Flash 0-day patched. Russia denies hacking DNC (despite circumstantial evidence to the contrary). Following "aggregates," not individuals, for online intelligence.
Adobe patched Flash Player late yesterday. The ScarCruft APT group is exploiting the zero-day the patch addresses.
The Russian government denies any involvement in the DNC hack. Guccifer 2.0 releases by-name and by-amount donor information, seeking thereby to give the lie to DNC chair Wasserman Shultz’s assurances that no financial data were lost.
CrowdStrike stands by its attribution of the hack to Russian intelligence services, and suggests that Guccifer 2.0 may be a disinforming catphish. Ars Technica and others point out circumstantial evidence that the hacker was Russian-speaking: the use of “)))” (a characteristically Russian form of a smiley emoji), Cyrillic text noting broken links (suggesting doxed pdfs were converted on a Russian-language machine), and the editor’s screen name “Феликс Эдмундович,” in document metadata—an allusion to Felix Edmundovich Dzerzhinsky, “Iron Felix,” Lenin’s Che Guevara.
From the realm of a priori speculation, Edward Snowden thinks the DNC hack shows someone’s demonstrating the ability to manipulate elections. Donald Trump says it’s possible the DNC may have hacked itself (few seem persuaded, so far).
The FBI cautions that it’s found no link between Orlando shooter Mateen and ISIS, by which they mean no command-and-control, since Mateen said plenty online about fealty to ISIS. A study of ISIS sympathizers on Twitter reports predictable social-media behavior prior to attacks, and suggests it’s possible to identify and track ad hoc web groups, “aggregates,” as opposed to individuals.
GitHub has sustained, and is recovering from, a password-guessing attack.
FireEye still isn’t for sale. Neither is Tanium.
A note to our readers: next Wednesday the CyberWire will be down in Laurel, Maryland, covering Cyber 7.0. Watch for our usual live-tweeting and special report on the proceedings.
Notes.
Today's issue includes events affecting China, Estonia, Finland, Germany, Iran, Iraq, Japan, Democratic Peoples Republic of Korea, Latvia, Lithuania, NATO, Poland, Russia, Sweden, Syria, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Our expert segment today comes from our research partners at Level 3, whose Dale Drew explains honeypots and live data. Our guest, Craig Smith, founder of Open Garages, tells us how researchers (and others) can hack automobiles. (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)
And we're happy to say that our producer, Dave Bittner, will appear later today on another podcast, the Grumpy Old Geeks. Tune in to hear him give the Geeks the cyber security word.
Cyber Attacks, Threats, and Vulnerabilities
DNC hack: Security firm CrowdStrike stands by research as Russia strongly denies involvement (International Business Times) The security firm hired to investigate the cyberattack at the Democratic National Committee (DNC) has said it stands by its assertions that Kremlin-linked hackers were responsible for the breach – as Russian officials continue to strongly deny the claim
“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it (Ars Technica) Evidence left behind shows leaker spoke Russian and had affinity for Soviet era
Guccifer 2.0? Lone Hacker Takes Credit for DNC Cyber Attack, Publishes Docs (Common Dreams) 'Hacktivists, possibly state-sponsored, now demonstrating intent—and capability—to influence elections," says Edward Snowden
Security implications of online voting (Help Net Security) With essentially everything moving online, it would seem to be the natural progression that voting online or on your mobile device would be the next thing to happen. Not only would it be more convenient for the voter, but it would greatly reduce the travel costs. The question is, are we technologically mature enough and can we count on today’s security infrastructure to protect our vote?
Donald Trump claims the Democratic National Convention hacked itself (Graham Cluley) Did the DNC really hack itself to deflect media attention from Hillary Clinton?
