Gig economy hacks. Cut-and-paste attack code surprisingly successful. Pirrit adware attribution. Avast buys AVG for $1.3B. FBI Director explains results of Clinton email investigation.

Cyber Attacks, Threats, and Vulnerabilities

How nuclear deal has cooled Iran-US cyberwar (Al Monitor) Sitting in a brightly lit apartment in Brooklyn, an American hacker who asked Al-Monitor to call him Alex scribbled down a dizzying array of cyberstrikes between the United States/Israel and Iran since 2010. The page was fast being covered in Alex’s rushed handwriting, and his eyes glimmered with excitement

There’s a Machiavellian Method to the ISIS Madness (Daily Beast) Like communists of yore, the soldiers of the caliphate are seeking to ‘exacerbate the contradictions’ of those ranged against them

The Saudi Bombings And The Legacy Of Bin Laden (Radio Free Europe | Radio Liberty) Osama bin Laden may be dead but if the July 4 bombings in Saudi Arabia demonstrate anything to a global audience forcibly becoming, if not numbed, then wearily resigned to the horrors of jihadist violence, it’s that his playbook is still in full effect -- albeit with some major alterations

APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack (Theatpost) An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web

Patchwork – Targeted Attack (APT) (Cymmetria) Patchwork is a targeted attack that has infected an estimated 2,500 targets since it was first observed in December 2015

Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? (SANS Internet Storm Center) The term "APT" often describes the methodology more than it does describe the actual exploit used to breach the target. Target selection and significant recognizance work to find the right "bait" to penetrate the target are often more important than the final vulnerability that is exploited. Traditional defenses like anti-malware systems and blacklists are not tuned to look for the vulnerability being exploited but are more looking for specific known exploits which can easily be obfuscated using commodity tools

D-Link vulnerability impacts 400,000 devices (CSO) Remote code execution flaw affects more than 120 models across several product lines

Meet Eleanor, the Mac malware that uses Tor to obtain full access to systems (Graham Cluley) "The possibilities are endless" with this malware, claim researchers

Author of potentially malicious OS X Pirrit adware discovered (Help Net Security) An unnamed web developer working for Israeli marketing and advertising company TargetingEdge is the creator of the Pirrit adware targeting Mac machines, Cybereason security researcher Amit Serper has discovered

Millions of Android Devices Were Infected by a Chinese Advertising Firm (Fortune) The gang juiced clicks to make about $300,000 per month in fraudulent revenue

New Locky variant – Zepto Ransomware Appears On The Scene (Security Affairs) New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.

Six Banking Trojans Circulating Past Few Months (SPAMfighter) Six banker Trojans, each one a different sample, have been attacking Internauts in recent months. These Trojans are Kronos, Zeus, Dridex, Ursnif, Gootkit and Vawtrak. Apparently, fraudulent e-mails carrying malevolent web-links along with tainted Word files having malevolent macros as well as OLE objects is the key technique to spread the infections

Here's how secret voice commands could hijack your smartphone (CSO) A muffled voice buried in a YouTube video can take over your phone, researchers say

Several vulnerabilities discovered in OpenFire version 3.10.2 to 4.0.1 (Sysdream (le lab)) OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is 4.0.2

How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN (Tripwire: The State of Security) Quick question – are you right or left handed?

Facebook ‘fake friend’ phishing attack uncovered - here's how to spot it (Telegraph) A 'global' Facebook phishing scam has been uncovered, with the cyber attack spreading rapidly and initially claiming a new victim every 20 seconds, according to internet security experts

Out of the Office? Not Quite — Old Microsoft Vulnerabilities Still Wreaking Havoc (IBM Security Intelligence) Microsoft Office is huge. As noted by Windows Central, there are more than 1.2 billion users worldwide leveraging some version of Office. While big numbers are good for Microsoft and generally positive for consumers, there’s another group enjoying the benefit: attackers

UEFA Euro Fans At High Risk Of Online Threats, Study Shows (Dark Reading) A study by Allot and Kaspersky Lab during 2016 UEFA Euro matches shows significant spike in cybercriminal activities

