Gig economy hacks. Cut-and-paste attack code surprisingly successful. Pirrit adware attribution. Avast buys AVG for $1.3B. FBI Director explains results of Clinton email investigation.
Any of you work in the gig economy? Kaspersky says cyber criminals are phishing freelancers with bogus promises of work that take the victims to the legitimate AirDroid app, then sends them credentials for a test account. Taking the login bait infects the freelancer’s device.
Cymmetria reports finding a new threat group, “Patchwork,” active in South and Southwest Asia, that draws its attack code from sources its cut-and-pasted from the internet. Many observers demur that a cut-and-paste operation could count as an “advanced persistent threat” (skeptical emphasis on “advanced”) but Cymmetria finds Patchwork’s ability to penetrate relatively hard targets impressive.
Senrio researchers release details of a flaw in D-Link routers. Some 400,000 devices are vulnerable.
Yingmob, to whom the HummingBad adware campaign has been attributed, is joined in the click fraud rogues’ gallery by another marketing outfit: Cybereason says that a TargetingEdge employee wrote “Pirrit” adware.
In industry news, Avast buys AVG for $1.3 billion. Container security shop Twistlock raises $10 million.
Some observers see a lull in Iranian-US cyber operations against one another. Agreement reached between the two countries over Iran’s nuclear program is thought to have produced the irenic effect some believe they’re seeing.
ISIS bombings are seen by many as, fundamentally, a brutal form of information operations. There’s much revulsion among the victims, but recruits continue to find meaning in bloody jihad’s online echo chamber.
In the US, FBI Director Comey is explaining to the House Oversight Committee why the Bureau declined to recommend indicting Hillary Clinton.
Notes.
Today's issue includes events affecting Albania, Bangladesh, Belgium, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Estonia, European Union, France, Germany, Greece, Hungary, Iceland, India, Iran, Iraq, Israel, Italy, Latvia, Lithuania, Luxembourg, NATO, Netherlands, Norway, Nigeria, Poland, Portugal, Romania, Russia, Saudi Arabia, Slovakia, Slovenia, Spain, Syria, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at the University of Maryland, as Jonathan Katz tells us about a Bitcoin-themed conference he recently attended, and outlines where and why blockchain technology is gaining interest beyond cryptocurrency. Our guest is Chris Key from Verodin, who'll offer insight on how to prepare recent graduates for jobs in cyber security. (Of course, we always invite reviews of our podcast. Share your thoughts at iTunes if you're so inclined.)
Cyber Attacks, Threats, and Vulnerabilities
How nuclear deal has cooled Iran-US cyberwar (Al Monitor) Sitting in a brightly lit apartment in Brooklyn, an American hacker who asked Al-Monitor to call him Alex scribbled down a dizzying array of cyberstrikes between the United States/Israel and Iran since 2010. The page was fast being covered in Alex’s rushed handwriting, and his eyes glimmered with excitement
There’s a Machiavellian Method to the ISIS Madness (Daily Beast) Like communists of yore, the soldiers of the caliphate are seeking to ‘exacerbate the contradictions’ of those ranged against them
The Saudi Bombings And The Legacy Of Bin Laden (Radio Free Europe | Radio Liberty) Osama bin Laden may be dead but if the July 4 bombings in Saudi Arabia demonstrate anything to a global audience forcibly becoming, if not numbed, then wearily resigned to the horrors of jihadist violence, it’s that his playbook is still in full effect -- albeit with some major alterations
APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack (Theatpost) An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web
Patchwork – Targeted Attack (APT) (Cymmetria) Patchwork is a targeted attack that has infected an estimated 2,500 targets since it was first observed in December 2015
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? (SANS Internet Storm Center) The term "APT" often describes the methodology more than it does describe the actual exploit used to breach the target. Target selection and significant recognizance work to find the right "bait" to penetrate the target are often more important than the final vulnerability that is exploited. Traditional defenses like anti-malware systems and blacklists are not tuned to look for the vulnerability being exploited but are more looking for specific known exploits which can easily be obfuscated using commodity tools
D-Link vulnerability impacts 400,000 devices (CSO) Remote code execution flaw affects more than 120 models across several product lines
Meet Eleanor, the Mac malware that uses Tor to obtain full access to systems (Graham Cluley) "The possibilities are endless" with this malware, claim researchers
Author of potentially malicious OS X Pirrit adware discovered (Help Net Security) An unnamed web developer working for Israeli marketing and advertising company TargetingEdge is the creator of the Pirrit adware targeting Mac machines, Cybereason security researcher Amit Serper has discovered
Millions of Android Devices Were Infected by a Chinese Advertising Firm (Fortune) The gang juiced clicks to make about $300,000 per month in fraudulent revenue
New Locky variant – Zepto Ransomware Appears On The Scene (Security Affairs) New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
Six Banking Trojans Circulating Past Few Months (SPAMfighter) Six banker Trojans, each one a different sample, have been attacking Internauts in recent months. These Trojans are Kronos, Zeus, Dridex, Ursnif, Gootkit and Vawtrak. Apparently, fraudulent e-mails carrying malevolent web-links along with tainted Word files having malevolent macros as well as OLE objects is the key technique to spread the infections
Here's how secret voice commands could hijack your smartphone (CSO) A muffled voice buried in a YouTube video can take over your phone, researchers say
Several vulnerabilities discovered in OpenFire version 3.10.2 to 4.0.1 (Sysdream (le lab)) OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is 4.0.2
How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN (Tripwire: The State of Security) Quick question – are you right or left handed?