Pro-ISIS online groups behave predictably before attacks (CNBC) The key to fighting the Islamic State group, or ISIS, in the real world may lie in watching social media
New online ecology of adversarial aggregates: ISIS and beyond (Science) Online support for adversarial groups such as Islamic State (ISIS) can turn local into global threats and attract new recruits and funding. Johnson et al. analyzed data collected on ISIS-related websites involving 108,086 individual followers between 1 January 1 and 31 August 2015. They developed a statistical model aimed at identifying behavioral patterns among online supporters of ISIS and used this information to predict the onset of major violent events. Sudden escalation in the number of ISIS-supporting ad hoc web groups (“aggregates”) preceded the onset of violence in a way that would not have been detected by looking at social media references to ISIS alone. The model suggests how the development and evolution of such aggregates can be blocked
The 'cyber jihad' is coming, says this security firm (CNBC) Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology
The Anatomy of Cyber-Jihad: Cyberspace is the New Great Equalizer (ICIT Brief) Until now it has been fairly easy to categorize malicious cyber-actors as State Sponsored APT, Hacktivist, Mercenary and Script Kiddie. However, a new threat actor has emerged who uses technological means to bring terror and chaos to our nation and its allies: the Cyber-Jihadist
Github hit by massive password guessing attack (Naked Security) Github is a well-known on-line repository for software source code
GitHub attacker launched massive login campaign using stolen passwords (Ars Technica) Repository's own account data not breached, affected passwords reset
ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks (Threatpost) Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia
How attackers can hijack your Facebook account (Help Net Security) Positive Technologies researchers have demonstrated that knowing a user’s phone number and how to exploit a vulnerability in the SS7 network is enough to hijack that user’s Facebook account
Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak (HackRead) The official English language website of Muslim Brotherhood movement was forced to go offline after facing massive DDoS attacks
The story of a DDoS extortion attack – how one company decided to take a stand (ComputerWorld UK via CSO) German payment processor goes public on threats received last week
Has ransomware become the Chicken Little of the security industry? (SC Magazine) That ransomware is a problem cannot be doubted. Whether the current level of media coverage, fuelled by vendor press releases, is doing more harm than good is more open to debate
JTB hack underscores need for revamp of cybersecurity in Japan (Japan Times) A massive data breach at Japan’s largest travel agency has underscored the risks companies face when they keep sensitive data on networks connected to the internet, experts say. Some warn government systems are especially vulnerable to state-sponsored attack, including by China and North Korea
Get ready for a surge in online travel fraud (Help Net Security) Unsurprisingly, transactions for booking flights, hotels and rental cars increase significantly over the summer months. In addition, fraudulent activity against online travel companies goes up during the same period
50% of ads on free livestreaming websites are malicious (Help Net Security) Millions of people use free livestreaming websites to watch sports and other live events online, but this comes with a considerable security risk. Researchers from KU Leuven-iMinds and Stony Brook University have found that viewers are often exposed to malware infections, personal data theft, and scams
Scans Confirm: The Internet is a Dump (BankInfoSecurity) Rapid7's Tod Beardsley warns of millions of unsecured ports
Gartner: ‘Insider threat is alive and well on the dark Web’ (Network World) Gartner says to spot low-level insiders who have gone bad security pros should look for keywords they search for and IP addresses and URLs they seek out on the Dark Web
Security Patches, Mitigations, and Software Updates
Fix for actively exploited Flash Player 0day is out, patch ASAP! (Help Net Security) Adobe has issued a patch for the Plash Player zero-day vulnerability (CVE-2016-4171) that is actively exploited by the ScarCruft APT group
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Vulnerabilities in Adobe Flash Player (APSB16-08) (Japan CERT) Adobe Flash Player contains multiple vulnerabilities. A remote attacker may cause Adobe Flash Player to crash or execute arbitrary code by convincing a user to open specially crafted contents leveraging these vulnerabilities. For more information on the vulnerabilities, please refer to the information provided by Adobe Systems
Verizon fixes email flaw which left user accounts open to attack (ZDNet) The critical email flaw is the latest which places Verizon email accounts at risk
Cyber Trends
Top 10 technologies for information security and their implications (Help Net Security) Gartner highlighted the top 10 technologies for information security and their implications for security organizations in 2016