Cybercriminals Are Fleecing Freelancers By Posing As Potential Clients (Lifehacker) We hear about sophisticated attacks using ransomware and other viruses, but cybercriminals often use relatively low-tech social engineering methods to do their dirty work as well. Kasperky Lab discussed a rise in attackers targeting freelance workers by posing as a potential client and then tricking them into surrendering control of their mobile devices through legitimate remote access apps. Here’s what you need to know

Why rogue employees may pose bigger threat to corporate data than hackers (Christian Science Monitor Passcode) As stolen company information is turning up for sale on the Dark Web, analysts say the insider threat is creating a security nightmare for companies with sensitive and proprietary data

Security Patches, Mitigations, and Software Updates

Google fixes over 100 flaws in Android, many in chipset drivers (CSO) Manufacturers can choose between two patch levels, one dedicated to device-specific fixes

Huge double boxset of Android patches lands after Qualcomm disk encryption blown open (Register) What a coincidence

US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products (Dark Reading) Newly discovered--and now patched--flaws in popular security software raises alarm

Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do (Register) Security patch for ridiculously bad bugs still weeks away

Microsoft: Here's how to fix the Group Policy mess caused by our security update (ZDNet) Microsoft has posted more details and guidance regarding its June security patch which broke Group Policy for a number of users

New security features make Windows 10 Anniversary Update a must (Tech Republic) Microsoft wants enterprises to upgrade to Windows 10--and the Anniversary Update drives that home with security features that can no longer be ignored

Cyber Trends

Merchants slow to migrate to EMV, see rising fraud costs (CSO) The deadline for switching to chip-based card readers was last October, but most merchants still have not upgraded and are now liable for point-of-sale payment card fraud

Finance, Healthcare,Tech Sectors Highest Users Of Encryption, Survey Says (Dark Reading) Ponemon/Thales survey shows highly regulated industries are catching on

Government IT pros overconfident in insider threat detection (Help Net Security) An extensive study conducted by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 103 participants from federal government organizations

3 of the Biggest Concerns About External Cyber Threats (Art of the Hack) The threat landscape presents an ever-changing and more complex set of challenges to IT security teams. A new report from SANS Institute found that malware continues to be the leading cause of reported breaches, but more than one-third of known attacks are advanced persistent threats (APTs) or multistage attacks, indicating increasingly sophisticated approaches to cybercrime

Marketplace

Avast to Buy AVG for $1.3 Billion to Add Security Software (Bloomberg Technology) Avast Software agreed to buy AVG Technologies NV for $1.3 billion in cash to add software to protect mobile phones from malware as it aims to tap into the growing number of physical devices connected to the internet

Antivirus merger: Avast offers $1.3 billion for AVG (CSO) The merger will give Avast control of 400 million network "endpoints" running the companies' software

Twistlock scoops up $10M to secure all the containers (Network World) One of the biggest barriers to enterprise adoption of containers has been the assessment that they're not secure. Twistlock scored some fuel to solve that problem

Gatecoin Raised $500,000 to Recover from Ethereum Cyber Hack (Finance Magnates) Hong Kong regulated Bitcoin and Ethereum exchange, Gatecoin, is expected to re-launch in early August

Darktrace bolsters machine learning-based security tools to automatically attack threats (Tech Republic) A UK cybersecurity startup called Darktrace recently raised $65 million in growth equity financing to continue its global growth and further deployments

After Falling 70%, Is FireEye Inc A Buy? (Pantagraph) Shares of FireEye (NASDAQ: FEYE) have plunged nearly 70% over the past 12 months due to the cybersecurity firm's slowing sales growth, rising competition, cash burn rate, and executive shakeup. FireEye recently bounced on news that it rejected several buyout offers, but that momentum has since faded

Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out (Forbes) Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it"

Silent Circle’s Blackphone revealed as a sales flop (TechCrunch) Encrypted comms company Silent Circle is being sued by its former joint venture hardware partner, Geeksphone, for not paying part of a previous agreed sale price for buying out the latter’s share in the joint venture — and lurking at the heart of the dispute are flopped sales of the Blackphone smartphone the pair developed

NSA Looks to IT Industry to Harden Vulnerable U.S. Nets (Enterprise Tech) U.S. intelligence agencies, including the National Security Agency, are increasingly turning to commercial solutions in their efforts to head off the alarming number of cyber attacks that culminated in last year's massive breach at the U.S. Office of Personnel Management

