The CyberWire Daily Briefing 06.16.16

Summary

By The CyberWire Staff

Someone calling himself, herself, or themselves “Guccifer 2.0” claims responsibility for the DNC hack and dumps a couple hundred pages of apparent Democratic Party opposition research on presumptive Republican US Presidential nominee Donald Trump. Guccifer 2.0 also takes a verbal shot at CrowdStrike, calling its attribution of the hack to Fancy Bear (GRU) and Cozy Bear (FSB) sloppy. CrowdStrike stands by its attribution.

An ISIS recruiter is prosecuted in Germany. US investigators turn up more online jihadist rhetoric from the Orlando shooter. Various Anonymous operators troll ISIS-sympathizing Twitter accounts with alternative content. Anonymous may also have hit the Internet Archive (home of the Wayback Machine) with a denial-of-service attack in apparent protest against the persistence of ISIS-themed material therein.

The US steps up its own anti-ISIS campaign with Joint Task Force Ares, a cyber unit formed for that purpose.

Kaspersky Lab publishes its report on xDedic, a black market for server access run by Russian-speaking operators.

Telegram calls hogwash on the vulnerability Iranian researchers claim to have found in the messaging service. Telegram says the bug is bogus. The two researchers, Sadegh Ahmadzadegan and Omid Ghaffarinia, are among the seven under US indictment for attacks on the Bowman Street Dam and various financial sector targets.

Researchers find flaws in Cisco small business Wi-Fi routers. The bugs will be patched next quarter.

Observers think Bad Tunnel the most bug fixed this Patch Tuesday. Another Patch Tuesday fix, MS 16-072, may expose Group Policy settings.

Swiss police make a Panama Papers arrest.

Notes.

Today's issue includes events affecting Australia, Brazil, China, European Union, France, Germany, India, Iran, Italy, Republic of Korea, Kosovo, Malaysia, Panama, Russia, Singapore, South Africa, Spain, Switzerland, United Kingdom, United States, and and Zimbabwe.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Dr. Vikram Sharma from Quintessence Labs will explain quantum key distribution. And our guest is Michael Covington from Wandera, who'll discuss the problem of online stores leaking customer data (maybe you should beware discount Ray Bans and Oakleys). (As always, if you listen to the Podcast, we like hearing from you: you can provide an iTunes review here.)

Sponsored Events

Cyber Security Summit (Washington, DC, USA, June 30, 2016)

Selected Reading

Cyber Trends

Booz Allen Industrial Cybersecurity Threat Briefing (Booz Allen Hamilton) Threats to industrial control systems are on the rise. This briefing explores potential threats and vulnerabilities as well as what organizations can do to guard against them

The spy who hacked me: Evildoers love IoT’s weak security (ReadWrite) With the explosive growth of the Internet of Things (IoT), both spies and hackers are feasting on a new universe of poorly secured technology

Can you see and control IoT devices on your network? (Help Net Security) While the majority of IT pros acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them, according to ForeScout

DDoS defenses have been backsliding but starting a turnaround, Gartner says (Network World) After a surge by attackers, DDoS defenders are battling back

Deloitte Identifies 14 Business Impacts of a Cyberattack (PRNewswire) The global leader for cyber risk services suggests that current market valuation of cyber incident impact is grossly underestimated

Cybersecurity not just the domain of cyber pros, DISA officials say (C4ISR & Networks) While the spotlight on cybersecurity has been magnified and the Internet of Things has made almost any item connectable to a network, ownership of protecting the network can no longer be limited to just cybersecurity professionals

Legislation, Policy and Regulation

The West Must Respond to Russia´s Increasing Cyber Aggression (Defense One) As Russian hackers take center stage in the pantheon of cyber adversaries, NATO needs to step up

Inside the Slow Workings of the U.S.-China Cybersecurity Agreement (Wall Street Journal) Getting the world’s two largest powers to work together on a subject as touchy as cybersecurity was always bound to be difficult

Regulators to Tighten Cyberdefenses as Attacks in Asia Increase (Wall Street Journal) Lower reporting requirements mean some companies have underestimated cyberthreats

Making States Responsible for Their Activities In Cyberspace: The Role of the European Union (Council on Foreign Relations) It’s cliché to say that we are increasingly dependent on internet-enabled technologies. Nevertheless, Europe is struggling to keep up. Shrinking budgets limit European countries’ ability to invest in building resilience against cyberattacks. The interconnectedness of critical infrastructure, along with the coming internet of things, forces European policy makers to consider the following question: how we protect and create resilient critical infrastructure?

