First VK, now Twitter? Ransomware updates (including one payoff). Malware evasion innovation. NATO thinks cyber. New unicorn appears.
The hacker behind the handle “Tessa88” is offering Twitter credentials for sale in a dark web souk for ten Bitcoin (about $5800). Tessa88 is the same handle associated with the recent VK credential theft. Twitter has been tweeting that it’s confident it wasn’t breached, but evidently a lot of its users were. Many suspect a connection to the LinkedIn, MySpace, and Tumblr breaches.
Data from the LinkedIn breach are being exploited in an unusually specific spearphishing campaign in Europe.
Unconfirmed reports suggest a third-party data breach may have exposed seventy-seven-thousand State Farm accounts.
India continues to investigate the strongly suspected connection between the Danti espionage group and the Chinese government.
Rapid7’s Project Sonar finds more than fifteen million devices with exposed Telnet connections. Belgium is the leader in this vulnerability sweeps.
Researchers at Zscaler shed some light on how documents with malicious macros are incorporating new anti-VM and anti-sandboxing to evade defenses.
One of the older forms of ransomware, Zcrypt, is being upgraded for better evasiveness and more reliable delivery. Other researchers look at commodity ransomware SNSLocker (helped by careless malware coders). Ransomware remains cheap and low-risk cyber crime. The latest victim to pay up is the University of Calgary, which forked over $20,000 (Canadian, roughly $16,000 US) to regain its data.
NATO’s conference in Estonia considers ways of avoiding surprise and improving collaboration. Estonia points out that budget constraints can breed innovation.
The cyber sector welcomes its newest unicorn: Cylance’s Series D round puts its valuation above $1 billion.
Today's issue includes events affecting Albania, Australia, Bangladesh, Belgium, Bulgaria, Denmark, Canada, China, Croatia, Czech Republic, Estonia, France, Germany, Greece, Hungary, Iceland, India, Iraq, Italy, Latvia, Lithuania, Luxembourg, NATO, Norway, Poland, Portugal, Netherlands, Romania, Russia, Samoa, Slovakia, Slovenia, South Africa, Spain, Tajikistan, Turkey, Ukraine, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. This afternoon Joe Carrigan of the Johns Hopkins University discusses backup strategies (particularly timely given recent ransomware incidents). And we'll learn about disposable browsers and security while traveling abroad from our guest, Authentic8's Scott Petry. (We always welcome reviews of our podcasts: you can provide an iTunes review here.)
Cyber Attacks, Threats, and Vulnerabilities
Passwords for 32M Twitter accounts may have been hacked and leaked (TechCrunch) There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached
32m Twitter login credentials stolen from users (Help Net Security) Leaked Source has added 32,888,300 records of Twitter users to its repository of leaked data. The source of the batch is a user who goes by the alias “Tessa88@exploit.im,” who’s been selling the data on a dark web marketplace for 10 bitcoins (around $5,800)
Malware harvesting stored credentials exposed 32 million Twitter accounts (CSO) Twitter wasn't hacked, but its users were
77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack (HackRead) DAC Group, a Toronto-based digital & content marketing agency has suffered a security breach on their server resulting in data theft of 93,000 customer accounts — In normal circumstances it would be just another security breach but what makes this breach exceptional is the 77,000 leaked accounts from Bloomington, Illinois-based State Farm, an American group of insurance and financial services companies in the United States
Chinese hackers may have stolen government info: Experts (Times of India) Chinese cyber espionage group Danti may have breached computers of top-ranking bureaucrats in Delhi and elsewhere, according to cyber security company Kaspersky Labs
Millions Of Systems Worldwide Found Exposed On The Public Internet (Dark Reading) New Project Sonar scans uncover unnecessarily open ports in systems worldwide: Australia, China, France, US, Russia, and UK, among nations most at risk
Over 15 Million Devices Offering Free Telnet Access Found Online (Softpedia) SSH adoption is gaining ground over Telnet
Belgium tops list of nations most vulnerable to hacking (Guardian) Tajikistan comes second, Samoa third and Australia fourth as new ‘heat map of the internet’ reveals which countries are most at risk due to exposed servers
Stolen LinkedIn data used in malware campaign hitting European users (Help Net Security) European LinkedIn users are being targeted with highly personalized malicious emails. It is more than likely that the attackers are misusing the compromised LinkedIn user data that has been recently offered for sale
Malicious Documents leveraging new Anti-VM & Anti-Sandbox techniques (Zscaler) Malicious documents with macros evading automated analysis systems
Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser (Talos) This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising
Fake gaming torrents download unwanted apps instead of popular games (Help Net Security) If you’re looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead
Fast Flux Taken To The Next Level With Zbot Botnet (Dark Reading) Zbot's success rests largely on its makers' ability to take advantage of fast-flux network infrastructure