He wrote about clickbait but what happened next will stun you (TechCrunch) As we roll merrily into the future of media it’s time to define some terms. I spoke to a number of folks over the past few weeks about the Gawker case as well as the future of journalism and have come away with some interesting information regarding the disconnect between readers and writers and the general concept of clickbait. I’d like to clear a few things up
Marketplace
The Globality Quotient: Cybersecurity (BizCatalyst360) The need for entrepreneurs to think globally has become so necessary that assessing an innovator’s GQ – Globality Quotient – has become a standard market test
Why most of London’s tech sector believes Brexit will prove a disaster (TechCrunch) A decision over the U.K.’s future membership in the European Union is now just days away, with latest polls indicating a race to the wire
Northrop Grumman’s $2 billion cybersecurity business includes ‘offensive' cyber (Washington Business Journal) Northrop Grumman Corp. Chief Financial Officer Ken Bedingfield says a lot of the company’s cybersecurity business is “restricted” and “it’s hard for us to talk in too much detail about it"
Sources: Tanium Rejected Acquisition Bids From VMware, Palo Alto, Vows To Stay Single (CRN) Red-hot security startup Tanium received acquisition bids from both VMware and Palo Alto Networks last fall, sources familiar with the offers told CRN
FireEye (FEYE) Stock Up on Rebuffed Takeover Offer Rumors (Zacks) Shares of FireEye Inc. FEYE rallied after Bloomberg published a report that the cyber security company has rejected multiple takeover offers this year. The stock climbed 7.6% before settling at 4% at the end yesterday’s trade
Symantec Charts New Path with $4.6 Billion Bid for Blue Coat (Redmond Magazine) Looking to revive its struggling IT security business hampered by miscues and a tapped out market for its flagship endpoint security offering, Symantec Monday said it has reached an agreement to acquire Blue Coat, a provider of Web analytics, threat assessment and remediation software and services, for $4.6 billion. Blue Coat CEO Greg Clark will take the helm at Symantec once the deal closes. As part of the deal, Blue Coat majority shareholder Bain Capital will reinvest $750 million in the combined company and Silver Lake Partners is doubling its investment to $1 billion
Symantec gains as BTIG upgrades in response to Blue Coat deal (Seeking Alpha) Believing the company's $4.65B deal to buy security hardware/software firm Blue Coat will almost immediately return the company's enterprise security ops to positive growth, BTIG's Joel Fishbein has upgraded Symantec (SYMC +2.7%) to Buy, and set a $23 target
Was Someone Tipped Off To The LinkedIn Sale? (Fortune) Suspicious trading activity ahead of Microsoft’s big LinkedIn announcement
Check Point slumps as Deutsche downgrades following a security conference (Seeking Alpha) "We picked up more data points suggesting that enterprise security spending growth is slowing, with the tone incrementally worse in the banking vertical. CHKP derives ~30% of its revs mix from the financial services vertical," writes Deutsche after attending a Gartner security conference
QuintessenceLabs getting truly random with quantum security (ZDNet) Canberra-based QuintessenceLabs has taken its university research and transformed it into a quantum security firm, with its products used globally by the likes of the United States government
LogicMonitor Accelerates Growth with $130M Investment from Providence Equity (BusinessWire) LogicMonitor, the Software-as-a-Service (SaaS) delivered end-to-end IT infrastructure monitoring platform, today announced that it has received a $130 million investment from Providence Strategic Growth (PSG), the growth equity affiliate of Providence Equity Partners, a global private equity firm with $45 billion in assets under management. The investment will be used to continue LogicMonitor’s global market expansion as the leading modern IT infrastructure performance monitoring solution that will displace legacy and premise-based monitoring systems in complex and agile environments
Cylance completes Series D funding round led by Blackstone, Insight (Financial News) Cylance Inc. has completed the initial closing of a USD100 million Series D funding round led by funds managed by Blackstone Tactical Opportunities and Insight Venture Partners and included investments from the company´s existing investors, the company said
McAuliffe announces new private sector sponsorship for MACH37 Cyber Accelerator (Augusta Free Press) Amazon Web Services, Inc. (AWS) has agreed to participate as a Platinum Sponsor of the MACH37 Cyber Accelerator program. This significant public-private collaboration will help launch new cybersecurity product companies inside the Commonwealth, further establishing Virginia as the cybersecurity capital of the nation
MobileIron Hires Symantec, Cisco Vet As Sales SVP (Channel Partners) Another channel person is on the move — this one at MobileIron, the enterprise mobility management provider
Products, Services, and Solutions
