The CyberWire Daily Briefing 06.22.16

Summary

By The CyberWire Staff

Bloomberg says unnamed sources claim that the Clinton Foundation was breached by Russian attackers, presumably the same actors who hit the Democratic National Committee.

That DNC hack still looks like the work of Russian intelligence services. Fidelis, one of the companies brought in to investigate the matter, says the attack code was too sophisticated to be the work of a “script kiddie,” and that it has the appearance of a nation-state operation. Thus it would appear that lone hacker Guccifer 2.0, who claimed the attack as his work, is either 1) a hoaxer, 2) a disinformation operation by Russian intelligence services, or 3) an actual hacker who rioted in coincidentally alongside the FSB and GRU. The third possibility can’t be dismissed out of hand; it’s happened before.

Industrial control system manufacturers and their customers are increasingly worried about their growing attack surface. Speculation about whether grids around the world are vulnerable to the sort of attack that hit Ukraine last December reaches a wishy-washy consensus of well, possibly.

Several Android exploits are circulating. Malwarebytes is tracking “Pawost” (which phones home to China). Trend Micro reports on “Godless” (rooting phones in South Asia).

Trend Micro also describes "Mangit," a commodity banking-Trojan-as-a-service from the Brazilian mob).

Data lost in the LinkedIn breach are being linked to secondary breaches at other services.

In industry news, analysts assess the needs of the cyber insurance market and the prospects of bellwether publicly-traded security companies. Behavioral analytics shop LightCyber gets $20 million in Series B funding.

A note to our readers: today we're in Laurel, Maryland, covering the Cyber 7.0 conference. We'll be tweeting throughout the day; watch #HoCoCyber7. And we'll have a report on the event in tomorrow's issue.

Notes.

Today's issue includes events affecting Algeria, Australia, Brazil, China, India, Indonesia, Iran, Ireland, Japan, Malaysia, New Zealand, Philippines, Russia, Thailand, Ukraine, United Kingdom, United States and Vietnam

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Charles Clancy, Director of Virginia Tech's Hume Center, on the cyber challenges of transportation. We'll also speak with Ayse Kaya Firat from CloudLock on the security challenges third-party apps present. (As always, if you feel so inclined, please give us an iTunes review.)

Sponsored Events

Cyber Security Summit (Washington, DC, USA, June 30, 2016)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016)

Selected Reading

Cyber Trends

Supporting the IT edge is expensive, full of potential security risks (Help Net Security) Organizations are facing multiple challenges when managing the IT edge – at remote and branch offices. A Riverbed survey asked IT professionals about the various challenges they face in provisioning and managing remote and branch offices (ROBOs) and found supporting the IT edge was expensive, resource-intensive and full of potential data security risks

Most businesses would not pay in the event of a ransomware attack (Help Net Security) Business owners in the U.S. recognize the severity of ransomware and the potential disruption to business operations, yet 84 percent say they would not pay in the event of a ramsomware attack, according to IDT911. Of these business owners, some routinely back-up their business files and could therefore restore processes, whereas others simply wouldn’t pay cybercriminals—even if it meant not recovering information

Kiwi and Aussie workers' security attitudes concerning, says ESET (IT Brief) While it seems internet users in Australia and New Zealand have strong knowledge of cybersecurity best practices, they are rarely applying this knowledge at home, according to new research from ESET

Legislation, Policy and Regulation

Global Internet commission: Leave crypto alone, ditch opaque algorithms (Ars Technica) Governments should agree on a list of "legitimate targets" for online attacks

Snooper's charter: GCHQ will be licensed 'to hack a major town' (Guardian) Legislation will permit security services to hack all phones and laptops in an entire town, as long as it is overseas

Dept. of Justice Makes Plea for Mass Surveillance, Hacking (Threatpost) The Department of Justice is countering a growing chorus of privacy advocates who are against a rule change that will greatly expand law enforcement’s ability to hack into computers located around the world. In a blog post to the DoJ website late Monday, Assistant Attorney General Leslie Caldwell argued law enforcement must not be stymied in child porn and ransomware investigations by being forced to obtain dozens of warrants to search complex botnets and Tor to find the bad guys

Changes to Rule 41 will increase law enforcement hacking, surveillance (Help Net Security) The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web

