
Russian intel updates. CCTV-botnet DDoS. DarkOverlord, the IRS, OPM, and M&A. If OurMine comes calling, think twice before paying.
Hacker “DarkOverlord” is offering more than 9 million health insurance records for sale in a dark web souk at the reported price of $700,000 in Bitcoin. It’s unconfirmed that the data are genuine, and, if genuine, it’s unknown what companies were breached.
TrapX warns of the risk to medical data posed by medical devices still running Windows 7 and Windows XP.
SecureWorks claims that “Threat Group 4127” (a.k.a. “APT28,” “Sofacy,” “Sednit,” “Fancy Bear,” and “Pawn Storm”—a GRU operation, according to CrowdStrike, if you’re keeping score) has targeted some 1800 targets in addition to the Democratic National Committee.
Google CEO Sundar Pichai’s Quora account was hacked by “OurMine,” a group that claims to be providing a security testing service. Essentially no one believes them legitimate.
Check Point claims its Investigative Report spooked the Nuclear exploit kit’s criminal impresarios into taking down their wares.
According to Sucuri an IoT-based distributed denial-of-service campaign against a jewelry store has been mounted using a botnet of 25,000 security cameras.
The US Internal Revenue Service, seeing more “questionable activity,” has decided to retire its troubled electronic filing PIN tool. The US Office of Personnel Management has acknowledged what informed observers have long said: the breach it suffered of its security clearance management system affected “tens of millions” of family, friends, neighbors, and associates of the 21.5 million clearance seekers.
In industry news, rumors continue to say Intel is working toward a sale of its security division. Investcorp acquires Coresec. Cisco buys CloudLock for $293 million.
Notes.
Today's issue includes events affecting Albania, Australia, China, European Union, Georgia, Germany, Israel, Italy, NATO, Norway, Philippines, Russia, Singapore, Ukraine, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Ben Yelin on the strange case of the FBI's raid of a security researcher who exposed an unprotected cache of medical data. And we'll talk with Tejas Vashi from Cisco about that company's scholarship program. (And as ever, if you're so inclined, consider giving us an iTunes review. We appreciate them.)
Cyber Attacks, Threats, and Vulnerabilities
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group (Dark Reading) The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks
Russia Is Reportedly Set To Release Clinton's Intercepted Emails (Oil Price) Reliable intelligence sources in the West have indicated that warnings had been received that the Russian Government could in the near future release the text of email messages intercepted from U.S. Presidential candidate Hillary Clinton’s private e-mail server from the time she was U.S. Secretary of State
Hacker Puts 9.3 Million Records Up for Sale from Healthcare Insurance Company (Softpedia) Hacker says he used an RDP zero-day to hack the company
Hacker selling 9.2m US hospital records and social security numbers on the Dark Web (International Business Times) The plaintext 2GB database contains personal sensitive information on 9,278,352 Americans
Attackers Wrapping New Tools In Old Malware To Target Medical Devices (Dark Reading) Hospital equipment running old operating systems providing safe harbor for data theft, TrapX says
Cerber Strikes With Office 365 Zero-Day Attacks (Dark Reading) Ransomware variant continues its success through chameleon-like reinvention
Bart ransomware shows it can be effective without sophisticated encryption (CSO) The new malware program locks user files in password-protected ZIP archives
New CryptXXX variant has earned more than $60,000 in payments (CSO) Updated release fixes previous code flaws, preventing the use of decryption tools
Check Point claims its report has shut down the Nuclear EK (SC Magazine) Check Point Software Technologies is claiming that once it released the Check Point Investigative Report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation
Google’s Sundar Pichai has been hacked - which CEO will be next? (CSO) The hacking group OurMine said it plans to target more tech execs and celebrities
Meet OurMine, the ‘Security’ Group Hacking CEOs and Celebs (Wired) Black hats hack for espionage, crime, and disruption. White hats hack to defend, digging up security vulnerabilities so that they can be fixed. And then there are the confusing ones: hackers whose black hats are covered in the thinnest coat of white paint, or so patchwork that even they don’t seem to remember which color they’re wearing
25,000-strong CCTV botnet used for crippling DDoS attacks (Help Net Security) A DDoS attack against a jewelry shop website has lead researchers to the discovery of a CCTV botnet comprised of some 25,000 cameras from around the globe
Large botnet of CCTV devices knock the snot out of jewelry website (Ars Technica) Welcome to the Internet of things, where security is lax or altogether nonexistent
Large CCTV Botnet Leveraged in DDoS Attacks (Sucuri) Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention because of the intensity and duration of the attack, and – as we discovered through some research – how it was being done. In this article, we’ll share the specifics in an effort to track down the vulnerable devices and to help get them patched