Engility to support Army intel (C4ISRNET) Engility has been awarded a $24 million Army intelligence contract. The company will support the Army's Tactical Exploitation of National Capabilities program

Army On Right Track With Next-Generation Intelligence System (Defense News) The U.S. Army's primary system for generating and disseminating intelligence, surveillance and reconnaissance information to military personnel about the threat, weather, and terrain, needs to be upgraded. Known as the Distributed Common Ground System – Army, or DCGS-A, it was used in the Iraq and Afghanistan conflicts to help soldiers track the improvised explosive device networks operated by insurgents as well as well as enemy activity. Since the outbreak of those two conflicts, DCGS-A has been expanded to provide critical information to both commanders and war-fighters on the battlefield

Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice (BusinessWire) Preeminent computer crime and security professional contributed to successful international prosecutions of high-profile hackers and criminals

FireEye appoints new northern Europe vice president (CRN) Appointment comes after security vendor changed its CEO last month

Webroot MD Robbie Upcroft departs (CRN) Webroot's Asia-Pacific managing director Robbie Upcroft has left the vendor after nearly 18 months

Products, Services, and Solutions

Minerva Labs Offers Breakthrough Approach To Tackling Ransomware (Yahoo! Finance) Minerva's new product ensures full protection from ransomware attacks & remediation for encrypted data

TMD Security schützt NCR SelfServ-Geldautomaten gegen „Long Bezel“-Skimming (Sys-Con Media) TMD Security, der weltweit führende Anbieter von Antiskimming-Lösungen für Geldautomaten (ATM) und SB-Terminals (SST), gab heute die Einführung seiner neuen Antiskimming-Lösung für NCR SelfServ-Geldautomaten bekannt. Der Kartenschutzkit (CPK) 6001s version 2016 schützt gegen „Long Bezel“ (LB)-Skimming-Geräte, eine neue Skimming-Technik, die auf NCR SelfServ-Geldautomaten mit Motorleser spezialisiert ist

Stormshield and Gemalto join forces to increase the protection of data exchanges for mobile devices (Yahoo! Finance) Stormshield Data Security for Mobility integrates Gemalto`s SafeNet MobilePKI to provide optimum end-to-end data security without deploying any additional infrastructure

Don’t have a canary: Why Silent Circle dropped its warrant warning page (Ars Technica) When you don’t keep customer data to begin with, the warrant canary is redundant

Technologies, Techniques, and Standards

Private Industry Concerned Over Clarity Of 2015 Cybersecurity Act (Homeland Security Today) Large scale data breaches—such as the Office of Personnel Management data hack in 2014 that exposed the sensitive personal information of over 22.1 million Americans—have demonstrated an increasing need for advances in cybersecurity. The adoption of the Cybersecurity Act of 2015 has pushed private sector businesses to follow guidelines for improved cybersecurity while participating in information sharing with government agencies

Government Should Publicly ID Cyberattackers, Ex-US Intel Chief Says (Dark Reading) Michael Rogers believes acknowledgement will help insurance companies defend against lawsuits

Do we need a Cyber Moonshot? (LinkedIn) Last week Vice President Biden, oncologists, researchers, and drug manufacturers convened in Washington to brainstorm on President Obama’s “Moonshot” initiative to cure cancer. A striking parallel emerged from the discussion of the top priorities to cure cancer and those of cyber security. Stated briefly, the top priority for cancer is creating a common framework for information sharing and interpreting results

The upside of overhyped security threats (InfoWorld) Check your Office 365 security settings before you cave in to (or blow off) security vendor FUD

Three quick tips for preventing ransomware (SC Magazine) The most effective strategy for stopping ransomware attacks relies on preventing them from entering your organization. As the number of applications and services used by businesses continue to increase, the result can be an increase in attack surface. Organizations must consider how to secure these new services across the network, SaaS-based applications and endpoints from the start. Threat actors continue to become more skilled, with new attacks deployed faster than legacy security approaches can put new protections into place, or patches can be implemented. Consequently, organizations need to start thinking holistically about their security platform

5 Cybersecurity Tips That Can Save Your Small Business (Small Business Computing) Just like Fortune 100 companies and other large enterprises, small businesses face a constant threat of cyber-attacks and data breaches from hackers all around the world. According to a 2014-2018 forecast report by the IDC research group, 71 percent of all security breaches target small business