GOP Urges Homeland Security to Partner with Cybersecurity Startups (Emergency Management) House Majority Leader Kevin McCarthy is pushing for legislation in Congress as part of a broader effort to encourage innovation in the federal government

Inside the Pentagon's secretive preparations for a 'cyber 9/11' (Military Times) The massive coordinated cyber attack began with rolling blackouts throughout the electrical grid stretching across the Midwest, leaving up to 10 million Americans' homes without power and businesses unable to process credit and debit card purchases

Products, Services, and Solutions

PhishLabs Launches New T2 Threat Intelligence Service Delivering Near Real-Time Intelligence on Active Spear Phishing Campaigns and Persistent Threats (APT) (PhishLabs) Comprised of intelligence gathered from expert investigations into active spear phishing campaigns, T2 Threat Intelligence alerts defenders to threat indicators far in advance of other intelligence sources

Tenable Network Security Helps Customers Automate and Simplify Security with Expanded Support for World’s Leading Cybersecurity Frameworks (BusinessWire) Tenable Cybersecurity Frameworks solution supports CIS Critical Security Controls, ISO/IEC 27000 and NIST Cybersecurity Framework, giving customers critical context to measure conformance in real time

OptioLabs Announces New Pilot Program for OptioCore and OptioInsight (BusinessWire) Successful adoption from leading Android OEMs is sparked by enterprise and government applications

Microsoft announces new data protection tool to help enterprises secure their data (TechCrunch) Microsoft today announced a new project that aims to help enterprises protect their data as it moves between servers and devices. The new Azure Information Protection service builds on the Azure Rights Management service and the company’s recent acquisition of Israeli security firm Secure Islands. The new service will go into public preview in the next month

Startup Spotlight: Demisto's Security Chat-ops Platform (eSecurity Planet) Four McAfee veterans create a security operations platform that combines automation, collaboration and a clever bot

K2 Intelligence and Confer Partner to Deliver Managed Security Service (PRNewswire) Partnership offers world class investigative expertise paired with industry leading endpoint security to detect and mitigate cyber threats

Zemana AntiMalware: Antivirus Software That Blocks The Threat Before It Occurs (FileHippo) There are a lot of options when it comes to antivirus software, but Zemana offers real-time scanning and sandboxing, without limits on removal

SecureAuth Threat Service Helps Protect Against Cyber-Crime (eWeek) The platform provides context around an IP address such as the attack types and classification of the threat actors and infrastructure involved

Tanium's Ralph Kahn on 'the death of silver bullet security' (FedScoop) Network security specialists recognize that traditional endpoint security and perimeter defenses are simply inadequate to protect today’s networks

Lookout Expands Mobile Threat Protection with Introduction of Network Layer Security (PRNewswire) Man-in-the-middle protection brings large enterprises peace of mind as their workforce connects on the go

Bitdefender BOX Upgrade Identifies Weakest Link in a Home's Defense Against Ransomware, Data Theft, Privacy Invasions (PRNewswire) Vulnerability Assessment detects devices that jeopardize your safety; Active Threat Control detects malware based on behavior

Versa Networks Receives Firewall Certification From ICSA Labs (MarketWired) Versa FlexVNF™ demonstrates that Virtual Network Function (VNF) firewalls can provide enterprise-grade security and performance

Avast Unveils Zero-Second Threat Detection in its New, High-speed Version of Its Flagship Antivirus Products (BusinessWire) Installed on a Windows 10 PC, the Nitro update to Avast Antivirus means the computer performs faster than without Avast

The Not-So Odd Couple of DDoS and WAF (Radware) As the saying goes in the real world, “necessity is the mother of invention.” However, those of us that work in the technology sector know that this isn’t always the starting point or source in our arena. There are volumes of cautionary tales and vast, virtual graveyards of “products looking for a problem to solve.” Often, these come about when vendors look across their technology portfolio and identify logical interactions that only they can see. Other times they occur through overzealous business development efforts, a sort of unfortunate “you got your chocolate in my peanut butter” scenario where the result tastes anything but sweet