Facebook ‘fake friend’ phishing attack uncovered - here's how to spot it (Telegraph) A 'global' Facebook phishing scam has been uncovered, with the cyber attack spreading rapidly and initially claiming a new victim every 20 seconds, according to internet security experts
Out of the Office? Not Quite — Old Microsoft Vulnerabilities Still Wreaking Havoc (IBM Security Intelligence) Microsoft Office is huge. As noted by Windows Central, there are more than 1.2 billion users worldwide leveraging some version of Office. While big numbers are good for Microsoft and generally positive for consumers, there’s another group enjoying the benefit: attackers
UEFA Euro Fans At High Risk Of Online Threats, Study Shows (Dark Reading) A study by Allot and Kaspersky Lab during 2016 UEFA Euro matches shows significant spike in cybercriminal activities
Cybercriminals Are Fleecing Freelancers By Posing As Potential Clients (Lifehacker) We hear about sophisticated attacks using ransomware and other viruses, but cybercriminals often use relatively low-tech social engineering methods to do their dirty work as well. Kasperky Lab discussed a rise in attackers targeting freelance workers by posing as a potential client and then tricking them into surrendering control of their mobile devices through legitimate remote access apps. Here’s what you need to know
Why rogue employees may pose bigger threat to corporate data than hackers (Christian Science Monitor Passcode) As stolen company information is turning up for sale on the Dark Web, analysts say the insider threat is creating a security nightmare for companies with sensitive and proprietary data
Security Patches, Mitigations, and Software Updates
Google fixes over 100 flaws in Android, many in chipset drivers (CSO) Manufacturers can choose between two patch levels, one dedicated to device-specific fixes
Huge double boxset of Android patches lands after Qualcomm disk encryption blown open (Register) What a coincidence
US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products (Dark Reading) Newly discovered--and now patched--flaws in popular security software raises alarm
Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do (Register) Security patch for ridiculously bad bugs still weeks away
Microsoft: Here's how to fix the Group Policy mess caused by our security update (ZDNet) Microsoft has posted more details and guidance regarding its June security patch which broke Group Policy for a number of users
New security features make Windows 10 Anniversary Update a must (Tech Republic) Microsoft wants enterprises to upgrade to Windows 10--and the Anniversary Update drives that home with security features that can no longer be ignored
Cyber Trends
Merchants slow to migrate to EMV, see rising fraud costs (CSO) The deadline for switching to chip-based card readers was last October, but most merchants still have not upgraded and are now liable for point-of-sale payment card fraud
Finance, Healthcare,Tech Sectors Highest Users Of Encryption, Survey Says (Dark Reading) Ponemon/Thales survey shows highly regulated industries are catching on
Government IT pros overconfident in insider threat detection (Help Net Security) An extensive study conducted by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 103 participants from federal government organizations
3 of the Biggest Concerns About External Cyber Threats (Art of the Hack) The threat landscape presents an ever-changing and more complex set of challenges to IT security teams. A new report from SANS Institute found that malware continues to be the leading cause of reported breaches, but more than one-third of known attacks are advanced persistent threats (APTs) or multistage attacks, indicating increasingly sophisticated approaches to cybercrime
Marketplace
Avast to Buy AVG for $1.3 Billion to Add Security Software (Bloomberg Technology) Avast Software agreed to buy AVG Technologies NV for $1.3 billion in cash to add software to protect mobile phones from malware as it aims to tap into the growing number of physical devices connected to the internet
Antivirus merger: Avast offers $1.3 billion for AVG (CSO) The merger will give Avast control of 400 million network "endpoints" running the companies' software
Twistlock scoops up $10M to secure all the containers (Network World) One of the biggest barriers to enterprise adoption of containers has been the assessment that they're not secure. Twistlock scored some fuel to solve that problem
Gatecoin Raised $500,000 to Recover from Ethereum Cyber Hack (Finance Magnates) Hong Kong regulated Bitcoin and Ethereum exchange, Gatecoin, is expected to re-launch in early August