Vawtrak banking malware – know your enemy (Naked Security) In December 2014, SophosLabs published a paper entitled Vawtrak – International Crimeware-as-a-Service, explaining how cybercriminals have adopted the “Pay As You Go” model that has become so popular in the mainstream technology industry
Slicing Into a Point-of-Sale Botnet (KrebsOnSecurity) Last week, KrebsOnSecurity broke the news of an ongoing credit card breach involving CiCi’s Pizza, a restaurant chain in the United States with more than 500 locations. What follows is an exclusive look at a point-of-sale botnet that appears to have enslaved dozens of hacked payment terminals inside of CiCi’s locations that are being relieved of customer credit card data in real time
Zcrypt Ransomware: Old Wine In A New Bottle (Dark Reading) Malware authors have combined old and new approaches to try and sneak Zcrypt past defenses, Check Point says
Ransomware infector can now dodge Microsoft’s tool for stopping Flash attacks (CSO) A for-hire toolkit used to exploit popular software, such as Adobe’s Flash Player, and spread malware can now bypass a key line of defence that Microsoft offers to enterprise customers
Ransomware Leaves Server Credentials in its Code (Tirate un Ping) While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland façade hid quite a surprise. After looking closer at its code, we discovered that thisransomware contains the credentials for the access of its own server
Deconstructing The Impact Of Ransomware On Healthcare’s IoT (Dark Reading) If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
InfoSec 2016: Malwarebytes – Beware The Growing Ransomware Risk (TechWeek Europe) 2016 is set to be “the year of the ransom” as threat continues to grow, Malwarebytes claims
University pays $20,000 in ransomware attack (Help Net Security) The ransomware plague has hit the University of Calgary, and the academic institution did what many victims do: they paid the ransom to get the encrypted files back
University pays almost $16,000 to recover crucial data held hostage (Ars Technica) "The last thing we want to do is lose someone’s life’s work," official says
U of C ransom payout better than battling hackers, expert says (CBC News) Ransomware schemes becoming more sophisticated while prevention lags
Cyberattacks like U of C ransomware case easy to launch, security expert warns (CBC News) Instructions on how to do ransomware attacks are readily available online
Cloud sharing puts companies' sensitive data at risk, survey says (Engineering & Technology) A new survey has revealed that employees regularly share sensitive company data via cloud-based applications such as Dropbox, Gmail or Facebook, offering hackers easy access to information which could be negatively exploited
The people you trust most could be planning the next big cyber attack on your company (Business Insider) The bigger problem is that most of these attacks are initiated by "insiders," such as employees, business partners, or third party contractors. This chart from Statista, based on data from the IBM report, shows that 60% of all cyber attacks in 2015 were an inside job, with 44.5% of them designed by "malicious insiders"
Protesters hack Iraqi parliament website: ‘Idiots are leading the country’ (Washington Post) First they ransacked parliament, sending the country's lawmakers fleeing for safety. Now, Iraqi protesters have taken their fight against government corruption online, hacking the parliament's website
The Islamic State's Leader in Bangladesh Is Probably Canadian (VICE) The leader of Bangladesh's brutal offshoot of the Islamic State who was recently profiled in IS' official magazine may be Tamim Chowdhury, a former Canadian resident
Hacker Selling Quarter Million State of Louisiana Drivers’ Licence Database (HackRead) Brief: he calls himself “NSA” and he’s selling driver’s licence database of a quarter million+ (290k+) people from the state of Louisiana, United States
No, Acunetix Website was NOT hacked (HackRead) Acunetix website was not hacked — the so-called hacker took advantage of server downtime and used the fake screenshot to prove his defacement
Miscreants breach NFL’s Twitter account, reveal its weak password (Ars Technica) Takeover comes a few days after hijacking of Mark Zuckerberg's Twitter account
NFL Tackles Twitter Account Hijack (Dark Reading) 'Peggle Crew' hacking group claims responsibility, says it stole password from email of social media employee
White hat shows how Better Business Bureau’s site leaked personal data (Ars Technica) Consumer group complains over “unauthorised test," but won't take it further
FTC’s chief technologist gets her mobile phone number hijacked by ID thief (Ars Technica) If it can happen to her, chances are it can happen to lots of people
IoT pushes IT security to the brink (CSO) The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address
2016 CIO Study Results: The Threat to Our Cybersecurity Foundation (Venafi) CIOs admit to wasting millions on cybersecurity that doesn’t work on half of attacks
So Far Not So Good For Internet And Security In 2016 (PYMNTS) The first quarter of 2016 has been an eventful one chock-full of cyberattacks and emerging threats
Infosec is a sham: The reality of IT security (Ars Technica) Op-ed. Infosec numbers don't add up: we need better training, standards, accountability