4 ways government agencies can improve their cybersecurity fundamentals (Bloomberg Government) Just over a year ago the Office of Personnel Management revealed it had suffered two breaches that compromised the personnel records and security clearance information for approximately 22 million people, a group that not only included federal employees and contractors but their family and friends as well. Since then, sensitivity to cybersecurity incidents has been substantially higher across the federal landscape, with agencies looking to avoid enduring the loud and public criticism OPM still faces today

A Holistic Approach to Cybersecurity Wellness: 3 Strategies (CSO) Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data

Design and Innovation

Pairing cryptography in Rust (Z Cash) Pairing cryptography is an exciting area of research, and an essential component of Zcash's zkSNARKs — proofs that transactions are valid without requiring users to reveal private information. Earlier this year we also used zkSNARKs to make Bitcoin's first zero-knowledge contingent payment!

Consultancy Firm Advises Gulf Countries to Start Exploring Blockchain Tech (Coin Journal) Booz Allen Hamilton’s Middle East North Africa (MENA) regional office has released a new report advocating Gulf countries to start exploring blockchain technology for smart city development and digital finance, and urges them to consider incubating a startup ecosystem to drive economic growth

You're about to get the most skilled cyber-crime assistant you could wish for (SC Magazine) Mike Foreman says we're about to get some much-needed help ... smarter technology to save us from ourselves

Research and Development

Characterizing and Avoiding Routing Detours Through Surveillance States (arXiv) An increasing number of countries are passing laws that facilitate the mass surveillance of Internet traffic. In response, governments and citizens are increasingly paying attention to the countries that their Internet traffic traverses. In some cases, countries are taking extreme steps, such as building new Internet Exchange Points (IXPs), which allow networks to interconnect directly, and encouraging local interconnection to keep local traffic local

Have an idea to prevent ‘violent extremism’? You could be eligible for up to $2 million to make it happen. (Washington Post) Any school district, university, county government or nonprofit with an idea for how to counter “violent extremism” in America could be eligible for up to $2 million in federal grant money to make that idea a reality, the Department of Homeland Security said Wednesday

Academia

U.S. Cyber Challenge and Delaware Universities to Host Annual Cybersecurity Boot Camp & Competition (US Cyber Challenge) Next week, U.S. Cyber Challenge (USCC) will host the 7th annual State of Delaware Summer Cyber Camp program in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College (Delaware Tech) and the Delaware Department of Technology and Information (DTI) from July 11-15, 2016

Legislation, Policy, and Regulation

Integrated, Agile Intelligence Key To Combatting Dynamic Threats (Cipher Brief) The NATO Alliance faces an increasingly complex, diffuse threat environment. Consequently, we are always striving toward more integrated intelligence to stay a step ahead. NATO is positioned to take an important, integrative step in establishing the new Assistant Secretary General for Intelligence and Security. We fully endorse this, having firsthand experience in undertaking similar modernization efforts within the U.S. Intelligence Community

New rules aim to help EU member states tackle cyber attacks (Help Net Security) Firms supplying essential services, e.g. for energy, transport, banking and health, or digital ones, such as search engines and cloud services, will have to improve their ability to withstand cyber-attacks under the first EU-wide rules on cybersecurity, approved by MEPs on Wednesday

UK/US Cybersecurity Cooperation Will Thrive With or Without Brexit (IT Security Planet) The potential cybersecurity implications of Brexit has stirred much discussion and many visceral reactions. Analysts Frost and Sullivan surmised that “fundamentally, the UK could lose its footing as a technology powerhouse; said earlier this week that the UK’s role as a digital hub, acting as a gateway to US firms, could be under threat. Other reputable analysts have echoed the same theme

UK Govt Websites Switch to HTTPS Encryption (LIFARS) Come October, all Government Digital Services (GDS) websites will switch to mandatory HTTPS encryption. Some would say it’s about time too

Do not outsource Nigeria’s national security to foreigners – NCS tells FG (Today) The President of the Nigerian Computer Society, NCS, Prof. Sola Adorounmu, has warned the Federal Government not to outsource Nigeria’s national security to foreigners