Security firms use new tools to spy on attackers (Examiner) The ongoing saga of cybersecurity threats and breaches around the globe has led to increased scrutiny of technology’s ability to protect against them. And there are emerging signs that investors and security experts are willing to take a more aggressive approach which involves not simply hiding behind a defensive wall, but leaping over it and hunting down the bad guys in cyberspace themselves

Technologies, Techniques, and Standards

Where does your cloud data live? 3 questions to ask (Help Net Security) There’s a common thread behind every security pro’s cloud-related fears: control. Whether your company’s infrastructure revolves around a cloud-centric strategy or regulates cloud projects to a minor scale, the same security concerns dominate every interaction an organization could have with cloud services

Five Security Threats to Watch Out for This Summer (VIPRE Security News) It’s summertime, and that means some much-needed vacation for most of us out there. But with people out of the office and working from remote locations more often, they’re likely to let their guard down, increasing the risk of data breach incidents. From malware to hackers to malicious insiders to data thieves, there’s no shortage of security concerns

Security through obscurity never works (SANS Internet Storm Center) In last couple of years, I’ve been increasingly working on penetration testing mobile applications. I must admit: this is fun. Not only it’s a combination of reverse engineering (static analysis) and active packet/request mangling, but mobile applications bring with them a whole arsenal of new attack vectors (I plan to cover these in a series of diaries since I held a presentation about that last week at SANSFIRE – we’ll post the handler presentations on the web site soon too; and I also attended the SEC575: Mobile Device Security and Ethical Hacking course with fantastic Chris Crowley, one of the best SANS instructors for sure)

Marketplace

Groundbreaking Survey Shows What’s Broken That’s Affecting Cyber Insurance (WFMJ) PivotPoint Risk Analytics, SANS and Advisen announced today the results of an industy-first joint survey that shows while cyber insurance is a young and rapidly evolving product — which can leave organizations with an uncertain sense of protection — there is a set of gaps that can be bridged to help cyber insurance mature faster and be seen as a more effective risk transfer vehicle

The Biggest Losers in the Microsoft/LinkedIn Merger Could Be Other Social Networks ({e} Mazzanti Technologies) Microsoft has swung for the fences by buying LinkedIn. Observers are waiting to see what happens, but are a bit skeptical because the purchase comes after a string of not-so-hot at bats, such as its 2013 acquisition of Nokia’s handset business, a $7.2 billion write-off; aQuantive, an online display advertising company bought for $6.3 billion; and even Skype, an $8.5 billion investment that has yet to create significant value

'Hack The Pentagon' Paid 117 Hackers Who Found Bugs In DoD Websites (Dark Reading) Defense Department's historic bug bounty pilot yields 138 valid reports of vulnerabilities, most of which were fixed within two days

Meet the 18-Year-Old Who Hacked the Pentagon (Threatpost) Ask David Dworken when he was in tenth grade what a cross-site scripting vulnerability is and you might get a strange look from the Alexandria, Va., teen. Fast forward two years and pose the same question Dworken and you’ll get a well-versed answer from the now white hat hacker and recent high school graduate

Google Engineer Donates Bug Bounty Reward to Amnesty International (Softpedia) T. Ormandy donates $15,000 reward to Amnesty International

Cisco Will Ride The Cybersecurity Wave Higher (Seeking Alpha) Cisco Systems has benefited and will continue to benefit from the widespread adoption of cybersecurity. M&A has boosted the company's security offerings, which has translated down the financial statements. Security will fuel growth at Cisco for years to come

Symantec - Don't Chase This Stock After Blue Coat Deal (Seeking Alpha) Symantec's acquistion of Blue Coat has been well-received. The deal brings growth and strategic benefits at a steep price, as Symantec will operate with net debt going forward. I think that enthusiasm surrounding the deal and Symantec is overdone, as the 2018 guidance might be too optimistic

Here’s Why Imperva (IMPV) Stock is Spiking Today (The Street) Imperva (IMPV) stock is soaring on Tuesday afternoon after Elliott Management launched a late-day activist campaign and began a dialogue with the cyber security solutions company

A FireEye Chat with Kevin Mandia (Network World) Company focused on engineering innovation, threat intelligence utilization, and security-as-a-service rather than Wall Street capriciousness

