The CyberWire Daily Briefing 06.21.16

Summary

By The CyberWire Staff

Two more companies—Fidelis and FireEye’s Mandiant unit—have weighed in on the DNC hack. Both find themselves essentially in agreement with CrowdStrike’s conclusion that evidence in the code points to the Russian APTs fingered in initial reports. Guccifer 2.0’s identity remains up in the air, although someone claiming to be the lone hacker has just been talking to Motherboard. He says he’s anti-Russian, pro-freedom, and wants a world without the Illuminati. Judge for yourselves.

FireEye says China has pulled back from cyber espionage directed against the United States. Other countries? Not necessarily so much, and Dark Reading sensibly notes what we’re hearing elsewhere—that intellectual property theft remains in that government’s plans.

Ransomware continues its evolution. Ded Cryptor, an EDA2 strain, is out, courtesy (apparently) of the Russian cyber mob. Sophos reports finding RAA, Javascript ransomware that doesn’t depend upon enabled macros for transmission.

xDedic, the souk that sold server time on compromised RDP servers, may, says Kaspersky, be larger than initially believed.

Apple has closed a vulnerability in AirPort wireless routers.

In industry news, the US GSA is creating a special item number (SIN) for cyber security products and services in its IT Schedule. Contractors wonder if GSA will be able to keep pace with technological evolution within the scope of the new cyber security SIN.

The US Secret Service hopes for quick response to its solicitation of “cyber triage tools.”

Wassenaar is back. Meetings resumed this week in Vienna on a new cyber arms export control regime.

A note to our readers: tomorrow the CyberWire will be in Laurel, Maryland, covering Cyber 7.0. Watch for our usual live-tweeting and special report on the proceedings.

Notes.

Today's issue includes events affecting Australia, China, European Union, India, Israel, Japan, Republic of Korea, Mongolia, Russia, Ukraine, United Kingdom, and United States.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Our interviews today center on the DNC hack. We'll hear from Mike Buratowski, Vice President of Cybersecurity Services at Fidelis, on his company's look at the code that points toward Russian involvement. And our editor will summarize speculation about false flag operations. (If you feel so inclined, please give us an iTunes review.)

Sponsored Events

Cyber Security Summit (Washington, DC, USA, June 30, 2016)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016)

Selected Reading

Cyber Trends

People go to extreme lengths to protect their devices - but do not understand the threats (ZDNet) Paranoid users are turning to a multitude of different methods to keep their personal data away from online prying eyes, according to recent research

Healthcare needs a data centric security approach (Help Net Security) With increasing attacks on PHI data, coupled with more stringent data security requirements and regular audits, organizations should act now – before it’s too late

Healthcare cybersecurity is reactive, must shift to 'proactive threat hunting' says Raytheon (HealthcareITNews) 'Most managed security services don't provide proactive threat hunting, advanced analytics and incident response as part of their core offerings'

Brexit will make UK more vulnerable to cyber attack, say security pros (ComputerWeekly) A third of security professionals are concerned that a Brexit vote will hamper cyber threat intelligence sharing with EU states

Legislation, Policy and Regulation

Export controls on cybersecurity products back on the agenda (Politico) Beginning today, the latest United States delegation is in Vienna for talks over export controls on hacking tools — controls that panic cybersecurity companies, many leaders in Congress and swaths of the broader U.S. business community. The talks are set to last through Wednesday, and they could prove influential to efforts to reverse the restrictions, intended to combat use of such “intrusion software” by oppressive regimes but widely thought by U.S. industry to jeopardize sales of legitimate security software. There’s one more batch of Wassenaar Arrangement talks in September, when the matter will largely be decided before a December plenary session that will make it official

Israel Liberalizes Cyber Export Policy (Defense News) After three years of contentious review, the Israeli government has codified a new policy for cyber-related exports that aims to liberalize licensing and technology-transfer restrictions for all but defense and military end-users

Chinese economic cyber-espionage plummets in U.S.: experts (Reuters) The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete, private U.S. security executives and government advisors said on Monday