Enterprises Still Don't Base Vuln Remediation On Risk (Dark Reading) New White Hat study shows critical vulnerabilities aren't fixed any faster than other security flaws
The gaming industry can become the next big target of cybercrime (TechCrunch) Video-game-related crime is almost as old as the industry itself. But while illegal copies and pirated versions of games were the previous dominant form of illicit activities related to games, recent developments and trends in online gaming platforms have created new possibilities for cybercriminals to swindle huge amounts of money from an industry that is worth nearly $100 billion. And what’s worrisome is that publishers are not the only targets; the players themselves are becoming victims of this new form of crime
The journey of cyber defence (BizCommunity) Cybercrime has become a global epidemic from which Africa has not been spared, leaving companies counting losses which range from money to credibility. Corporates across the continent need to take urgent action to prevent these outcomes, but too few are yet making the management changes needed to ward off the threat
A fifth of companies don't tell us about data breaches (IT Pro) However, 74 per cent of companies think they're well protected against data breaches
Conference Board says 'translation gap' is compromising cyber security (News 1130) As cyber criminals continue to find creative ways to compromise your privacy, the Conference Board of Canada is pointing out there is a critical gap in security for many companies in this country and it has nothing to do with technology
Cyber Readiness Means First Building the Work Force (SIGNAL) The world needs at least 1.5 million cybersecurity professionals who do not exist—a labor shortage created by the increase in frequency and severity of cyber attacks and employers all fishing from the same pond, said Michael Cameron, vice president for business development, cyber and cybersecurity at Leidos, at the NITEC 2016 cyber conference
White House: Millennials Won’t Work For Us, So Our Tech Sucks (Vocativ) Report admits that millennial recruits are turned off by the fact that most government offices feature tech that is older than what they have at home
The State of the Bug Bounty: Bugcrowd’s second annual report on the current state of the bug bounty economy (Bugcrowd) What we’re witnessing right now is the maturation of a model that will fundamentally change the way we approach the security, trust and safety of the Internet. Bug bounty programs are moving from the realm of novelty towards becoming best practice. They provide an opportunity to level the cybersecurity playing field, strengthening the security of products as well as cultivating a mutually rewarding relationship with the security researcher community. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few
‘Super Hunters’ Emerge As More Companies Adopt Bug Bounties (Dark Reading) 'Super hunters' chase down vulnerabilities wherever there's a bug bounty payday...and they've become very popular with cybersecurity job recruiters, says Bugcrowd report
Cyber firms: Online peace deal with China hurt our business (FedScoop) Cybersecurity companies are weighing in on whether last year's landmark deal with China has hurt their bottom line. Several say it has
Deep Packet Inspection vendors looking to virtualisation, differentiation as hardware commoditisation takes hold (Vanilla+) Virtualisation and differentiation are the key themes currently dominating the deep packet inspection (DPI) market, says Shira Levine, research director, service enablement and subscriber intelligence, IHS Technology
Cyber-security start-up Cylance raises $100m (Financial Times) Cylance, a cyber-security start-up trying to upend the old world of antivirus software, has raised $100m from investors including private equity firm Blackstone and Insight Venture Partners
Cylance, fighting malicious hackers with AI, hits $1B valuation after raising $100M (TechCrunch) “If you can’t beat them, join them” may not sound like the most encouraging pitch for a cybersecurity company, but a startup called Cylance has created an artificial intelligence-powered brain that essentially does just that, and it has taken off — raising $100 million in a Series D round of funding and catapulting itself into the so-called ‘unicorn’ club of companies with $1 billion valuations
Another AI-Based Security Startup Gains Funding (Datanami) Advanced data analytics and AI techniques such as cognitive intelligence and deep machine learning are finding new applications in the drive to understand and respond to a growing range of cyber security threats as they unfold
Blue Coat IPO Causes Confusion for Analysts (The VAR Guy) Blue Coat could be the third tech company this year to go public, following the announcement that the network security company filed for an IPO last week
Zscaler Positioned as a Leader in Gartner Magic Quadrant for Secure Web Gateways for Sixth Consecutive Year (MarketWired) Zscaler is positioned the furthest for completeness of vision in the leaders quadrant
How the Great Recession helped these Chicago founders find success (Built in Chicago) Most people are familiar with the basic best practices for cybersecurity: use strong passwords with upper- and lowercase letters, symbols, and numbers and don’t use the same password for more than one site. But plenty of us settle for less-than-secure passwords, and how many people do you actually know who never, ever reuse them?