Accenture delves further into cybersecurity arena with new acquisition (CIO Dive) Accenture announced Monday that it acquired Israeli-based Maglan, a cyber forensics and simulation services provider. The acquisition "advances Accenture’s strategy of leveraging Israel as a cybersecurity innovation hub to provide clients with cross-industry cyber defense consulting," according to Accenture's announcement. The acquisition includes plans for a new R&D center that will leverage artificial intelligence and advanced analytics to predict coming attacks

LightCyber lands $20 million Series B to secure networks using behavioral analytics (TechCrunch) Every network is under siege these days as attackers search for a way in. The industry lingo calls them attack vectors, but that just means a hacker finds a weak link in the network and exploits it. Once they’re in they begin to do damage, but in doing so, they behave in ways that might be out of the ordinary coming from that particular machine

NICE Systems LTD. to Change Company Name to NICE LTD. (BusinessWire) New name reflects company transformation to enterprise software

NSFOCUS Wins Microsoft Mitigation Bypass Bounty Award For Fourth Consecutive Year (BusinessWire) NSFOCUS, a global network and application security provider, today announced that it has received the prestigious Microsoft Mitigation Bounty Award for the fourth consecutive year. NSFOCUS is the only company to have received this honor four times in a row, demonstrating the company’s commitment to comprehensive and innovative threat research and analysis

Flashpoint Appoints Chris Camacho as Chief Strategy Officer (PRNewswire) Flashpoint, the global leader in Deep & Dark Web data and intelligence, has appointed cyber security industry luminary Chris Camacho as the company's Chief Strategy Officer. Camacho will be responsible for developing, leading, and implementing cross-functional strategic initiatives across the company. He will ensure that all facets of the company, from product to sales to marketing, are aligned with the company's strategic vision to deliver the most salient intelligence to its customers to help them understand and mitigate risk

U.S. Marine Corps General John Allen (Retd.) Joins SparkCognition Board (PRNewswire) Former Commander International Security Assistance Force (ISAF), Deputy Commander US CENTCOM, Special Envoy to the President working with artificial intelligence leader

EY Announces Cylance CEO Stuart McClure Named EY Entrepreneur of the Year® 2016 Technology Award Winner in Orange County (PRNewswire) EY today announced that the Co-founder, President and CEO Stuart McClure of Cylance Inc., the first cybersecurity company to successfully apply artificial intelligence algorithms to predictively identify and stop malware and advanced threats, received the EY Entrepreneur Of The Year® 2016 Award in the Technology category in Orange County

Security Patches, Mitigations, and Software Updates

Blackphone users get a virtual privacy assistant (Help Net Security) Silent Circle has pushed out a new version of Silent OS, the operating system running on Blackphone 2 devices, and it comes with several privacy and security enhancements, including a virtual privacy assistant

Google Simplifies Two-Step Verification (Threatpost) Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services

Google’s new authentication option: a tap on the screen (Help Net Security) Google knowns that usability is a pre-requisite for security, so they’ve come up (yet again) with a new option within the 2-step verification feature for Google accounts: Google prompt

Cyber Attacks, Threats, and Vulnerabilities

Clinton Foundation Said to Be Breached by Russian Hackers (Bloomberg) The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the U.S. political apparatus ahead of the November election, according to three people familiar with the matter

Guccifer 2.0: Red Herring Or Third DNC Hacker? (Dark Reading) CrowdStrike and Fidelis say all evidence for intrusions at DNC points to Russian-backed groups

Hackers Infiltrated Ukraine's Power Grid. What's Next? (New America) A massive power outage in December left more than 200,000 people in the dark in Western Ukraine. It was the first time a cyberattack successfully took down a portion of a country’s power grid. Rob Lee, cofounder of cybersecurity company Dragos Security and a former US Air Force Cyberoperations Officer, personally investigated the Ukraine hack. He joins the Cybersecurity Podcast to discuss how hackers took out Ukraine's electricity, what more can the US government and companies do to safeguard the American power grid, and the challenges researchers face when trying to test threats to critical infrastructure

Why a Ukraine-style hack on US power grid isn't likely (Christian Science Monitor Passcode) Rob Lee, cofounder of cybersecurity company Dragos Security, who personally investigated the Ukraine hack, downplays the imminent risk of a major, isolated attack on the US power grid.