Cisco Systems, Inc. Tetration Offers “Precogs” for Data Center: Drexel (BidnessEtc.) In a press conference yesterday, Cisco Systems, Inc. (NASDAQ:CSCO) announced Cisco Tetration, a software-centric solution it calls “time machine for the data center.” Drexel Hamilton also attended the conference, and provided insights about the product offered by the company. CEO Chuck Robbins, along with other senior executives, was also present at the event
Assess, build and improve security culture with CLTRe (Help Net Security) Norwegian security startup CLTRe announced a new product series, enhancing its existing Saas offering, the Security Culture Toolkit. This new range consists of CLTRe Control, CLTRe Discover and CLTRe Improve, which provide customers with a suite of tools to assess, build and improve the security culture within their organization
Endace partners with Plixer to enhance security forensics (Financial News) Endace has partnered with Plixer to provide integration between Plixer´s Scrutinizer, flow-based analysis solutions, and EndaceProbe network recorders to improve the ability for SecOps and NetOps teams to investigate network security and performance issues, the company said
Lockton and BitSight Technologies Offer Companies a Cyber Security Rating (PRNewswire) New alliance will help clients understand cyber risk
Easy Solutions Named as Winner of Best Fraud Prevention Solutions in 2016 SC Awards (BusinessWire) Total Fraud Protection earns top honors at Excellence Awards
G DATA setzt bei Backups auf DriveOnWeb (Pressebox) Datensicherung ist ab sofort in deutscher Cloud möglich
Technologies, Techniques, and Standards
Blockchains, banks and zero-knowledge proofs (International Business Times) Open and decentralised systems such as blockchains create privacy concerns for some use cases, made even more acute by permissioned blockchains which seem to be morphing into something that belies almost all the fundamental benefits of the original design – but that's another story.
Why should feds care about blockchain? (FCW) As they wait to see how the world will wind up using blockchain, feds are tending to the underlying cryptography
Army to keep tinkering with company-level cyber integration at NTC next month (Army Times) The Army is once again using the National Training Center at Fort Irwin, California, as a proving ground for the integration of cyber capabilities into smaller units
How to Remove Trojan Win32-AntiAv (Spywaretechs.com) Trojan Win32-AntiAv is a malicious software that will inject in your system. It may display fake warnings that your computer has been infected. The Trojan Win32-AntiAv injects into the Operating System to change permission policies and to modify the registry. Most likely, Trojan Win32-AntiAv was installed by the user not knowing that this program is malicious
Pretty Good Passwords: Cartoon Caption Contest Winners (Dark Reading) Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is
Design and Innovation
Microsoft creates Checked C extension to prevent common coding errors (Help Net Security) Fixing vulnerabilities in completed software and systems is all good and well, but with Checked C, an extension for the C programming language, Microsoft researchers want to prevent common programming errors that can lead to several types of frequently occurring vulnerabilities
Research and Development
Lastline Awarded US Patent for Detecting Advanced Malware Through Manipulation of Environmental Behaviors (Yahoo! Finance) Advanced malware protection provider Lastline, Inc. has been awarded United States Patent US20140317745 A1 for "Methods and Systems for Malware Detection Based on Environmental-Dependent Behavior." The patent protects Lastline's full platform, which elicits and detects the security industry's broadest range of malicious behaviors from malware in a sandbox evaluation environment
Huawei opens Mathematics Research Center to drive ICT innovation (Financial Express) The research center will focus on strategic projects such as 5G, short-term products, and design
Academia
Norwich Graduate Students to Hack a Local Business by Request (Vermont Digger) Students in Norwich University’s Master of Science in Information Security & Assurance (MSISA) program will hack the software of a small business as part of their final course work beginning tomorrow, Friday, June 17
Legislation, Policy, and Regulation
The Danger of Killing Islamic State's Caliph (Bloomberg View) We've seen this movie before, but still don't know how it ends: According to unconfirmed reports, the so-called caliph of Islamic State, Abu Bakr al-Baghdadi, was killed by a U.S. airstrike in Raqqa, Syria. Similar rumors cropped up at least twice before, in January and October of last year, and both times the news of his death was greatly exaggerated. As for the latest report, U.S. Special Presidential Envoy for the Global Coalition to Counter ISIL Brett McGurk said, "We have no reason to believe that Baghdadi's not still alive, but we have not heard from him since the end of last year"
China-US Relations in Cyberspace: A Half-Year Assessment (Diplomat) While some progress has been made, China-U.S. relations in cyberspace remain fragile and cooperation tenuous
Gartner on doing business in China: Privacy? What’s that? (Network World via CSO) If you want to use encryption, the government needs the keys