Empty DDoS Threats: Meet the Armada Collective (Cloudflare) Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't paid in Bitcoin
UK banking customers targeted with Retefe Trojan with MitM capabilities (Help Net Security) UK users are the latest targets of cyber crooks leveraging the Retefe banking Trojan and a rogue root certificate
IRS hacked again – say goodbye to that PIN system! (Naked Security) In the wake of automated attacks speeding up, the US tax overlords – the Internal Revenue Service (IRS) – has likewise sped up plans to deep-six its repeatedly hacked PIN system
OPM Acknowledges Family Members of Hack Victims Also Affected (Nextgov) A historic background check breach that the Office of Personnel Management had said impacted 21.5 million individuals also compromised potentially tens of millions of more people than initially disclosed, according to OPM's website
Cybersecurity Resource Center (Office of Personnel Management) This section of the website will be updated with answers to questions that you have about these incidents and the notification process
Privacy pitfalls of Facebook using your location to suggest friends (Help Net Security) If you are a Facebook user and you haven’t guessed by now that it will sometimes suggest “friends” based on the fact that you happened to be at the same place at the same time, you should know that it does
Cyber Trends
Cryptography pioneer Marty Hellman calls for compassion in personal, cyber, and international threats (TechCrunch) It’s been a long time since Marty Hellman and his collaborator Whitfield Diffie ushered in a new era of private communication with their invention of public key cryptography — but better late than never when it comes to winning the Turing Award, referred to by some as the Nobel Prize for technology
Phreaks and Geeks (National Geographic Channel) Computer hackers aren’t a major threat until one sends the FBI on a cat-and-mouse hunt in the 1980s, shaping online security in today’s digital age
Study: Encryption use increase largest in 11 years (CSO) Enterprise use of encryption saw the largest increase over the past year in over a decade, according to a report released today by the Ponemon Institute
Staying Ahead of the Cybersecurity Threat (Automation World) Evolving cyber attacks require evolving defenses. At its users group meeting in San Antonio, Texas, Honeywell executives explain the need to get away from purely reactive approaches
Skills and Self-Awareness Are Keys to Installer Cyber Security Success (IFSEC Global) Having the right skills and the courage to challenge product manufacturers and suppliers on poor data security features will play an increasingly important role in determining success the new cyber security solutions market
Marketplace
ODNI wants help securing biometric systems (FedScoop) A biometric system to verify travelers exiting the country could be in effect as soon as 2018
Insecurity for Cybersecurity (Bloomberg Gadfly) There's been no better magic word than "cybersecurity" to crack open technology investors' wallets
The Cybersecurity Ecosystem Is Ripe and Striving (Tech.co) In the past 18 months, news has broken about several data security breaches that impacted thousands of people, caused embarrassment to many corporations, and resulted in both financial and privacy loss. Even celebrities have suffered public humiliation when their personal information was hacked and leaked to the public. While this is horrible news to all of those impacted, the result is that individuals and businesses are now more willing than ever to invest in cybersecurity. This makes the cybersecurity ecosystem a near perfect environment for enterprising, startup founders. Keep reading to learn more about cybersecurity trends and innovations, a few cool startups, and some challenges that people moving into this space might face
Cisco to acquire API-based app security startup CloudLock for $293M (TechCrunch) Twilio isn’t the only company that is banking on API-based services as the way forward for enterprises. Today, Cisco announced it plans to pay $293 million in a mix of cash and equity to acquire CloudLock, a cloud-based security provider that uses APIs to let enterprises apply and monitor security on documents and other content that they share and store in cloud-based applications
Bahrain’s Investcorp to acquire European cyber security firm Coresec (Gulf Business) The deal follows Investcorp’s acquisition of cyber security firm SecureLink last year
Intel mulls sale of Intel Security – reports (Register) The game done changed
As Symantec flexes its muscle in security, who will step up to the challenge? (TechCrunch) Intel wants to sell its McAfee security business, which was acquired for $7.7 bn in 2010. And Symantec just acquired Blue Coat for $4.7 billion
Rapid7: Much Of The Correction Seems To Be Over (Seeking Alpha) The stock has corrected significantly, but the risk/reward ratio for Shorts does not look as impressive anymore. Breakeven still far away, but new offerings and consolidation in the space may provide a floor. The weak market looks like a decent opportunity to cover Shorts
Palo Alto Networks: A Bargain or a Bust? (Motley Fool) The cybersecurity upstart is taking a beating. Some value investors may see an opportunity -- but is it?
ObserveIT, Led by Ex-NHL Defender, Looks to Shut Down Cyber Threats () Some comparisons between business and sports are cliché. But when it comes to leadership in cybersecurity, having a CEO who knows how to play defense can be pretty relevant
IBM to set up cyber centre in Canberra (ZDNet) Led by a former federal police assistant commissioner, the new centre is intended to bring together business and government to tackle security issues
Email encryption expert Zertificon moves to larger offices (Zertificon) The German email encryption company Zertificon is growing steadily. After five years in the north of Berlin the offices eventually became too small. The relocation to Neukoelln in Berlin gives ample possibilities to expand and develop in the next few years
MobileIron Names Rege chief marketing and strategy officer (Telecompaper) Mobile enterprise security company MobileIron announced that Ojas Rege has been named chief marketing and strategy officer, reporting to CEO Barry Mainz. Rege has nearly 30 years of experience in technology, including 16 years in mobile. He joined MobileIron in 2008 to lead product and marketing
Former Check Point executive, Kurt Hansen, joins Tesserent (ARN) Former Check Point A/NZ chief heads up global sales for network security vendor
Retired U.S. Air Force Lieutenant General Joins Lookout's Federal Advisory Board (PRNewswire) Lookout, the global leader in securing mobility, has welcomed Ronnie Hawkins, Jr., retired Lieutenant General, U.S. Air Force and current president of the Hawkins Group to its Federal Advisory Board. Hawkins brings nearly four decades of business, military, and academic experience to this post
Products, Services, and Solutions
Virtru Sets a New Standard for Seamless Data Protection by Allowing Users to Search Full Text of Encrypted Content (Yahoo! Finance) With industry's first privacy-preserving encrypted search, users can now search and find encrypted content without weakening data protections or exposing content to any third party
Versasec Announces Partnership with Yubico (Versasec) Yubico to host webinar with its first card management system vendor
Guy Carpenter and Symantec join forces to develop cyber model (Consultancy.uk) Increased sophistication and volumes of cyber attacks, as more and more companies and government leverage online IT systems, are causing a headache for a range of stakeholders — from the companies themselves, to their insurers. In a bid to improve the understanding of risks within a rapidly changing environment, with little historic data, Guy Carpenter and Symantec have joined forces to develop a cyber aggregation model
ThreatQuotient Wins NVTC’s 2016 Hottest Cybersecurity & Safety Innovation Award (BusinessWire) Company honored at 15th Annual Northern Virginia Technology Council Hot Ticket Awards
NSFOCUS Wins 2016 Information Management Award (BusinessWire) NetworkWorld Asia names NSFOCUS solution “The Most Promising Cyber Security Solution”
Protected Media's Cyber Security Solution for Ad Fraud Wins CYBERSTORM Competition (PRNewswire) Protected Media, a pioneer in fighting ad fraud with cyber security technologies, announced today it won the Cyberstorm Competition sponsored by YL Ventures as part of the 6th Annual International Cyber Security Conference held at the Tel Aviv University
How Splunk's Customers Discovered Its Security Business (Forbes) “Splunk started as a tool for IT people to interact with log data and connect the dots,” said Haiyan Song, the company’s SVP of Security Markets. “Customers could download a free version, so that created a viral effect, and enabled a big community of users who would come up with ideas"
Barracuda Expands Intronis MSP Solutions Security Offerings (BusinessWire) Next-generation firewall appliance simplifies advanced network protection for customers
WISeKey Collaborates with SAP to Help Secure IoT Edge Devices (BusinessWire) WISeKey (WIHN.SIX), a Swiss based cyber security company, today announced plans to help secure Internet of Things (IoT) devices with SAP (NYSE: SAP), the world’s largest provider of enterprise applications. The collaboration aims to allow the integration of WISeKey’s Managed Cryptographic Root of Trust secure IoT Edge Device with devices leveraging SAP HANA® Cloud Platform for the Internet of Things (IoT)
Free 'CANSPY' Car-Hacking Tool On Tap (Dark Reading) French researchers at Black Hat USA will release plug-in tool for testing vehicles for security vulnerabilities
Technologies, Techniques, and Standards
Building a new open standard for cloud-based digital signatures (Help Net Security) On July 1, 2016, a new European Union signature regulation (eIDAS) will go into effect, helping pave the way for global adoption of secure digital signatures. Aligned with this milestone that will help take digital signatures mainstream, Adobe today announced the Cloud Signature Consortium, a group comprised of leading industry and academic organizations committed to building a new open standard for cloud-based digital signatures across mobile and web – so anyone can digitally sign documents from anywhere
Google Chrome security tips for the paranoid at heart (TechRepublic) If you're a Google Chrome user who loses sleep about online privacy risks, check out these tricks to making your browsing experience more secure
Two-factor authentication (2FA): why you should care (Naked Security) Online security can feel a bit like an arms race sometimes, and it may seem like there’s always something new to keep track of. But many of the more tried-and-true security principles and methods have been around for a while, they just take a while to become more mainstream
The Blind Spot Between The Cloud & The Data Center (Dark Reading) Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and you're likely to get some confused looks. Here's why
Design and Innovation
Terabyte terror: It takes special databases to lasso the Internet of Things (Ars Technica) Non-relational databases can help take the pain out of corralling swarms of sensor data
Is Asymmetric Cryptography Necessary? (EE Journal) Rubicon Labs promotes symmetric-only for the IoT
I, Snowbot (New York) For a man accused of espionage and effectively exiled in Russia, Edward Snowden is also, strangely, free
Fake fingerprints: The latest tactic for protecting privacy (Christian Science Monitor Passcode) The Identity pad – a project to create artificial and reusable fingerprints – addresses the security and privacy risks associated with the growing use of biometric technology
Research and Development
Quantum cryptography is cyber security's new random weapon (Security Brief AU) A new research paper released today shows that quantum random number generation may be the new key to high-level encryption in the cyber security stakes
Research Brief: Cloud Security Alliance Issues New Paper on Understanding Quantum Random Number Generators (PRNewswire) The Cloud Security Alliance (CSA) today announced the availability of a new research brief from the Quantum-Safe Security (QSS) Working Group titled Quantum Random Number Generators, a whitepaper that looks to detail the impact of randomness on security in an effort to develop the building blocks for effective encryption
Quantum Random Number Generators (Quantum Safe Security Working Group, Cloud Security Alliance) Secure Sockets Layer (SSL) is still a widely used communications protocol that secures web transactions to support the growth of secure online commerce. In the early days, it was implemented in a well-known web browser using a pseudo-random number generator for key generation. Two graduate students reverse-engineered the code and noticed that the seed used by the pseudo-random number generator depended on the time of day and known system information. It was relatively easy for them to guess these quantities, which reduced the possible keys to test in order to crack the protocol. This serious security flaw reduced the time necessary to discover the key to as little as a few seconds, using only one regular PC
DHS wants to predict how malware will morph (CSO) It’s part of an effort to create defenses for the next generation of attacks
Academia
Singtel launches Work-Study Programme for SIT students (Telecompaper) Singapore Telecommunications (Singtel) has partnered with the Singapore Institute of Technology (SIT) to support work-study programmes aimed at nurturing infocomm technology (ICT) and cyber security talents. Singtel says the project aims to prepare students for their future jobs by equipping them with real-world skills
Legislation, Policy, and Regulation
Britain to have new prime minister by 2 September (Guardian) Party’s 1922 Committee sets tighter deadline than expected, with Theresa May and Boris Johnson likely frontrunners
David Cameron: We won’t trigger Article 50 now (Politico) British PM tells parliament that when to trigger negotiations is a ‘sovereign decision’ for the UK alone
Brexit casts doubt over new EU and NATO defense strategy (Reuters) Britain's departure from the European Union risks undermining Europe's new defense strategy, days before NATO and EU governments sign a landmark pact to confront a range of threats from Russia to the Mediterranean, officials say
Understanding Brexit’s Security Implications (Observer) Britain’s leaving is a big deal for the European Union, but not for Britain’s security—or America’s
Why NATO is missing the point with Russia (Euronews) Nato last week decided to classify cyber attacks as a potential act of war. The decision, as well as being poorly thought out, is just another example of the alliance’s US-driven obsession with Russia, according to one of Italy’s most senior military figures
Swaggering in Cyberspace: Busting the Conventional Wisdom on Cyber Coercion (War on the Rocks) Recent years have seen a steady evolution in the sophistication and aims of cyberattacks. While cyberespionage continues to threaten the sanctity of government and private sector data, cyberattacks have also been used to support real-world military operations; Georgia and Crimea easily spring to mind. Now, a new class of cyberattacks is being carried out in the absence of military campaigns. Cyber prophets have long discussed how independent cyberattacks could target critical infrastructure. A recent hack of Ukraine’s power grid brought these predictions to life
Russian ISPs will need to store content and metadata, open backdoors (Ars Technica) Online surveillance measures come as part of anti-terrorism legislation
In Russia, Internet backdoors you (CSO) I do so enjoy these moments where I can craft goofy headlines like that. In this case however, it’s spot on. While the entire world was watching the Brexit tire fire unfold, some news broke in Russia
Edward Snowden Criticizes ‘Big Brother’ Measure in Russia (New York Times) Edward J. Snowden, an American who took refuge in Russia after leaking a trove of classified United States data from global surveillance, has criticized a proposed Russian law as an assault on freedom of speech, and has been rebuffed in an effort to collect a free-speech prize in Norway
Senate Dem blocks intelligence authorization over FBI surveillance (The Hill) Sen. Ron Wyden (D-Ore.) placed a hold on an annual intelligence community authorization bill on Monday, amid a fight about FBI surveillance
Experts call energy infrastructure cybersecurity bill ‘shortsighted’ (FedScoop) "This is a shortsighted bill that misses the bigger picture," says one cybersecurity expert
Attention US-bound tourists: Social media accounts subject to inspection (Ars Technica) "Collecting social media data will enhance the existing investigative process"
DISA pushes analytic power to the tip of the spear (GCN) The Defense Information Systems Agency is readying an update to its Big Data Platform that could have significant impact for warfighters at the tactical edge
Litigation, Investigation, and Law Enforcement
Another 165 Pages of Hillary Clinton’s Emails Released (AP via Time) Including some she deleted
South Yorkshire Police probe cyber attack on force website (BBC) South Yorkshire Police are investigating a cyber-attack on the force website which shut the page for several hours
Woman Sues Microsoft for Automatic Windows 10 Upgrades and Wins (Hack Read) Microsoft was sued by a business woman in California after she witnessed automatic update on her computer which made it slow and hard to use
Filipino Man Charged In US For Identity Theft Of Celebrities (Dark Reading) Prosecutors allege defendant stole bank and credit card details to make purchases and wire transfers
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
CyberTech (Beverly Hills, California, USA, Jun 30, 2016) Since 2014, CyberTech has served as one of the largest cyber solutions events around the globe. From Tel Aviv, to Singapore and Toronto, CyberTech is one of the most popular networking events for industry leaders and government decision-makers on cybersecurity, technology, innovation and investment. CyberTech Tel Aviv, the largest cyber solutions event outside of the U.S., features over 12,000 participants annually from over 50 nations, including hundreds of exhibiting companies and startups from around the globe.
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
ISS World South Africa (Johannesburg, South Africa, Jul 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SINET Innovation Summit 2016 (New York, New York, USA, Jul 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.