Finjan blasts off after settling with Proofpoint (Seeking Alpha) Finjan (FNJN +13.9%) has settled its infringement suit against security software firm Proofpoint (PFPT +1.6%). As part of the deal, Finjan will receive $10.9M in cash via three payments: A $4.3M up-front payment, a $3.3M payment due on or before Jan. 4, 2017, and a $3.3M payment due on or before Jan. 3, 2018. Other deal terms are confidential
Resilient CEO: IBM acquisition and how Watson can revolutionise cyber security incident response (Computer Business Review) C-level briefing: What IBM’s incident response acquisition tells us about its cyber security plans
Cisco Systems, Inc: Credit Suisse Shows Concern over Management Shuffle (Bidness Etc.) Changes in Cisco Systems’ internal management continue to be a concern, despite the reorganization efforts
Symantec Drives Into Automobile Security (Dark Reading) Automakers quietly begin testing cybersecurity features for connected cars
Tech firms want to save the auto industry—and the connected car—from itself (Ars Technica) We crash test cars, but we don't crash test the code they run
Securing your car from cyberattacks is becoming a big business (Computerworld via CSO) Last year, the auto industry got a warning shot when a Jeep Cherokee was remotely hacked and controlled
Bishop Fox Named "Top Company to Work" for Third Year in a Row (MarketWired) Company has grown into a leading global cybersecurity consulting firm with nearly 80 employees and four U.S. offices; meeting demand for high-level, customized solutions to businesses' most challenging cyber threats
Leidos to support Army with intel analytical sofware (C4ISR & Networks) Leidos has been awarded a slot on an Army contract, with a maximum value of $250 million, to develop analytical software for intelligence analysis
STG wins Cybersecurity contract with U.S. Army (GlobeNewswire) Cybersecurity and Information Assurance support will be provided to NETCOM Cybersecurity Directorate
USAF looks to secure aircraft systems from cyber attack (IHS Jane's 360) The US Air Force (USAF) is moving to enhance the security of aircraft systems in the cyber domain, issuing a broad agency announcement under its Avionics Vulnerability Assessment Mitigation and Protection (AVAMP) programme
Deloitte opens first African Cyber Intelligence Centre (ITWeb) South Africa has become the first country in Africa to host a Deloitte Cyber Intelligence Centre (CIC), which opened in Johannesburg on Wednesday
Products, Services, and Solutions
Nuix and Voci Partner to Deliver Fast, Accurate Speech Transcription and Voice Analytics (PRNewswire) Investigators and legal practitioners can transform audio files into highly accurate, ingestible text, eliminating the need to listen through and manually transcribe recordings
The Chrome extension that hides your screen in plain sight (Naked Securiy) Imagine you’re sitting on an airplane, using webmail to send your marketing plan to your boss, when you notice that the passenger sitting next to you has wandering eyes
Endace partnership with Plixer delivers enhanced deep-dive security forensics (PRNewswire) Integration between Plixer 's Scrutinizer and EndaceProbe network recorders lets analysts pivot from alerts direct to recorded packets for forensic analysis of security events
WatchDox by BlackBerry Email Protector will help businesses keep attachments secure (CrackBerry) BlackBerry has announced a new enterprise software product, WatchDox by BlackBerry Email Protector. It's been designed to help businesses secure files sent via email
Proofpoint Expands Partner Ecosystem with CyberArk and Imperva (GlobeNewswire) Seamless integrations protect privileged users faster, prevent data breaches
PhishMe Launches New ‘Active Threats' Phishing Simulations to Help Combat Ransomware (BusinessWire) Global leader in enterprise phishing defense and intelligence unveils highly anticipated update to help organizations resist Ransomware, Business Email Compromise (BEC) and other timely threats
HPE Unveils Converged Systems for IoT (eWeek) The Edgeline EL1000 and EL4000 systems are part of a larger series of announcements by HPE to address such IoT issues as security and management
Technologies, Techniques, and Standards
Government Framework Offers Cybersecurity (SIGNAL) A threat-centric approach allows networks to establish domains for key functions
HITRUST Pilot Project Advances Cyber Threat Information Sharing to Combat Ransomware, Other Cyber Attacks (Healthcare Informatics) The Health Information Trust Alliance (HITRUST) announced that it’s latest industry pilot project to improve the collection and sharing of cyber threat information is helping aid organizations in reducing their cyber risk