Privacy Shield: Can the US Earn the EU’s Trust Post Apple vs. FBI? (Dark Reading) Rebuilding the privacy framework for data transfer between the US and its European trading partners won't be easy but it's still a worthwhile effort

House GOP seeks focus on small cyber firms (Baltimore Sun) House lawmakers are expected to pass legislation this week to encourage the Obama administration to engage more with small, startup cybersecurity firms, an effort supporters say could benefit Maryland's burgeoning cyber industry

Retro analog tech a danger to U.S. power grid (The Hill) Members of the Senate Intelligence Committee recently introduced legislation intended to improve cybersecurity for the U.S. power grid by reintroducing “retro” analog technology to grid control systems. Specifically, the Senators want to reengineer the last-mile of the grid by replacing the modern automated controls currently in place with older analog controls. Their goal is to prevent a Ukraine-style cyber attack from causing a nationwide blackout that lasts weeks or even months

CIA Director John Brennan Pretends Foreign Cryptography Doesn't Exist (Schneier on Security) Last week, CIA director John Brennan told a Senate committee that there wasn't any strong cryptography outside of the US

Christie creates new cabinet post to protect N.J. from cyber attacks (NJ.com) Gov. Chris Christie on Monday announced he created a new cabinet post in his administration, establishing a chief technology officer post

Products, Services, and Solutions

NSS Labs Raises $16 Million in Financing to Grow Its Security Testing and Continuous Monitoring Suite of Services (Marketwired) NSS Labs, Inc., the world's leading information security research and advisory company, announced today that it has secured $16 million of new equity and bank financing. The financing will support the growth of the NSS Labs suite of services that includes in-depth security product testing, analyst services, and continuous product monitoring through the Cyber Advanced Warning System™ (CAWS), a revolutionary cloud-based security and risk management platform

Tenable Network Security Partners with Thycotic to Simplify Credential Management for Authenticated Assessments (Yahoo! Finance) Technology integration between Tenable and Thycotic increases efficiency for vulnerability assessments using privileged accounts

AlgoSec Announces Support for PCI DSS 3.2 (Marketwired) Business-driven approach to security policy management enables organizations to maintain continuous compliance with PCI DSS -- thereby reducing risk and costs

OptioLabs Announces New Pilot Program for OptioCore and OptioInsight (Yahoo! Finance) Successful adoption from leading Android OEMs is sparked by enterprise and government applications

ThetaRay Selected to Provide ING Netherlands with Fraud Detection Solutions (PRNewswire) Big data analytics tech to secure bank against SME lending fraud, reduce costly false positives

Exabeam adds ransomware detection capabilities (ITWeb) User and entity behaviour analytics company Exabeam has debuted an application designed for early detection of ransomware, which it says is one of the biggest security threats in 2016

John Lewis on security – ‘Single, bad, black swan events don’t happen out the blue’ (Diginomica) Retail giant John Lewis is using Splunk to get a single view of its security operations so that it can establish what is ‘normal’ behaviour

Technologies, Techniques, and Standards

Veterans Administration Adopts UL Security Certification Program For Medical Devices (Dark Reading) Goal is to ensure network-connected medical devices purchased by the VA meet baseline security standards established by Underwriters Laboratories

Sticky Security Issues: How Your Website Security Should Handle Tor Users (Axcess News) As your mother and a handful of other well-meaning adults probably told you, there is a certain thing that happens when you assume things. It pertains to the u and me that ends the word assume turning into its first three letters, if you were somehow unaware

Cyber forces prepare for an attack on a grand scale (Defense Systems) Practice might not always make perfect, but it certainly can help when preparing to defend the nation against a disaster—or a coordinated cyberattack

Hunting the hackers: Why threat intelligence isn't enough (SCMagazine) James Parry explores why the enterprise needs to move beyond threat intelligence to proactively seek out emerging threats on social media and the dark web

The Always-On Culture + Mobile Access = IT Nightmare? (IBM Security Intelligence) Are you a part of the always-on workforce? As it turns out, a large percentage of us are