House duo pair up to stop warrantless "backdoor" spying on Americans (ZDNet) The bill would prevent the NSA from using a loophole to spy on Americans' data, despite constitutional protections

DHS cyber role elevated in new legislation (Federal Times) The Department of Homeland Security is likely to expand its role and profile as the lead agency in the federal government for cybersecurity

Blockchain Catches a Righteous Break and Avoids Becoming Unchained (JDSupra) Just before the 2016 Memorial Day holiday weekend in the United States, which falls at the end of May, news outlets reported that the bipartisan effort to revolutionize the regulation of cryptography in the United States was sewed up in its hammock and tossed overboard. Senators Richard Burr and Dianne Feinstein, a Republican and Democrat respectively, sponsored a bill which began circulating within the Senate Intelligence Committee earlier in the year. The Compliance with Court Orders Act of 2016 (“CCOA”), which was met with absolute disdain by cryptographers and could not garner the support of the White House, may have constructively prohibited cryptography in the United States

Need a New Security Clearance? Here Are 5 Things You Should Know (Defense One) If you work for the government, you need to understand the process and the terminology

Products, Services, and Solutions

HyTrust adopts Cryptsoft KMIP technology (Financial News) HyTrust has adopted the OEM key management interoperability protocol (KMIP) solution from Cryptsoft for its cloud, virtual machine encryption and boundary controls solutions, the company said

GTRI Announces Insider Threat Security Solution (BusinessWire) Security solution provides organizations with the tools to take action against attacks that affect data, reputation, safety and the bottom line

Wombat Security Launches Security Essentials for Executives Training Module (Marketwired) New role-based training designed to educate leaders and decision makers

SafeNet Assured Technologies Smart Card 650 Receives National Security Agency Certification for use in Defense Networks (PRWeb) Smart Card 650 allows agencies to securely share and access classified information

Fortinet (FTNT), Telefonica (VIV) Enter Managed Security Services Alliance (Street Insider) Telefonica (NYSE: VIV) and Fortinet (Nasdaq: FTNT) announced a strategic alliance agreement that will add Fortinet's Security Fabric architecture into Telefonica's portfolio of managed security services

Proofpoint Stops Social Media Customer Service Phishing with Industry-First Protection (Globe Newswire) Patent-pending social media security defuses Angler Phishing to safeguard customer care from fake customer service accounts and credential loss

Technologies, Techniques, and Standards

Three Ways to Thwart Hackers' Attempts at Persuasion (American Banker) Thanks to movies and crime shows, we often think of cybercriminals as antisocial computer whizzes with impeccable typing abilities, an affinity for baggy hoodies and a multimonitor computer setup illuminating their dark hideouts. But instead of focusing on the fraudster's technological knowledge, picture the criminal as a sophisticated persuasion specialist with degrees in psychology and research

Hack the hackers: Eavesdrop for intel on emerging threats (InfoWorld via Network World) Listening to online chatter in hacker forums can give you a jump on juicy vulnerabilities your vendor hasn't fixed

How to make security analytics work for your organization (SecurityAsia) As the latest buzzword in IT, analytics are increasingly spanning various components of IT systems

Hackers in your network? Why kicking them out straight away is not always the best approach (ZDNet) Rushing to get that infection off your network without proper investigation could just make it worse, warn cyberlaw enforcement experts

Marketplace

Cybersecurity spending outlook: $1 trillion from 2017 to 2021 (CSO) Cybercrime growth is making it difficult for researchers and IT analyst firms to accurately forecast cybersecurity spending

Bridging the Insurance/InfoSec Gap: Results of the SANS Cyber Insurance Survey Released (PRNewswire) Gaps identified; building blocks to understanding outlined

EU referendum: Cyber security will remain strong regardless of outcome (Ashdown Group) Markets are fluctuating at low rates, property investors are holding off purchases and businesses are increasingly speculative and uncertain about what the next couple of weeks will mean for the UK

Northrop Grumman: Defense industry 'ahead of Silicon Valley' on national security (Washington Business Journal) For some time now, the Pentagon has been courting Silicon Valley as a way to bring innovative technologies to national defense