RSA: Organizations Need to Determine Their 'Cyber Risk Appetite' (PRNewswire) Report outlines new framework designed to create stronger cybersecurity objectives by calculating the impact risk has on an organization
The Identity Defined Security Alliance Releases New Integration Framework to Help CISOs Rapidly Build Identity-Centered Security Solutions; Welcomes Two New Technology Members (BusinessWire) Co-founding members Ping Identity and Optiv Security continue evolution of next generation identity and access management solutions
5 Tips for Setting Up A Security Advisory Board (Dark Reading) When a company needs to up its game in security, forming a security board can help
Maslow’s pyramid of cyber deception needs (Help Net Security) In 1943, psychologist Abraham Maslow published his theory of human motivation, which turned into a consensual method to analyze a person’s needs
What is a VPN and do you need one (VPNMentor) Discover how, with the help of VPN, you can watch movies that are blocked in your country, crack into websites that you don’t have access to, hide from the FBI when you download torrents and more
How to Talk to Millennial Travelers About Cybersecurity (Travel Agent Central) With mobile devices forming an integral part of the travel experience, we spoke with an expert on how travelers can stay safe on the road
Design and Innovation
Looking for trouble: How predictive analytics is transforming cybersecurity (Help Net Security) Leading organizations recognize that stringent cybersecurity processes and strong infrastructure, while essential, are not enough to eliminate today’s disparate and ubiquitous threats. So they aim to use predictive analytics to identify and stop potential threats before they can wreak havoc
Op-Ed: The Time Is Now to Prevent a Cybersecurity Workforce Crisis (US News and World Report) We must encourage early exposure to technology and cybersecurity careers within our educational systems
Pwnie Express and Norwich University Identify and Neutralize Cyber Threats at Super Bowl 50 (Marketwired) Pwnie Express, the leader in connected device threat detection, today revealed its successful partnership with Norwich University to identify and neutralize connected device threats during Super Bowl 50
Legislation, Policy, and Regulation
NATO Needs a Wake Up Call, Estonian General Shares at NITEC 2016 (SIGNAL) Europe is asleep at the wheel and needs an awakening before it crashes, warned Lt. Gen. Riho Terras, commander of Estonian Defense Forces
NATO to Invest Billions of Euros to Tap Industry Cybersecurity Know-How (SIGNAL) NATO is dangling roughly 3 billion euros in funding for future cyber-based initiatives to match—and then surpass—the increasingly sophisticated attacks against its 28-member alliance, officials announced Tuesday on the inaugural day of the NITEC 2016 conference
Small Budgets Compel Creative Cyber Solutions, Estonia Official Shares (SIGNAL) Small nation-state budgets aren’t always such a bad thing, offered Ingvar Parnamae, undersecretary for defense investments for the Estonian Ministry of Defense
German MOD Makes Sweeping Changes to Counter Cyberthreats (SIGNAL) NATO allies rely more heavily on industry for solutions to counter attacks on networks, infrastructure
The 'Secret Weapon' to Securing Cyber Could be Just Getting Along, Says DOD CIO (SIGNAL) The key to cybersecurity woes might be found in the relationships created between government and industry, the Defense Department’s chief information officer said
Netherlands cyber capabilities to be stressed at new training site (IHS Jane's International Defence Review) The Netherlands Defence Cyber Command will stress both its defensive and offensive capabilities in a new cyber security training and testing facility
US Homeland Security Could Get Its Own Cyber Defense Agency (Defense One) A panel of House lawmakers want to turn the existing National Protection and Programs Directorate into the Cybersecurity and Infrastructure Protection Agency
FBI wants email privacy act to allow warrantless access to browsing histories (Naked Security) Fixing a “typo” in a law governing domestic surveillance is the top priority for the bureau this year, FBI Director James B. Comey has said
Hacker Lexicon: What Is the Digital Millennium Copyright Act? (Wired) The call for copyright reform in America has grown so loud that Congress has finally heard it. Lawmakers have ordered a slate of studies to look into how to fix what has become a broken system, and activists are cautiously optimistic that this could be the first step toward reform. The source of the fracture? The Digital Millennium Copyright Act