Darktrace bolsters machine learning-based security tools to automatically attack threats (Tech Republic) A UK cybersecurity startup called Darktrace recently raised $65 million in growth equity financing to continue its global growth and further deployments
After Falling 70%, Is FireEye Inc A Buy? (Pantagraph) Shares of FireEye (NASDAQ: FEYE) have plunged nearly 70% over the past 12 months due to the cybersecurity firm's slowing sales growth, rising competition, cash burn rate, and executive shakeup. FireEye recently bounced on news that it rejected several buyout offers, but that momentum has since faded
Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out (Forbes) Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it"
Silent Circle’s Blackphone revealed as a sales flop (TechCrunch) Encrypted comms company Silent Circle is being sued by its former joint venture hardware partner, Geeksphone, for not paying part of a previous agreed sale price for buying out the latter’s share in the joint venture — and lurking at the heart of the dispute are flopped sales of the Blackphone smartphone the pair developed
NSA Looks to IT Industry to Harden Vulnerable U.S. Nets (Enterprise Tech) U.S. intelligence agencies, including the National Security Agency, are increasingly turning to commercial solutions in their efforts to head off the alarming number of cyber attacks that culminated in last year's massive breach at the U.S. Office of Personnel Management
Engility to support Army intel (C4ISRNET) Engility has been awarded a $24 million Army intelligence contract. The company will support the Army's Tactical Exploitation of National Capabilities program
Army On Right Track With Next-Generation Intelligence System (Defense News) The U.S. Army's primary system for generating and disseminating intelligence, surveillance and reconnaissance information to military personnel about the threat, weather, and terrain, needs to be upgraded. Known as the Distributed Common Ground System – Army, or DCGS-A, it was used in the Iraq and Afghanistan conflicts to help soldiers track the improvised explosive device networks operated by insurgents as well as well as enemy activity. Since the outbreak of those two conflicts, DCGS-A has been expanded to provide critical information to both commanders and war-fighters on the battlefield
Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice (BusinessWire) Preeminent computer crime and security professional contributed to successful international prosecutions of high-profile hackers and criminals
FireEye appoints new northern Europe vice president (CRN) Appointment comes after security vendor changed its CEO last month
Webroot MD Robbie Upcroft departs (CRN) Webroot's Asia-Pacific managing director Robbie Upcroft has left the vendor after nearly 18 months
Products, Services, and Solutions
Minerva Labs Offers Breakthrough Approach To Tackling Ransomware (Yahoo! Finance) Minerva's new product ensures full protection from ransomware attacks & remediation for encrypted data
TMD Security schützt NCR SelfServ-Geldautomaten gegen „Long Bezel“-Skimming (Sys-Con Media) TMD Security, der weltweit führende Anbieter von Antiskimming-Lösungen für Geldautomaten (ATM) und SB-Terminals (SST), gab heute die Einführung seiner neuen Antiskimming-Lösung für NCR SelfServ-Geldautomaten bekannt. Der Kartenschutzkit (CPK) 6001s version 2016 schützt gegen „Long Bezel“ (LB)-Skimming-Geräte, eine neue Skimming-Technik, die auf NCR SelfServ-Geldautomaten mit Motorleser spezialisiert ist
Stormshield and Gemalto join forces to increase the protection of data exchanges for mobile devices (Yahoo! Finance) Stormshield Data Security for Mobility integrates Gemalto`s SafeNet MobilePKI to provide optimum end-to-end data security without deploying any additional infrastructure
Don’t have a canary: Why Silent Circle dropped its warrant warning page (Ars Technica) When you don’t keep customer data to begin with, the warrant canary is redundant
Technologies, Techniques, and Standards
Private Industry Concerned Over Clarity Of 2015 Cybersecurity Act (Homeland Security Today) Large scale data breaches—such as the Office of Personnel Management data hack in 2014 that exposed the sensitive personal information of over 22.1 million Americans—have demonstrated an increasing need for advances in cybersecurity. The adoption of the Cybersecurity Act of 2015 has pushed private sector businesses to follow guidelines for improved cybersecurity while participating in information sharing with government agencies
Government Should Publicly ID Cyberattackers, Ex-US Intel Chief Says (Dark Reading) Michael Rogers believes acknowledgement will help insurance companies defend against lawsuits