5 Tips For Staying Cyber-Secure On Your Summer Vacation (Dark Reading) Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media

Marketplace

Questions linger about GSA’s plans for new cyber offerings (Federal News Radio) The General Services Administration’s plans to develop a new way for agencies to buy cybersecurity services off of the IT schedule contracts is raising eyebrows across the vendor community

Secret Service needs 'cyber triage' tools, fast (Federal Times) The Secret Service is looking for a quick turnaround on a new solicitation for cyber triage tools that can be rapidly deployed on any system to remediate the effects of a malware attack

TalkTalk slashes bonuses as cyber attack weighs on profits (Telegraph) Boardroom bonuses at TalkTalk have halved following a cyber attack last year which is costing the telecoms provider tens of millions of pounds to put right

TalkTalk CEO Dido Harding sees pay almost triple despite cyber attack affecting 160,000 customers (Independent) Her salary increased from £538,000 to £550,000

Twitter buys artificial intelligence firm Magic Pony (Interaksyon) Twitter said Monday it was acquiring British-based artificial intelligence startup Magic Pony to bolster its capacity for analysis of visual content

How Israel’s cyber spy network is helping improve enterprise security (IT World Canada) The vaunted Unit 8200 represents the Israeli Defense Forces (IDF) exclusive IT spy agency responsible for collecting signal intelligence (SIGINT) and code decryption. The decades-old unit — considered by intelligence analysts to be the strongest of its kind in the world — has also produced some of the most sought after cybersecurity startup companies. Indeed, former IDF 8200 alumni have developed leading Israeli IT companies — Check Point, CyberReason, Palo Alto Networks, Singular, and CyberArk among them

Israeli Cyber Security Firm Finds Niche Standing Guard Inside Computer Networks (Haaretz) 'It's easier to attack from the inside, and therefore it's more  urgent to provide another layer of protection,' says CyberArk CEO Udi Mokad

UT start-up to release new online security technology (Daily Texan) Casen Hunger, an electrical engineering postdoctoral student, and Dr. Mohit Tiwari, UT electrical engineering professor, recently co-founded Privasera, a company that offers app creators and users increased security when saving private documents online

Funding New Deceptive Technologies In Cybersecurity (Forbes) At a time when some venture capitalists are holding back, one firm is moving forward. There is a very real need for new technologies in cybersecurity. For example, the attack on Office of Personnel Management last year– which affected at least 21.5 million Americans — had apparently been going on for some time, undetected. The new model is to identify the intruder in the network in real time, observe them, and then suppress that intruder’s activities. This requires active intelligence and a whole new way of thinking about cybersecurity

Quick Heal Tech inches up after launching cyber security consulting services (Business Standard) Quick Heal Technologies rose 0.58% to Rs 269.70 at 10:42 IST on BSE after the company announced that it has launched cyber security consulting and education services named Seqrite Services and Quick Heal Academy

Imperva Shares Surge After Elliott's Singer Launches Activist Campaign (The Street) The insurgent investor noted that it has started a dialogue with the cyber and data security products company about "strategic and operational" opportunities

CrowdStrike new major APAC player in war against security threats (Security Brief) The Asia-Pacific region is the next target for CrowdStrike, which plans to use its expertise in cloud-delivered, next-generation endpoint protection, threat intelligence and response services to combat malware and ransomware

CrowdStrike’s Sentonas urges greater cybersecurity vigilance (Australian) CrowdStrike is setting up shop in Australia as part of a broader push into the Asia-Pacific and the man in charge of the operations in the region, Michael Sentonas, reckons cybersecurity outfits need to lift their game

Accenture Snags Deloitte Exec to Lead New Security Unit, Targets $1B in Sales (CRN) Accenture has brought all its security capabilities together under one roof and tasked a longtime Deloitte leader with creating the world's largest security service provider

BeyondTrust Appoints Industry Veteran Sam Ghebranious as Regional Director for Australia and New Zealand (BusinessWire) Experienced industry executive to help accelerate regional growth and customer success

Symantec CEO is among 20 highest paid tech chief execs (CSO) Meet the highest paid tech CEOs