Virginia governor signs budget, kicking off series of cybersecurity programs (StateScoop) Though Gov. Terry McAuliffe won't get all the money he hoped for, the state's new budget still includes millions to support a bevy of cyber-focused initiatives
Litigation, Investigation, and Law Enforcement
Experts: Clinton emails could have compromised CIA names (AP) The names of CIA personnel could have been compromised not only by the hackers who may have penetrated Hillary Clinton's private computer server or the State Department system, but also by the release itself of tens of thousands of her emails, security experts say
FBI claimed Petraeus shared ‘top secret’ info with reporters (Politico) Newly unsealed affidavit sheds light on a probe sometimes compared to that of Clinton emails
One year after OPM cybertheft hit 22 million: Are you safer now? (Washington Post) Are you safer now? That’s the question for the 22 million federal employees and others whose personal information was stolen by cyberthieves from the Office of Personnel Management (OPM) in a heist announced one year ago
FBI Alerted Banks About Hacks After Bangladesh Heist (Dark Reading) Authorities said cyber group that hit Bangladesh Bank was likely planning more attacks
Cyber criminals targeted by Darktrace and NCC alliance (Cambridge News) Darktrace and NCC have teamed up to combat targeted cyber-security threats
Morgan Stanley To Pay $1 Million SEC Fine For Security Lapse (Dark Reading) Wall Street bank penalized for violating Safeguards Rule leading to theft of customer data
Journalist convicted on hacking charges tries to stay out of prison during appeal (Ars Technica) Keys convicted of passing CMS login that resulted in brief defacement at LA Times
For a complete running list of events, please visit the Event Tracker.
ISS World Europe (Prague, Czech Republic, Jun 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.
New York State Cyber Security Conference (Albany, New York, USA, Jun 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.
LegalSEC Summit 2016 (Baltimore, Maryland, USA, Jun 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers.
SecureWorld Portland (Portland, Oregon, USA, Jun 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Cybersecurity and Financial Services: Understanding the Risks (San Diego, California, USA, Jun 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing and requires companies to be relentlessly vigilant in not only preventing these attacks, but also in managing them and properly communicating with key stakeholders when they do occur. The webinar panel features renowned financial cybersecurity luminaries including FICO's Chief Analytics Officer; the SVP/GM of FIS, a member of the Fortune 500 and the world's largest global provider of banking and payments technologies; as well as the CIO of Advisor Group, home of one of the largest networks of independent broker-dealers in the US with nearly 6,000 affiliated advisors. Together, they'll discuss all sides of the cybersecurity issue and outline best practices to leverage when faced with these kinds of financial threats.
SIFMA Cyber Law Seminar (New York, New York, USA, Jun 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.
Cleared Job Fair (Tysons Corner, Virginia, USA, Jun 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, Jun 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’
Show Me Con (St. Charles, Missouri, USA, Jun 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint
CISO DC (Washington, DC, USA, Jun 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Security Opportunities in Turkey Webinar (Online, Jun 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk. Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks.
The Security Culture Conference 2016 (Oslo, Norway, Jun 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.
TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, Jun 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill open positions from companies including BAE Systems, CACI, Deloitte, CGI, Prosync, OnyxPoint, ShoreIT Solutions, Varen Technologies and many more.
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, Jun 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.
Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, Jun 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.
Cyber 7.0 (Laurel, Maryland, USA, Jun 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.