FireEye Said to Have Rebuffed Several Recent Takeover Offers (Bloomberg) FireEye Inc. rebuffed takeover proposals from multiple parties earlier this year after hiring Morgan Stanley to field interest, according to people with knowledge of the matter

Symantec to spend almost $5 billion buying Blue Coat (San Jose Mercury News) Security software firm Symantec will take on $2.8 billion in debt to buy Sunnyvale cybersecurity company Blue Coat for $4.65 billion, the companies announced

Symantec’s Purchase of Blue Coat Fills Critical Product Gap, Interim President Says (Dark Reading) Combined business will have a product portfolio that is wide enough to address all threat vectors, Ajei Gopal says

How will a threatened IBM react to Symantec’s acquisition of Blue Coat? (ARN) Combined forces will surpass IBM in enterprise security market share

Better Buy: Fortinet Inc or Check Point Software Technologies? (Motley Fool) The two cybersecurity competitors are taking different paths to growing their businesses, so which is the best investment option? The answer depends on you

VMware CEO expects company growth from Dell-EMC deal (CNBC) Squawk Alley's Jon Fortt sat down with VMware's CEO Pat Gelsinger to discuss the short- and long-term effects of Dell's $67 billion acquisition of EMC on his business

Ransomware-Stopping Software Fueling Varonis Growth (Investing News) The ability to stop ransomware and other damaging forms of cyberattack before they cause harm has placed Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, and its rapidly growing DatAlert solution at the center of the global battle being fought by organizations to protect their valuable data

Invincea First Machine Learning Based Endpoint Security Company to Join Anti-Malware Testing Standards Organization (AMTSO™) (Power Engineering) Invincea, the leader in advanced endpoint threat protection, announced today that it is the first machine learning based endpoint security company to join the Anti-Malware Testing Standards Organization (AMTSO™). Participation in AMTSO furthers Invincea's mission of addressing the global need for improvement in third party testing based on scientific objectivity, quality, and relevance of anti-malware testing methodologies

Research and Development

Plurilock Security Solutions Granted Canadian Patent for Computer User Profiling (PRWeb) Advanced biometric security software first of its kind

The emerging ethical standards for studying corporate data (Recode) How Facebook’s "emotional contagion" controversy led to the company's new research review policy

Security Patches, Mitigations, and Software Updates

Admins in outcry as Microsoft fix borks Group Policy (Register) After Patch Tuesday comes Facepalm Wednesday

Patched BadTunnel Windows Bug Has ‘Extensive’ Impact (Threatpost) Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows"

Cisco Won’t Patch Critical RV Wireless Router Vulnerability Until Q3 (Threatpost) Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution

Cyber Attacks, Threats, and Vulnerabilities

'Lone hacker' claims responsibility for cyber attack on Democrats (Reuters) A "lone hacker" has taken responsibility for a cyber attack on the U.S. Democratic National Committee, which the DNC and a cyber-security firm have blamed on the Russian government

Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file (Ars Technica) "Guccifer 2.0" publishes hundreds of pages of purported DNC docs

DNC hacker slams CrowdStrike, publishes opposition memo on Donald Trump (CSO) 235 page opposition memo is among the recently released cache of files

'Guccifer 2.0' Claims Responsibility for DNC Hack, Releases Docs to Prove it (Motherboard) A “lone hacker” calling themselves “Guccifer 2.0” has claimed responsibility for hacking the Democratic National Committee and claims reports that the Russian government perpetrated the attack are false. The hacker also says the DNC lied about—or didn’t know the extent of—what was stolen

Hacker claims credit for DNC breach, posts files online (IDG via CSO) Security company CrowdStrike still thinks top Russian government hacking groups were involved

A Chaotic Whodunnit Follows the DNC’s Trump Research Hack (Wired) Finding the perpetrator of a sophisticated hacker intrusion can be messy. Getting to the bottom of a vicious data breach at the center of a no-holds-barred presidential campaign is a full-on trainwreck

Meet Fancy Bear and Cozy Bear, Russian groups behind DNC hack (Christian Science Monitor Passcode) Experts say both hacker crews have been spying on Western military and political targets for years, but only recently tied them to Russian intelligence agencies

CIA Chief: IS Working to Send Operatives to the West (AP via ABC News) CIA Director John Brennan will tell Congress on Thursday that Islamic State militants are training and attempting to deploy operatives for further attacks on the West and will rely more on guerrilla-style tactics to compensate for their territorial losses