Dems oppose data localization in draft platform (Cybersecurity Dojo) The Democratic National Committee carves out a stance against data localization requirements in the party’s draft platform, released Friday

DoD’s NSCSAR cyber program revs up (Federal News Radio) The Department of Defense (DoD) is undertaking a continuing review of the operational systems that ensure cybersecurity is spearheaded by the offices charged with maintaining information superiority

Air Force cyber and intel wings get new commanders (C4ISRNET) Several Air Force cyber and intelligence wings recently underwent key leadership changes. The 24th Air Force, or AFCYBER, late last month held a change of command ceremony at Joint Base San Antonio in Lackland, Texas, with Maj. Gen. Christopher Weggeman replacing outgoing commander Maj. Gen. Burke “Ed” Wilson

Litigation, Investigation, and Law Enforcement

House Oversight Committee grills Comey over Clinton e-mail findings (Ars Technica) Expect lots of exasperation over the decision not to prosecute

Clinton email decision seen as lifeline for those facing similar charges (Charlotte Observer) The FBI recommendation not to prosecute Hillary Clinton and her staff on charges of mishandling classified information will give those accused of flouting national security rules a new line of defense even as it highlights a dual standard in how senior government officials are treated, several experts said Wednesday

Email Case May Complicate Clinton Aides’ Pursuit of Security Clearance (New York Times) Questions raised by the F.B.I. about the State Department’s handling of Hillary Clinton’s emails have cast a cloud of doubt over the political futures of a number of her top advisers, including some expected to hold high-level jobs in her administration if she is elected president

Ryan calls for denying classified briefings to Clinton, Comey to testify before House committee (Washington Post) House Speaker Paul D. Ryan on Wednesday said he believes Hillary Clinton received preferential treatment from the FBI in its investigation of her email practices at the State Department and offered a series of next steps Republicans will take to push the case themselves

FBI Director James Comey’s must-watch testimony from 2007 (Washington Post) FBI Director James B. Comey announced Tuesday that he would not recommend any criminal charges against Hillary Clinton for her use of a private email server as secretary of state. That decision earned Comey a date with the House Oversight Committee, which just announced that Comey will testify before it on Thursday. (Attorney General Loretta E. Lynch will also appear before the House Judiciary Committee next week

The Weird Hedge Fund That Prepared James Comey for His Capitol Hill Hot Seat (Politico) House Republicans might want to think twice before taking on the FBI director over Hillary’s emails

Ex-special ops group blasts Clinton email decision (The Hill) A group of former special operations forces and CIA officials critical of the Obama administration blasted the FBI's announcement earlier this week that it would not recommend charges against Hillary Clinton over her private email server

U.S. defends warrantless spying in Christmas tree bomber case (Reuters) U.S. government lawyers on Wednesday defended the legality of a warrantless surveillance program challenged as unconstitutional in an Oregon court by a Somali-born American citizen convicted of attempting to detonate a bomb at a Christmas tree-lighting ceremony

Infidelity website Ashley Madison facing FTC probe, CEO apologizes (Reuters) The parent company of infidelity dating site Ashley Madison, hit by a devastating hack last year, is now the target of a U.S. Federal Trade Commission investigation, the new executives seeking to revive its credibility told Reuters

Indian-origin engineer guilty of revenge cyber attack (Tribune) An Indian origin network engineer has pleaded guilty to a revenge cyber attack on a network security company and its clients after he was fired, according to officials

StubHub fraud ringleader sentenced to state prison (Help Net Security) Vadim Polyakov was sentenced to 4-to-12 years in state prison for coordinating an international cybercrime and money laundering scheme that involved the theft of personal information from users of an e-ticket service operated by StubHub, and the resale of thousands illegally acquired e-tickets

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

ISS World South Africa (Johannesburg, South Africa, Jul 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, Jul 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, Jul 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East Coast Time). The importance of open-source intelligence (OSINT) has increased exponentially as more and more information has come available online. At the same time, the increased sophistication of websites and platforms means the content one sees can be easily blocked or manipulated based on one’s attribution to an organization, region, or country. This presentation focuses on the importance of Managed Attribution, detailing the technical methods employed by websites and platforms to determine attribution, and presenting solutions that allow users to manage their attribution in order to get access to the most authentic and accurate information.

CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.