Iron Bow Technologies Named a “Top Workplace” by The Washington Post (Sys-Con) Iron Bow Technologies, an information solutions provider, is proud to announce it has been named a “2016 Top Workplace” by The Washington Post. The company ranked 38th in the midsize business category on the publication’s annual list

Security Patches, Mitigations, and Software Updates

Apple fixes serious flaw in AirPort wireless routers (IDG via CSO) The flaw could allow hackers to execute malicious code on affected devices

Cyber Attacks, Threats, and Vulnerabilities

Cyber researchers confirm Russian government hack of Democratic National Committee (Washington Post) Two independent research firms have confirmed an assessment by the Democratic National Committee that its network was compromised by Russian government hackers

Findings from Analysis of DNC Intrusion Malware (Threat Geek) The Security Consulting team here at Fidelis specializes in investigations of critical security incidents by advanced threat actors. Last week, after Guccifer 2.0 claimed responsibility for the intrusion into the Democratic National Committee’s (DNC) servers, we were provided with the malware samples from the CrowdStrike investigation. We performed an independent review of the malware and other data (filenames, file sizes, IP addresses) in order to validate and provide our perspective on the reporting done by CrowdStrike. This blog post provides a summary of our findings

Chinese hacking slows down after public scrutiny and US pressure (IDG via CSO) Security firm FireEye said it has seen a decline in overall intrusion activity

China Still Successfully Hacking US, But Less (Dark Reading) New FireEye report shows significant decline in the number of Chinese cyber espionage attacks on the US since 2014, but China has definitely not stopped the intellectual property theft

Ransomware that’s 100% pure JavaScript, no download required (Naked Security) SophosLabs just alerted us to an intriguing new ransomware sample dubbed RAA

Evil Santa Ded Cryptor ransomware places victims on the 'naughty' list (Graham Cluley) Nothing is nice about this EDA2-based variant

The Ded Cryptor Ransomware thinks you have been Naughty this Year (Bleeping Computer) A new EDA2 ransomware was discovered by Michael Gillespie called Ded Cryptor. This ransomware has been around for quite a while and targets both Russian and English speaking victims. When installed, the victims desktop will be changed to show an evil looking Santa having a good time while it encrypts your files

Ransomware explained – how digital extortion turns data into a silent hostage (Computerworld UK via CSO) Ransomware has risen to the top of the malware pile. We look at how this has happened

Poorly crafted LogMeIn password reset email looks phishy, but isn’t (Help Net Security) LogMeIn has been sending out password reset emails to some of its customers, to prevent account hijacking fuelled by the recent spate of massive login credential leaks

LogMeIn Captain! A "Not so Phishy" Phishing Campaign (SANS Internet Storm Center) Today's story is on another (sort of) phishing campaign - the twist on this one is that the targets are .. us, again, sort of. This one caught my eye because I've never had a logmein account - no reflection on the product, I've just always had licenses on other comparable products

There’s no virus in the iTunes database – it’s a phish! (Help Net Security) A new phishing campaign aimed at Apple users has been spotted by security researcher Bryan Campbell

xDedic Scope May Be Larger Than Originally Thought (Threatpost) New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace

IPv4 hijackers setting up shell companies to hoard and sell addresses (Naked Security) We’ve long known it was coming, and it finally happened in September 2015: the pool of available IPv4 addresses for North America completely dried up

Malware families attacking business networks continue to grow (Help Net Security) The number of active global malware families increased by 15 percent in May 2016, according to Check Point

Botnet-powered account takeover campaign hit unnamed bank (Help Net Security) A single attacker has mounted two massive account takeover (ATO) campaigns against a financial institution and an entertainment company earlier this year, and used a gigantic botnet comprised of home routers and other networking products to do it

Massive Acer security breach exposes highly sensitive data of 34,500 online shoppers (PCWorld via CSO) Acer recently revealed its online store was the victim of a data breach that lasted nearly a year

Citing Attack, GoToMyPC Resets All Passwords (KrebsOnSecurity) GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites

Litigation, Investigation, and Enforcement

The Orlando 911 Transcripts (Atlantic) The FBI has now released a transcript that names Omar Mateen as the Orlando shooter and shows him pledging allegiance to the Islamic State

FBI wanders into heated debate after redacting ISIS from Orlando 911 transcripts, reverses course (Washington Post) The Orlando killer pledged allegiance to the Islamic State while in the midst of murdering 49 people at a gay nightclub last weekend. But for a few hours Monday, we couldn't read that part of Omar Mateen's phone conversations with dispatchers and police because the FBI took it out of transcripts of 911 calls it released

Cyber security: Protection of personal data online inquiry (Parliament.uk) The recent cyber-attack of TalkTalk’s website, where initially it was feared that the personal details, including bank details, of over four million customers had been hacked and made public, gives rise to questions and concern over the ways companies store and secure information about their customers. TalkTalk has already been subject to two previous attacks this year. In light of these incidents, the Culture, Media and Sport Committee has decided to hold an inquiry into the circumstances surrounding the TalkTalk data breach and the wider implications for telecoms and internet service providers

Palantir Unleashes Its Lawyers Over US Army's Intelligence Software (Defense News) Silicon Valley data-integration company Palantir, which has thus far let others do the talking in the fight over the US Army's planned intelligence software suite against the company's own product, is putting itself directly into the center of the fray

IG: OSI investigators overstepped their bounds (Air Force Times) Agents from the Air Force Office of Special Investigations broke rules by pursuing online child exploitation cases against subjects that may not have been military service members, the Defense Department's inspector general has found

Monsanto Sues Ex-Employee Accused Of Stealing Data (Graham Cluley) Controversial agriculture and biotech giant Monsanto has filed a lawsuit against former employee Jiunn-Ren Chen, accusing him of stealing 52 files from its computer systems

Design and Innovation

How big data is changing the game for backup and recovery (IDG via CSO) In today's distributed databases, getting a reliable snapshot of all those petabytes isn't easy

Tor Project tests new tool for foiling de-anonymization attacks (Help Net Security) Upcoming hardened releases of the Tor Browser will use a new technique aimed at preventing de-anonymization efforts by anyone who might want to mount them

Red Hat launches Ansible-native container workflow project (Help Net Security) Red Hat launched Ansible Container under the Ansible project, which provides a simple, powerful, and agentless open source IT automation framework. Available now as a technology preview, Ansible Container allows for the complete creation of Docker-formatted Linux containers within Ansible Playbooks, eliminating the need to use external tools like Dockerfile or docker-compose

Microsoft Working Towards Wider Adoption Of Blockchain (Nasdaq) Blockchain is gaining momentum as an indispensable part of the future of all enterprises, businesses and governments. Blockchain, or the distributed ledger technology, possesses the power to trim enormous costs and efforts involved in carrying out intracompany and intercompany businesses operations across sectors

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

cybergamut Technical Tuesday: SS7, SWIFT, and Checking: Closed Network Evolution and Exploitation (Elkridge, Maryland, Calverton, June 21, 2016) A recent 60 Minutes article on extracting mobile phone information from the SS7 telephone carrier signaling network crystalized some thoughts I’ve had for a while on the evolution of closed networks over time and the security implications of opening closed networks. This talk examines that issue using three case studies: the SS7 demonstration, the recent theft of $81 million dollars from the New York Central Reserve Bank belonging to the Central Bank of Bangladesh using the SWIFT network, and the enormous but generally unremarked shift about 10 years ago from the paper check to digitized check information as a negotiable instrument for moving money between bank accounts. All three involve complex networks with both “real world” and digital network dimensions, and illustrate how authentication and trust design decisions (explicit or implicit) made when a network is first created can lead to exploitation opportunities as that network and the way it’s used evolves over time. Jeff Kuhn of Amches, Inc. will present the topic.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

DNC hack looks like Russia's work, but Guccifer 2.0 still says no. (Nyet?) Ransomware notes, US Federal cyber contracting, and the return of Wassenaar.