Pentagon Unleashes Cyber Effort to Counter Militants on Battlefield (Voice of America) The Pentagon has launched a new cyber task force to counter the Islamic State group, and officials say it is creating advantages both in cyberspace and on the battlefield

Anti-ISIS Hacktivists Are Attacking the Internet Archive (Motherboard) The Internet Archive, the open-access digital library and home of the Wayback Machine, was hit with a distributed denial-of-service attack on Wednesday. The site was apparently attacked because the it hosts ISIS-related materials. By 3:30 PM PDT, the Internet Archive had been down for about three or four hours

Smut shaming: Anonymous fights Islamic State... with porn (Register) Also exposing bare naked IP addresses

Anonymous defacing ISIS Twitter handles with LGBT content after Orlando Attack (HackRead) Anonymous-linked hacker is defacing pro-ISIS twitter accounts with LGBT content after Orlando shooting! — hacker vows to hack more accounts in coming days

For sale: 70k hacked government and corporate servers—for as little as $6 apiece (Ars Technica) Newly revealed bazaar is a hacker's dream and makes attacks cheaper and faster

The xDedic Marketplace (Kaspersky Lab) Over last two years a new kind of underground market has flourished, and xDedic is a perfect example. “xDedic” is a trading platform where cybercriminals can purchase any of over 70,000 hacked servers from all around the internet. It appears to be run by a Russian-speaking group of hackers

Inside the xDedic Hacked Server Marketplace (Threatpost) An underground market peddling hacked servers was a unique find, even for a seasoned researcher such Juan Andres Guerrero-Saade of Kaspersky Lab

Kaspersky: We know the hackers behind latest Flash 0-day (CSO) Adobe on Tuesday reported a previously undisclosed flaw in Flash Player is under attack. Russian security firm, Kaspersky, says it knows the group behind the attacks and advises to use Microsoft’s security tool EMET

How programmers can be tricked into running bad code (Help Net Security) Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The answer to both these questions is yes

Fake Ray-Ban ad a dangerous scam, says security firm (CyprusMail) Internet security firm ESET on Wednesday issued a warning about a scam involving sales of Ray-Ban sunglasses in which buyers could have their financial details stolen

Cisco’s small business Wi-Fi routers open to attack, no patch available (Help Net Security) Security researcher Samuel Huntley has discovered four vulnerabilities in Cisco’s RV range of small business Wi-Fi routers, the worst of which could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system

FBI: BEC Scam Attempts Amount to $3 Billion (Dark Reading) FBI warns of rise in business email compromise frauds, says it should be reported immediately

Companies pay out billions to fake-CEO email scams (IDG via CSO) In the U.S., victims have lost $960 million to the schemes over the past three years

Telegram Calls Claims of Bug in Messaging Service Bogus (Threatpost) A flaw in the popular Telegram Messenger app that allows attackers to crash devices and run up wireless data charges is being disputed by the app maker who calls the claims false

The web attacks that refuse to die (Naked Security) In the beginning – when the web was a dark and primitive space full of ‘under construction’ signs, flaming Java applet logos and faux-mechanical hit counters – a proto-web developer crawled from the World Wide Web’s primordial tag soup and ushered in the future by hooking-up a company database to a company website

The hidden breach is the new enemy (ZDNet) What we don't know ratchets up the level of risk to data, safety

Like Macros Before It, Attackers Shifting to OLE to Spread Malware (Threatpost) Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use another proprietary Microsoft technology to deliver threats

Huge FBI facial recognition database falls short on privacy and accuracy, auditor says (IDG via CSO) The FBI's facial recognition database has 30 million photos in it

FBI built a massive facial recognition database without proper oversight (TechCrunch) The FBI steadily, stealthily compiled a massive facial recognition database without oversight and in disregard of federal law, according to a report released today by the Government Accountability Office

Anonymous Africa plans cyber-attack against the Guptas (Business Day) Hacktivist group Anonymous Africa said on Wednesday it was planning a cyber-attack against the Gupta-owned business empire at noon

So, Just Why Is 18atcskd2w Such a Popular Password? (Tripwire: the State of Security) Users of popular online forums are being advised to change their passwords following the leak of some 45 million credentials

Academia

SAIC launches Cyber Academy with Huntsville City Schools (Homeland Preparedness News) The Science Applications International Corporation (SAIC) launched a new initiative on Thursday with Huntsville City Schools in Alabama to provide strategic support to the school system’s Cyber Academy