Do we need a Cyber Moonshot? (LinkedIn) Last week Vice President Biden, oncologists, researchers, and drug manufacturers convened in Washington to brainstorm on President Obama’s “Moonshot” initiative to cure cancer. A striking parallel emerged from the discussion of the top priorities to cure cancer and those of cyber security. Stated briefly, the top priority for cancer is creating a common framework for information sharing and interpreting results
The upside of overhyped security threats (InfoWorld) Check your Office 365 security settings before you cave in to (or blow off) security vendor FUD
Three quick tips for preventing ransomware (SC Magazine) The most effective strategy for stopping ransomware attacks relies on preventing them from entering your organization. As the number of applications and services used by businesses continue to increase, the result can be an increase in attack surface. Organizations must consider how to secure these new services across the network, SaaS-based applications and endpoints from the start. Threat actors continue to become more skilled, with new attacks deployed faster than legacy security approaches can put new protections into place, or patches can be implemented. Consequently, organizations need to start thinking holistically about their security platform
5 Cybersecurity Tips That Can Save Your Small Business (Small Business Computing) Just like Fortune 100 companies and other large enterprises, small businesses face a constant threat of cyber-attacks and data breaches from hackers all around the world. According to a 2014-2018 forecast report by the IDC research group, 71 percent of all security breaches target small business
4 ways government agencies can improve their cybersecurity fundamentals (Bloomberg Government) Just over a year ago the Office of Personnel Management revealed it had suffered two breaches that compromised the personnel records and security clearance information for approximately 22 million people, a group that not only included federal employees and contractors but their family and friends as well. Since then, sensitivity to cybersecurity incidents has been substantially higher across the federal landscape, with agencies looking to avoid enduring the loud and public criticism OPM still faces today
A Holistic Approach to Cybersecurity Wellness: 3 Strategies (CSO) Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data
Design and Innovation
Pairing cryptography in Rust (Z Cash) Pairing cryptography is an exciting area of research, and an essential component of Zcash's zkSNARKs — proofs that transactions are valid without requiring users to reveal private information. Earlier this year we also used zkSNARKs to make Bitcoin's first zero-knowledge contingent payment!
Consultancy Firm Advises Gulf Countries to Start Exploring Blockchain Tech (Coin Journal) Booz Allen Hamilton’s Middle East North Africa (MENA) regional office has released a new report advocating Gulf countries to start exploring blockchain technology for smart city development and digital finance, and urges them to consider incubating a startup ecosystem to drive economic growth
You're about to get the most skilled cyber-crime assistant you could wish for (SC Magazine) Mike Foreman says we're about to get some much-needed help ... smarter technology to save us from ourselves
Research and Development
Characterizing and Avoiding Routing Detours Through Surveillance States (arXiv) An increasing number of countries are passing laws that facilitate the mass surveillance of Internet traffic. In response, governments and citizens are increasingly paying attention to the countries that their Internet traffic traverses. In some cases, countries are taking extreme steps, such as building new Internet Exchange Points (IXPs), which allow networks to interconnect directly, and encouraging local interconnection to keep local traffic local
Have an idea to prevent ‘violent extremism’? You could be eligible for up to $2 million to make it happen. (Washington Post) Any school district, university, county government or nonprofit with an idea for how to counter “violent extremism” in America could be eligible for up to $2 million in federal grant money to make that idea a reality, the Department of Homeland Security said Wednesday
Academia
U.S. Cyber Challenge and Delaware Universities to Host Annual Cybersecurity Boot Camp & Competition (US Cyber Challenge) Next week, U.S. Cyber Challenge (USCC) will host the 7th annual State of Delaware Summer Cyber Camp program in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College (Delaware Tech) and the Delaware Department of Technology and Information (DTI) from July 11-15, 2016
Legislation, Policy, and Regulation
Integrated, Agile Intelligence Key To Combatting Dynamic Threats (Cipher Brief) The NATO Alliance faces an increasingly complex, diffuse threat environment. