The CyberWire Daily Briefing 06.29.16

Summary

By The CyberWire Staff

Yesterday’s fresh terrorist horrors—the suicide bombings at Istanbul’s airport—are inducing security officials worldwide to look for better ways of collecting and developing intelligence. Much of that collection will be online.

The Kyiv ISACA branch reports that an unnamed Ukrainian bank has lost $10 million to SWIFT-enabled funds transfer fraud. ISACA’s statement (cagey, since investigation remains ongoing, and its early stages) suggests, as reported by the Kyiv Post, that “dozens of banks (mostly in Ukraine and Russia) have been compromised.” The methods appear similar to those used earlier this year to look the Bangladesh Bank.

The DarkOverlord’s purported healthcare records remain for sale in the Real Deal dark web souk, but so far there’s no consensus about the data’s provenance. Whatever they are, the asking price is steep.

A Google security researcher reports an array of bugs in Symantec and Norton anti-virus products. Symantec has patched the issues.

A smishing campaign in Europe spreads paycard-stealing malware posing as WhatsApp, Uber, or Google Play.

Lookout adds to warnings that “autorooting” malware is gurgling around in the walled-but-permeable Google PlayStore garden. OptioLabs says that another popular PlayStore denizen, Flash Keyboard (about 50 million downloads) is also exhibiting some dodgy behavior.

Locky ransomware, which vanished for a brief season, is back, and in a newly virulent form. CryptXXX also continues to hit victims. A study shows US enterprises wavering in their resolve not to pay ransom.

A petition to revoke Brexit through another referendum appears to have been signed mostly by bots.

A note to our readers: The CyberWire won't publish Monday as we observe Independence Day (commemorating the Amexit of 1776—you may have heard of it). We'll be back as usual on Tuesday, July 5, with both our daily news summary and our podcast.

Notes.

Today's issue includes events affecting Bangladesh, Brazil, China, Iran, Israel, Japan, Democratic Peoples Republic of Korea, Nigeria, Russia, Ukraine, United Kingdom, United States

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.Today we'll hear from the University of Maryland's Jonathan Katz on Apple’s upcoming adoption of "differential privacy." We'll also talk with Booze Allen Hamilton's Jon Allen about the automotive ISAC and the upcoming Billington Automotive Cybersecurity Summit (see the link below to this sponsored conference). (As usual, we welcome reviews. If you're so moved, drop one on us at iTunes. We appreciate it.)

Sponsored Events

Cyber Security Summit (Washington, DC, USA, June 30, 2016)

E8 Security (Detroit, Michigan, USA, July 22, 2016)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016)

Selected Reading

Cyber Trends

Planes, Trains and Automobiles Increasingly in Cybercriminal’s Bullseye (Threatpost) The transportation industry is increasingly being targeted by cyber criminals who see the sprawling multi-billion dollar industry as ripe for financially motivated attacks

Cyber Threats Pose Risk to Ocean Cargo Supply Chain (Supply Chain Management Review) Supply chain managers see danger, too. According to a report from BDO USA, an accounting and consulting organization, manufacturers' intellectual property, data and products have also become prime targets for cybercriminals

Is Encryption Really Working? (PYMNTS) Encryption is now a payments best practice

IT skills shortage leading to cybersecurity issues, research argues (Cloud Computing) If a security system flags up an issue in your organisation and nobody acts on it, is it even an issue? Many organisations are acting that way, according to a report from Skyhigh Networks and the Cloud Security Alliance (CSA)

Les attaques de crypto-ransomware ont été multiplié par cinq, selon Kaspersky Lab (Global Security Mag) Le nombre d’utilisateurs ciblés par des attaques de crypto-ransomware explose, atteignant 718 536 entre avril 2015 et mars 2016, soit 5,5 plus que durant la même période en 2014-2015

Cyber Defense Goes on the Offensive (Institutional Investor) There is an adage, often invoked in sports, that the best defense is a good offense

SecureAuth Survey: 71% of Britons Place Internet Speed Above Online Security (MarketWired) Risky user behaviour drives real risk for businesses