Litigation, Investigation, and Enforcement

Orlando shooter posted messages on Facebook pledging allegiance to the leader of ISIS and vowing more attacks (Washington Post) On the day of his rampage at a gay nightclub, the Orlando shooter posted messages on Facebook pledging allegiance to the leader of the Islamic State and vowing that there would be more attacks in the coming days by the group in the United States, according to a letter sent to Facebook on Wednesday by Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security Committee

U.S. investigators question wife of gunman in Orlando massacre (Reuters) U.S. investigators have questioned the wife of the gunman who killed 49 people at a gay nightclub in Orlando, the FBI said on Wednesday, and a law enforcement source said she could face criminal charges if there is evidence of any wrongdoing

Father of Paris Attacks Victim Sues Facebook, Twitter and Google (Wall Street Journal) Lawsuit accuses companies of permitting Islamic State to recruit members; companies cite policies against extremist material

German court convicts imam for seeking IS recruits (AP via Yahoo! News) A Berlin court has sentenced an imam to 2 ½ years in prison for a video and interview glorifying the Islamic State group and for seeking recruits for the extremist organization

Kosovo hacker faces 25 years in prison for giving ISIS a US kill list (The Next Web) Last June – almost a year to the day – a hacker from Kosovo who went by the handle Th3Dir3ctorY breached a server containing databases of personal information about US servicemen and federal employees

Authorities Arrest an IT Worker From the Panama Papers Law Firm (Wired) When Edward Snowden went public as the NSA whistleblower in 2013, few were surprised that a system administrator was behind the spy agency’s leak. Inside administrators who hold the keys to an organization’s data kingdom are a much greater threat to security than outside hackers.

Iran accuses British-Iranian woman of trying to 'overthrow' government (Reuters) The Iranian Revolutionary Guard accused a British-Iranian aid worker who has been detained since early April of trying to "overthrow" the government in a statement published on Wednesday

“Spam King,” who defied nearly $1B in default judgments, sentenced to 2.5 years (Ars Technica) Sanford Wallace hijacked Facebook accounts to send 27M spam messages

FBI Raids Spammer Outed by KrebsOnSecurity (KrebsOnSecurity) Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email artist currently flagged by anti-spam activists as one of the world’s Top 10 Worst Spammers, was reportedly raided by the FBI in connection with a federal spam investigation

Convicted of hacking-related crimes, reporter will stay out of prison for now (Ars Technica) Matthew Keys' legal team filed emergency motion to 9th Circuit late Tuesday

Man accused in Fort Meade gate crashing now charged in bank fraud scheme (Baltimore Sun) Man accused in Ft. Meade gate crashing charged with stealing credit card info from correctional officer's wife

Design and Innovation

To Stop Hackers, Treat Them Like a Disease (Wall Street Journal) Nicole Eagan, CEO of the cybersecurity company Darktrace, on what the human immune system can teach us about protecting our data

Neural networks: Artificial intelligence and our future (TechCrunch) Imagine yourself a passenger in a futuristic self-driving car. Instead of programming its navigation system, the car interacts with you in a near-human way to understand your desired destination. The car has learned your preferences for music, temperature and lighting; these are adjusted without the need to twist a knob

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

upcoming Events

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

cybergamut Technical Tuesday: SS7, SWIFT, and Checking: Closed Network Evolution and Exploitation (Elkridge, Maryland, Calverton, June 21, 2016) A recent 60 Minutes article on extracting mobile phone information from the SS7 telephone carrier signaling network crystalized some thoughts I’ve had for a while on the evolution of closed networks over time and the security implications of opening closed networks. This talk examines that issue using three case studies: the SS7 demonstration, the recent theft of $81 million dollars from the New York Central Reserve Bank belonging to the Central Bank of Bangladesh using the SWIFT network, and the enormous but generally unremarked shift about 10 years ago from the paper check to digitized check information as a negotiable instrument for moving money between bank accounts. All three involve complex networks with both “real world” and digital network dimensions, and illustrate how authentication and trust design decisions (explicit or implicit) made when a network is first created can lead to exploitation opportunities as that network and the way it’s used evolves over time. Jeff Kuhn of Amches, Inc. will present the topic.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Guccifer 2.0 vs. CrowdStrike on the DNC hack. Anonymous, Germany, & JTF Ares vs. ISIS. xDedic: black market for server access. Patch Tuesday reviews.