Severe cyber-attack could be a case for NATO action – Stoltenberg (RT) NATO could respond to a powerful cyber-assault with conventional weapons, the military alliance’s secretary-general told German media. NATO member states are expected to declare cyberspace a warfare domain, along with air, land, sea and space
As Russian Hackers Probe, NATO Has No Clear Cyberwar Strategy (New York Times) In the six months since part of Ukraine’s power grid came crashing down, turned off by highly sophisticated hackers, cyberspace allies of President Vladimir V. Putin of Russia have been leaving their mark here in the Baltics and across the sea in Finland and Sweden
Pentagon Battles Cyber Attacks (Voice of America) The United States Department of Defense developed some of the technology that led to the internet
DHS cyber info sharing: Small businesses shut out, big ones wary (FedScoop) The Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies was told only 30 companies nationwide receive Automated Indicator Sharing service from DHS
Anti-Surveillance Measure Quashed: Orlando Massacre Cited as Reason (Threatpost) The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privacy provision by civil liberties groups who had worked for years to bring the measure to a vote
The FBI needs better hackers to solve encryption standoff, research says (Christian Science Monitor Passcode) Tech companies and privacy advocates are strongly opposed to proposals by the FBI and others to mandate government access to encrypted communications. But one expert says there may be another way to solve the feud
Silicon Valley has a chance to influence cyber security policy: column (USA TODAY) U.S. cybersecurity policy has followed a Jekyll-and-Hyde path lately
State Regulator Warns Of Cyberattacks On Connecticut Utilities (Hartford Courant) Connecticut's utilities are likely to be targets of cyberattacks by computer hackers and the state needs to "wake up, strengthen our defenses and prepare to manage the consequences," a top state regulator warned Thursday
Litigation, Investigation, and Law Enforcement
U.S. Official: No Evidence Of Direct Islamic State Link To Orlando Shooting (Huffington Post) An FBI official cautioned that proving the suspected link to radical Islamism required further investigation
How Does the FBI Watch List Work? And Could It Have Prevented Orlando? (Wired) Of all the details investigators have uncovered about Orlando terrorist Omar Mateen, perhaps the most infuriating is the fact that he spent 10 months on a government watch list, yet had no trouble buying an assault rifle and a handgun
Orlando shows how terror is evolving. Can FBI keep up? (Christian Science Monitor) The Orlando shooting did not fit into a single category of hate crime, mass shooting, or jihadist act of terror, the FBI says. This makes its job harder
It’ll be very hard for terrorism victim’s family to win lawsuit against Twitter (Ars Technica) Victim's father: Twitter, Google, and Facebook profit off of terrorist propaganda
The Coming Constitutional Crisis Over Hillary Clinton’s EmailGate (Observer) The nominee insists her mishandling of State Department email is no big deal—but the real drama is just beginning
Vladimir Putin Has Everything He Needs to Blackmail Hillary Clinton (Observer) American intelligence officers are asking not 'if' but 'when' the Kremlin will dip into its arsenal of Clinton collateral
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.
Upcoming Events
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, Jun 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.
cybergamut Technical Tuesday: SS7, SWIFT, and Checking: Closed Network Evolution and Exploitation (Elkridge, Maryland, Calverton, Jun 21, 2016) A recent 60 Minutes article on extracting mobile phone information from the SS7 telephone carrier signaling network crystalized some thoughts I’ve had for a while on the evolution of closed networks over time and the security implications of opening closed networks. This talk examines that issue using three case studies: the SS7 demonstration, the recent theft of $81 million dollars from the New York Central Reserve Bank belonging to the Central Bank of Bangladesh using the SWIFT network, and the enormous but generally unremarked shift about 10 years ago from the paper check to digitized check information as a negotiable instrument for moving money between bank accounts. All three involve complex networks with both “real world” and digital network dimensions, and illustrate how authentication and trust design decisions (explicit or implicit) made when a network is first created can lead to exploitation opportunities as that network and the way it’s used evolves over time. Jeff Kuhn of Amches, Inc. will present the topic.
Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, Jun 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.
Cyber 7.0 (Laurel, Maryland, USA, Jun 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
ISS World South Africa (Johannesburg, South Africa, Jul 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SINET Innovation Summit 2016 (New York, New York, USA, Jul 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!