Concerns about security, information sharing up among industrial control system security pros (CSO) Security managers working with ICS are increasingly concerned about security

Android malware uses Google Talk to call Chinese numbers (Graham Cluley) But who is on the other end?

Dial M for malware: 'Pawost' trojan hijacks Android phones to make unauthorized calls (SC Magazine) A recently discovered mobile malware program is giving Android devices a mind of their own, causing them to use the messaging service Google Talk to secretly and repeatedly place outgoing calls to mysterious phone numbers approximately every two minutes

New Android malware can secretly root your phone and install programs (ComputerWorld) The Godless malware has mainly hit India and other parts of southeast Asia, Trend Micro says

Newly Discovered Mangit Malware Offers Banking-Trojan-as-a-Service (Virus Guides) Security experts from Trend Micro have discovered a new malware family called Mangit. The newly-found malware is linked to the Brazilian hacking underground, where it’s peddled as a Banking-Trojan-as-a-Service offering

Check Point tracks two waves of Cerber ransomware hitting U.S., UK (SC Magazine) Updated: A team of Check Point researchers have tracked two large waves of attacks using Cerber ransomware in the last few months with more spikes in the number of incidents expected

Online backup firm Carbonite tells users to change their passwords now (Graham Cluley) Never use the same password for multiple sites

Bitcoin Phishing Campaign Uncovered (Threatpost) For the last month, attackers have used a combination of phishing and typosquatting to carry out a campaign aimed at stealing Bitcoin and blockchain wallet credentials

Bitcoin rival Ethereum fights for its survival after $50 million heist (Ars Technica) Crypto anarchists' dream of decentralized currency faces nightmare scenarios

Phishing, Whaling & The Surprising Importance Of Privileged Users (Dark Reading) By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all

LinkedIn data breach blamed for multiple secondary compromises (CSO) Services like Citrix's GoToMyPC provide front door access, but they're not at fault

Akamai Says Subtlety Is Out, Brute Force Is In for Identity Theft (IBM Security Intelligence) Subtlety is out when it comes to compromising user credentials. Instead, cybercriminals are looking to brute-force their way in, take what they can and get out. Consider the case of GitHub: As noted by TechCrunch, the online code repository recently announced that there have been “unauthorized attempts to access a large number of GitHub.com accounts” using credentials stolen from other hacked sites

Top website domains are vulnerable to email spoofing (CIO) A security firm looked at the email authentication systems of top websites

Unsecured security cameras lead to privacy erosion (Help Net Security) The results of a recent analysis of some 6,000 open security cameras across the United States has shown that 15 percent of them are located in users’ private homes

Academia

UTSA Center for Infrastructure Assurance and Security celebrates 15 years as a leader in cybersecurity (UTSA Today) The University of Texas at San Antonio (UTSA) Center for Infrastructure Assurance and Security (CIAS) celebrates its 15th anniversary this month. The Center opened in 2001 as UTSA’s first cybersecurity center. Over the past 15 years, the CIAS has established itself as a leader in cybersecurity competitions, top-tier research, security exercises, and state and local cybersecurity programs

Facebook and Twitter blocked to keep students from cheating in Algeria (Naked Security) Algeria is the latest country to block Twitter and Facebook in an attempt to keep students from cheating on exams

Litigation, Investigation, and Enforcement

Microsoft invokes Supreme Court opinion in Ireland email case (IDG via CSO) The court has ruled that U.S. laws cannot apply overseas unless Congress clearly says so

Calgary family with house on ISIS hit list right to feel 'disconcerted,' terror expert says (CBC) Terrorist groups use randomness to produce fear, intelligence consultant says

Design and Innovation

Opinion: How we can finally kill the password (Christian Science Monitor Passcode) Innovative biometric technology that relies on human traits as security measures is the answer to beating back threats from malicious hackers

The Quantum Security Prognosis: Remote Health Care and the Edge of the Internet (IBM Security Intelligence) Quantum computing is now more than a mere buzzword, with big technology players purchasing quantum systems or designing their own. Substantial tech investment is also happening in a seemingly unrelated field: remote health care. A study from Research and Markets noted that the Internet of Things (IoT) health care market is headed for 37.6 percent compound annual growth rate over the next four years as companies look for ways to supply doctors and patients with the data they need on demand

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.