Legislation, Policy and Regulation

China Inches Closer To Finalizing Strict Cybersecurity Law (Dark Reading) Second reading of cybersecurity draft over, measures indicate greater censorship in store for citizens

Attacks quiet down while China recalibrates its cyber ops (Defense Systems) Among the reasons for a reported overall decline in successful network compromises by Chinese groups since mid-2014 against U.S. and other western targets are ongoing military reforms that seek to centralize cyber activities, according to industry report that makes the case that China is recalibrating it use of cyber espionage

Germany to further curb activities of spy agency in wake of NSA scandal (Guardian) Angela Merkel’s cabinet signs off on reforms to keep country’s foreign intelligence agency on tighter leash

Army to go after cyber terrorists (Daily Trust) The Chief of Army Staff (COAS), Lieutenant General, Tukur Buratai, has vowed to go after detractors he described as terrorists who have migrated to cyber space. He made this known on Tuesday while fielding questions from journalists at the Army Headquarters in Abuja, during a press conference to kick start activities for the Nigerian Army Day Celebration (NADCEL), 2016. Asked for response to allegations in an online report that his family illegally owned properties in Dubai, Buratai said: “We have already defeated insurgents on the land, now they have migrated to cyber space and some electronic media”

Senator pushes for cyber protections in vehicles (The Hill) Sen. Ed Markey (D-Mass.) wants cybersecurity protections to be incorporated into all internet-connected vehicles

DHS cyber warriors will train with private sector (FedScoop) A pilot program called Exemplar will provide private sector training slots for 10 DHS technical staff working high priority issues

Products, Services, and Solutions

PivotPoint Risk Analytics Named Top 20 Most Promising Risk Management Solution Provider by CIO Review Magazine (PRWeb) PivotPoint Risk Analytics, a leader in cyber risk analytics, today announced it has been named as a Top 20 Most Promising Enterprise Risk Management Solution Providers for 2016 by CIOReview

Cylance® Named 2016 World Economic Forum Technology Pioneer (PRNewswire) Applying Artificial Intelligence to cybersecurity dramatically reduces the success of cyberattacks of every level of sophistication, including those from nation/states and cybercriminals

Light Point Security Unveils Most Powerful Browser Isolation Platform Yet With Latest Major Release of Light Point Web (InformationWeek) With unrivaled performance, security and ease of use, Light Point Security's latest offering further solidifies its position as the most advanced browser isolation platform

Symantec Gets into the VPN Game with Norton Wi-Fi Privacy (Cyber Shack) Symantec today announced the local launch of Norton Wi-Fi Privacy, a virtual private network (VPN) solution designed for smartphone users. Available for iOS and Android, Symantec says Norton Wi-Fi Privacy is pitched to customers using public Wi-Fi hotspots both locally and abroad

PhishMe Enhances Phishing Incident Response Platform (BusinessWire) PhishMe TriageTM improved with integrations, collaboration, ability to crowdsource threat rules and malicious attachment preview tool

NTT Communications Delivers Managed Private Cloud Solutions To Hewlett Packard Enterprise Customers (Sys-Con Media) NTT Communications Corporation (NTT Com), the information and communications technology (ICT) solutions business within NTT Group (NYSE: NTT), today announced the deployment of managed private cloud solutions to Hewlett Packard Enterprise (HPE) and NTT Com customers in the United States

Final is a plaster on the gaping wound that is U.S. credit card security (TechCrunch) Credit card fraud is an embarrassingly big problem for the banking industry, with an increasing number of companies launching products to patch the problems. The most recent example is Final, which today announced it is shipping its first consumer credit product with a radically new approach: disposable credit card numbers and card numbers locked to a single merchant

Could the virtual machine make firewalls obsolete in cyber security? (Computer Business Review) C-level briefing: Bromium CEO Ian Pratt explains how virtualisation could tackle the onslaught of ransomware

AdaptiveMobile's Signalling Protection Unveils Advanced SS7 GSMA Category 3 Threat Detection Capabilities (Broadway World) AdaptiveMobile, the world leader in mobile network security, today announced advanced SS7 “Cat 3” detection capabilities including Network Memory, Location Plausibility, and Remote Intercept as part of its industry-leading Signalling Protection

CrowdStrike Launches End-to-End Breach Prevention Bundled Packages (BusinessWire) New packages combine Falcon Host Endpoint Protection, Falcon Intelligence and CrowdStrike Pre- and Post-Response Services providing flexible options to meet individual customer needs

Ixia Expands CloudLens Support for Private Clouds (Yahoo! Finance) Ixia (XXIA), a leading provider of network testing, visibility, and security solutions, today announced that the company has extended the capabilities of its recently announced integrated cloud visibility platform, CloudLens™, to include support for Microsoft Hyper-V and VMware vNetwork Standard Switch (vSS)

EclecticIQ and Cosive ink partnership to bring advanced Cyber Threat Intelligence technologies to Australia and New Zealand (PRNewswire) As demand for advanced Cyber Threat Intelligence heats up worldwide, EclecticIQ and Cosive have formed a partnership that marries cutting-edge technology and field expertise to help organisations in the Australia, New Zealand and the Asia-Pacific region

The iPhone is Nine Years Old - and Still no Significant Malware Outbreaks (Graham Cluley) Apple started selling the Apple iPhone nine years ago today

Technologies, Techniques, and Standards

Six New Cybersecurity Certs that Address Hotly Demanded Skills (Go Certify) Cloud security concept file folder behind doorCybersecurity is one of the hottest fields in information technology and skilled cybersecurity professionals are in high demand. Threats to enterprise security evolve constantly and organizations require increasingly skilled specialists with the knowledge required to combat those threats

Not so fast: Some security defaults shouldn't change (InfoWorld) Contrary to popular belief, changing default settings doesn't always improve security -- and often backfires

FTC: mobile account ID theft epidemic, how to secure your phone on Verizon, AT&T, T-Mobile or Sprint (Phone Arena) When you lose your phone or it gets stolen nowadays, there is a lot more at stake than a few hundred bucks for the device itself. Your mobile account is not only linked with most of your personal info, but also with your mobile payment logins, and your digital identities in general. A new security report points out that it's precisely those mobile accounts now that are the the target of identity thieves, for all sorts of reasons

Twelve Principles of Data Ethics (Ethical Resolve) Ethical Resolve has helped author Accenture’s newly released Data Ethics report, and in particular took the lead role in writing the section Developing a Code of Data Ethics. Steven Tiell and I hashed these out with the assistance of multiple contributors. These 12 universal principles of data ethics are intended to help enterprises and professional communities develop tailored codes of ethics to guide responsible data use. Let us know if your organization needs assistance instantiating these principles

What is encryption? (Computer Business Review) How algorithms are used to scramble communications

Marketplace

OpsClarity Announces That 92% of Companies Surveyed Are Increasing Investment in Real-Time Analysis of Human and Machine-Generated Data (MarketWire) New 2016 State of Fast Data & Streaming Applications survey reveals technological shift in favor of instant analysis

Businesses are unprepared for emerging threats (Help Net Security) Organizations are failing to appreciate the growing challenges of protecting their data and, as a result, are experiencing the economic impact of data loss, according to EMC

US artificial intelligence market set to surge (Help Net Security) The artificial intelligence market in the US is projected to grow at a CAGR of 75% until 2021 on account of increasing AI technology adoption, according to TechSci Research

Army cyber events tag-team to attract new technologies (US Army) Cyber Blitz. Cyber Quest. Cyber Innovation Challenge. Feeling the whiplash? Good -- then hackers and attackers will, too

Top 3 Ways to Hack the Pentagon (Motley Fool) For just 1% the cost of a small government contract, the Pentagon just discovered 138 vulnerabilities in its computers

Siemens Will Put $1.1 Billion Into New Startups Unit (Fortune) Among the areas it wants to grow: decentralized electrification and AI

Is Rapid7 Moving Fast Enough To Make It A Good Investment? (Seeking Alpha) Rapid7 is yet another vendor of enterprise class cyber security solutions. The company is not in the "next generation" firewall space and does not compete against the best known names such as Check Point and Palo Alto. This company focuses on security from a different perspective, often referred to as security data analytics, and it uses next-generation behavioral analytics coupled with fast search as its backbone technology. The company, while small, has enjoyed substantial growth over the last several years and is expected to achieve over $150 million of revenue and 40% top line growth. The company is loss-making at its scale although there have been some improvements in profitability in the last several quarters

Why Cisco Just Paid $300 Million for This Cloud Security Firm (Fortune) Incentives to keep CloudLock employees could be in the works as well

Cisco Boosts Cloud Security Capabilities With CloudLock Buy (Dark Reading) Network giant will purchase the Massachusetts-based provider of cloud access security broker technology for $293 million

Cisco: CloudLock Deal Capitalizes On BYOD Trend (Seeking Alpha) CSCO acquired cloud-based security provider CloudLock for $293 million in cash and equity. The acquisition capitalizes on and provides a necessary solution for a secular trend in the workplace called BYOD. We are bullish on the deal, and believe it again illustrates CSCO's commitment to leveraging a strong balance sheet to drive accelerated growth in high-demand markets

Thales aims at boosting its revenue in cybersecurity with Cisco (Reuters) French electronics group Thales aims to increase its revenues by hundreds of millions of euros in the cybersecurity field through a strategic agreement it has signed with Cisco Systems, it said on Tuesday

Indian channels are gung ho on Symantec's acquisition of Bluecoat (ChannelWorld) Indian channel partners are excited with the news of the acquisition, as they believe that the move will enable a more stable and dynamic vendor-partner relationship

Stamford company purchases Massachusetts cyber-security firm (Stamford Advocate) The Pinnacle Group, a Stamford-based IT solutions company, has acquired a Massachusetts cyber-security firm in a multimillion-dollar deal

This Reston-based cybersecurity firm just raised $10 million (Washington Business Journal) Reston-based Verodin Inc. has built a platform to test weaknesses in company cybersecurity networks — and it has raised $10 million to ramp up its marketing and development efforts

Cybersecurity firm shutting down? (Winnipeg Free Press) Rumours were swirling on Monday the cybersecurity firm, formerly called Seccuris, had shut down its Winnipeg operation

Cylance® Attracts Top Industry Executives (PRNewswire) As company eclipses 1,000 customers, Cylance adds top-flight executives to help drive global expansion and continued innovation

Jonathan Couch Joins ThreatQuotient as Vice President of Strategy (ThreatQuotient) Threat intelligence industry leader will help company advance vision and accelerate innovation

Research and Development

NTT uses reflected lasers for encryption (Electronics Weekly) According to the Nikkei, NTT is using reflected laser light for encryption

Cryptanalysis of quantum secret sharing with d-level single particles (Quantiki) In a recent paper [V. Karimipour and M. Asoudeh, Phys. Rev. A 92, 030301(R) (2015)], a multiparty quantum secret-sharing protocol based on d-level single particles was proposed. We discussed the security of this protocol and found that it is not secure for any one dishonest participant who can recover

NIKSUN’s Chief Scientist, Dr. Walter Willinger, Recognized with ACM SIGCOMM’s "Test of Time" Paper Award (BusinessWire) Dr. Willinger’s Internet research paper debunks popular view on the Internet’s router-level topology

Security Patches, Mitigations, and Software Updates

Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Multiple Parsing Vulnerabilities (Symantec) SYM16-010 [addressing various vulnerabilities in Symantec and Norton products]

Verizon Pushed Updates to the Turbo 2, Note 4, and Galaxy S5 Within the Past Few Days (Droid Life) Just a quick note here, but we wanted to point out that owners of a DROID Turbo 2, Galaxy Note 4, or Galaxy S5 on Verizon should have seen a prompt for an update in recent days. No, none of the updates are anything exciting, but our inboxes and Twitter accounts have made it clear that a number of you are curious as to their details. So, here you go

Microsoft confirms Windows 10 Anniversary Update will be out on 2 August. Then doesn't (Inquirer) Someone's trigger finger hit 'publish' too soon

Uh Oh: Google Expands Its Ad Tracking. But, Yay: It’s Opt-In (Wired) If you're a Google user—and who isn’t these days—you’ll soon get a notification suggesting you check in on your security settings. You definitely want to do this, because there’s a major change in there. Even more major? That Google has made it opt-in

Huawei Is the Best OEM at Applying Android Security Updates (Softpedia) 32% of all Android devices are unpatchable

Cyber Attacks, Threats, and Vulnerabilities

Hackers steal $10 million from a Ukrainian bank through SWIFT loophole (Kyiv Post) Hackers have stolen $10 million from an unnamed Ukrainian bank, according to an independent IT monitoring organization. The Kyiv branch of ISACA, the Information Systems Audit and Control Association, reported this week that the theft had occurred via the SWIFT international banking system, the organization responsible for managing money transfers between financial institutions worldwide

Ukraine Bank Hit by $10m Cyber Heist - Report (Infosecurity Magazine) Yet another bank has been hit by a multi-million dollar cyber theft in a similar manner to the infamous Bangladesh Bank heist, after reports revealed a Ukrainian lender has been robbed of $10 million by hackers

Bangladesh central bank ends contract with US cybersecurity firm (Times of India) Bangladesh's central bank has ended a contract with US cybersecurity firm FireEye to investigate February's online theft of $81 million, turning down a proposal to extend the agreement, a senior official said on Monday

Google Accounts Of US Military, Journalists Targeted By Russian Attack Group (Dark Reading) The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks

PHI Security Compromised as Hacker Posts 655K Records (HealthITSecurity) The PHI security of approximately 655,000 individuals is possibly at risk, after a hacker reportedly posted the information online

Symantec, Norton AV products are riddled with serious flaws (Help Net Security) Google security researcher Tavis Ormandy has unearthed a slew of critical vulnerabilities, including many remote code execution flaws, in Symantec and Norton enterprise and consumer AV products

This malware pretends to be WhatsApp, Uber and Google Play (CSO) The malware has spread through phishing campaigns over SMS

Google Play Hit with Rash of Auto-Rooting Malware (Threatpost) Researchers have identified a recent wave of malware targeting the Google Play app marketplace that entices users to download utilities and games that when installed surreptitiously root devices

Dangerous keyboard app has more than 50 mil downloads (CSO) The Flash Keyboard app has been downloaded more than 50 million times

Exploit Kits, even more sophisticated and profitable (Infosec Institute) Exploit kits are rapidly evolving, threat actors improve them on a daily basis by adding the code for the exploitation of the most recent vulnerabilities. In October 2015, experts from the Cisco Talos Group published the results of in-depth research on the threat actors behind the Angler Exploit Kit revealing the profitable business behind such kind of threat

One of the nastiest types of ransomware has just come back to life (ZDNet) And there's a new version of the CryptXXX malware to worry about too

Office 365 corporate users targeted with zero-day ransomware attack (Inquirer) Microsoft took more than a day to start blocking the malware

Security Experts Urge Caution As Microsoft Office 365 Turns Five (Techweek Europe) As Office 365 use expands, security risks are becoming harder to spot, researchers warn

US Businesses Quite Likely to Pay a Cyber-Ransom (Infosecurity Magazine) How many businesses will pay a ransom if attacked? It might depend on if they have already been a victim of ransomware. Some 84% of US and UK information technology executives at firms that had not faced ransom attacks said they would never pay a ransom. But among firms that had been attacked, 43% paid, according to Radware’s 2016 Executive Application & Network Security Survey

Warning: A wave of new viruses is targeting small businesses (CNBC) New mutating viruses, like Locky and CryptoLocker, are quickly popping up. And many are infecting small businesses, which are now big targets for hackers

Bots Sign Online Petition For Second EU Referendum Post-Brexit (Dark Reading) Petition website appears to be hijacked by automated bots, thousands of signatures fake, says Parliamentary panel

Officials warn that U.S. travelers to Rio Olympics face hack risk (USA Today) If Zika, political instability and contaminated water weren’t enough, U.S. intelligence officials are warning Americans traveling to the August Olympic Games in Rio and other destinations abroad that proprietary information stored on electronic devices is at high risk for theft by spies and cyber criminals who are increasingly targeting global events as troughs rich in valuable intelligence

World-Check crime and terror database exposed online (Help Net Security) Security researcher Chris Vickery, who has become well-known for unearthing databases that should not be accessible via the Internet but are, has found another one that contains old data from Thomson Reuters’ World-Check database of politically exposed persons and heightened risk individuals and organizations

Hard Rock Las Vegas Credit Card Data Scraped (WebProNews) The Hard Rock Hotel & Casino in Las Vegas discovered a major breach of their credit card processing data with card scraping malware placed on its payment-card system. Cardholders who purchased anything at Hard Rock Las Vegas including restaurant and retail outlets between October 27, 2015 and March 21, 2016, could have been affected. The popular Las Vegas party resort popular with celebrities first noticed irregularities in May

Most used drives sold on eBay hold personal information (Help Net Security) Ecommerce sites are reselling used electronics without permanently erasing data from them

Academia

Polytechnique launching new degree in cybersecurity (Montreal Gazette) With dark iClouds looming on the horizon, we have entered a veritable era of cyber warfare

Litigation, Investigation, and Enforcement

After attack at Istanbul airport, experts say wider security may not be the answer (CNBC) Experts debated what security measures should be taken, after an attack at Istanbul's Ataturk airport left at least 28 people dead and dozens injured. Tuesday's attack was the latest in a spate of bombings in Turkey this year

Brexit will make the UK more vulnerable to cybercrime (CNBC) The likelihood of the United Kingdom exiting the European Union will put a huge strain on agencies tasked with protecting citizens, businesses and government entities from cyberattacks, said security experts

Comodo Drops 'Let's Encrypt' Trademark Applications (BankInfoSecurity) Was conflict just a miscommunication?

Comodo spat shows importance of effective PR around trademark strategies (World Trademark Review) An internet security company’s trademark filings for the brand name of a rival organisation has caused an uproar in the technology community. While the company has now abandoned the applications, the PR storm surrounding the iniital filings – exacerbated by its CEO”s “patronising” comments on the company’s public message board – demonstrates the need for effective messaging around trademark strategies

Microsoft pays woman $10K after ‘unauthorized’ Windows 10 update (Naked Security) A California woman has successfully sued Microsoft for $10,000 after claiming an unauthorized Windows 10 update caused her work computer to slow to a crawl, crash frequently and be unusable for days at a time

British teen admits SeaWorld cyber attack, denies airline threats (BBC) A 16-year-old British boy has admitted launching cyber attacks on websites around the world

From file-sharing to prison: A Megaupload programmer tells his story (Ars Technica) Programmer Andrew Nõmm: "I had to be made an example of as a warning to all IT people"

Design and Innovation

Biometrics Finally Ready for Prime Time (Digital Guardian) There are relatively few things we know for certain in the security industry, but one of them is that the password has become nearly useless as an authentication mechanism. Users are bad at creating them and modern computing resources have advanced to the point that attackers have little trouble cracking even complex passwords

Cybersecurity: Is AI Ready for Primetime In Cyber Defense? (CTO Vision) Is AI ready for primetime? Not according to Admiral Michael S. Rogers, Commander U.S. CYBER COMMAND. In a recent interview with Charlie Rose, he stated that machine learning showed great promise for cybersecurity, but that the necessary technology was probably five years out

IBM tapping Watson to beef up cyber security capabilities (CIO) "If there’s a worry on my mind ... it’s in the cyber security space and we need all the help we can get." IBM CIO, Jeff Smith

Israel sees ‘Adir’ F-35, with indigenous cyber defenses, as ‘upgrade’ (World Tribune) Israel celebrated its version of the F-35 Joint Strike Figher, named “Adir” (“Mighty”) in Hebrew, at the Lockheed Martin plant in Fort Worth, Texas on June 22

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

CyberTech (Beverly Hills, California, USA, June 30, 2016) Since 2014, CyberTech has served as one of the largest cyber solutions events around the globe. From Tel Aviv, to Singapore and Toronto, CyberTech is one of the most popular networking events for industry leaders and government decision-makers on cybersecurity, technology, innovation and investment. CyberTech Tel Aviv, the largest cyber solutions event outside of the U.S., features over 12,000 participants annually from over 50 nations, including hundreds of exhibiting companies and startups from around the globe.

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.