detector flaw allowed hackers to install malicious files on servers

Irongate malware targets industrial systems, avoids detection (ZDNet) The unusual malware has been specifically designed to target the core systems cities rely on

FireEye Caught Sneaky Malware Targeting Siemens Industrial Systems (Fortune) Testing for a cyberattack?

ICS-focused IRONGATE malware has some interesting tricks up its sleeve (Help Net Security) FireEye researchers discovered a malware family that’s obviously meant to target ICS systems, but found no evidence that it was ever used in the wild

Windows PC makers hang customers out to dry with flawed crapware updaters (ComputerWorld) Investigation finds Windows OEMs guilty of 'egregious' omissions in basic security

Thousands targeted by 'ransomware' email scam which copies AGL Energy bills (Sydney Morning Herald) A destructive scam email that infects computers and holds them hostage has successfully targeted at least 10,000 Australians since it was detected this week, a cybersecurity analyst says

Destructive BadBlock ransomware can be foiled (Help Net Security) If you have been hit with ransomware, you want that malware to be BadBlock – but only if you haven’t restarted your computer

Updated CryptXXX Ransomware Big Money Potential (Threatpost) CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals

Researchers Uncover Affiliate Network for Ransomware (Threatpost) Ransomware as a business is maturing and nowhere is that better illustrated than in Russia, according to Flashpoint researchers. The security firm released two reports on Thursday, one on a burgeoning ransomware-as-a-service business model (PDF) in Russia and the second on new developments in Russian ransomware kingpins targeting hospitals (PDF)

Understanding Angler Exploit Kit – Part 1: Exploit Kit Fundamentals (Palo Alto Unit 42) Generally speaking, criminal groups use two methods for widespread distribution of malware. The most common method is malicious spam (malspam). This is a fairly direct mechanism, usually through an email attachment or a link in the message to the malware. However, malspam requires some sort of action by the user to be successful (for example, opening an attached file).

Microsoft: Flash Content Found on 90 Percent of All Malicious Web Pages (Softpedia) Microsoft has issued a smaller report to summarize the mammoth 160-page bi-annual Security Intelligence Report (Volume 20) released at the start of May

Bkav: Router holes pose major risk (Vietnamnet) Bkav Technology Group has recently announced the results of its research on the security status of routers worldwide, finding that around 300,000 in Vietnam are at risk

Zuckerberg’s Twitter, Pinterest, LinkedIn accounts hacked (TechCrunch) Facebook founder Mark Zuckerberg has been targeted by hackers who were yesterday able to briefly gain control of several of his social media accounts, some of which were defaced

Mark Zuckerberg's Twitter and Pinterest password was 'dadada' (Register) 'Idiotic' doesn't even come close to describing this

Another Day, Another Hack: User Accounts of Dating Site Badoo (Motherboard) User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth

Banks: Credit Card Breach at CiCi’s Pizza (KrebsOnSecurity) CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang

How cyber criminals target their victims (My Broadband) Young and older people display different behaviours that make them targets for cyber criminals who are intent on stealing money from their bank accounts, says an expert

Sh0ping.su Hacked, Thousands of Credit Cards and Accounts Leaked (HackRead) The year 2016 has been hard on internet users and websites alike since more than 1,076 data breaches have occurred. The latest one is ShOping.su previously known as ShOping.net, a Dark Net platform where hackers and cyber criminals sell hacked and stolen accounts. Recently, someone decided to take care of the stolen data stored on ShOping.su’s server by stealing thousands of accounts and putting it for sale online – But days after the hackers decided to leak the data to the public

Reale Gefahr, aber kein Hauptangriffsziel (CRN) Mit Schadcode infizierte E-Zigaretten und Ladestationen können zum Datendiebstahl missbraucht werden. Das davor warnende Bundesamt für Sicherheit in der Informationstechnik rudert allerdings zurück: Im Fokus stehen USB-Geräte bei Hackern nich

Cyber-attack has Cowboys Casino scrambling (CBC) Incident could affect 1,600 customers, 300 staff

Litigation, Investigation, and Enforcement

Dozens in Russia imprisoned for social media likes, reposts (AP) Anastasia Bubeyeva shows a screenshot on her computer of a picture of a toothpaste tube with the words: "Squeeze Russia out of yourself!" For sharing this picture on a social media site with his 12 friends, her husband was sentenced this month to more than two years in prison

France’s Infamous Undead Jihadist Recruiter (Daily Beast) Omar Diaby, a.k.a. Omar Omsen, attracted scores of French fighters to Syria. Then, last year, he was reported killed. Now, it turns out, that wasn’t true

House Committee Investigates Federal Reserve Cyber-Attacks (PC Magazine) A Reuters report into cybersecurity at the Federal Reserve triggers a House committee investigation into the Federal Reserve's security protections

Chinese tech giant Huawei under U.S. investigation for North Korea ties (UPI) The United States has previously called the tech firm a security threat

FBI: Our Malware Sends Unencrypted Evidence, and That's a Good Thing (Motherboard) The FBI is facing plenty of controversy over its Network Investigative Technique (NIT), the innocuously-named malware it used to identify thousands of anonymous users viewing images of child abuse on a hidden darkweb site called Playpen

Newspaper industry asks FTC to investigate “deceptive” adblockers (Naked Security) Fearing that online publishers may be on the losing side of their battle with commercial adblockers, the newspaper publishing industry is now seeking relief from the US government

Cold callers in the US found guilty of 99 MILLION illegal calls (Naked Security) Whenever we write about DNC, short for “Do Not Call,” or whatever the equivalent database is called in your country, people are understandably sceptical that the process will ever work

Amazon cracks down on fake reviews, goes after sellers (Naked Security) Fake reviews stink. Amazon.com’s been on the warpath about this for years now, and according to GeekWire, it’s just opened a new front: going after the sellers who buy those phony reviews

Design and Innovation

How Risky Is Bleeding Edge Tech? (Dark Reading) Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk

Software-defined perimeter security for cloud-based infrastructures (GCN) A hackathon is a generic industry term used to describe online or in-person events where people work collaboratively on software development. They don’t always yield perfect solutions, but they often result in major advances on tough problems

Artificial intelligence is changing SEO faster than you think (TechCrunch) By now everyone has heard of Google’s RankBrain, the new artificial intelligence machine learning algorithm that is supposed to be the latest and greatest from Mountain View, Calif. What many of you might not realize, however, is just how fast the SEO industry is changing because of it

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

LegalSEC Summit 2016 (Baltimore, Maryland, USA, June 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers.

upcoming Events

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Cybersecurity and Financial Services: Understanding the Risks (San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing and requires companies to be relentlessly vigilant in not only preventing these attacks, but also in managing them and properly communicating with key stakeholders when they do occur. The webinar panel features renowned financial cybersecurity luminaries including FICO's Chief Analytics Officer; the SVP/GM of FIS, a member of the Fortune 500 and the world's largest global provider of banking and payments technologies; as well as the CIO of Advisor Group, home of one of the largest networks of independent broker-dealers in the US with nearly 6,000 affiliated advisors. Together, they'll discuss all sides of the cybersecurity issue and outline best practices to leverage when faced with these kinds of financial threats.

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Security Opportunities in Turkey Webinar (Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk. Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks.

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.

TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill open positions from companies including BAE Systems, CACI, Deloitte, CGI, Prosync, OnyxPoint, ShoreIT Solutions, Varen Technologies and many more.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.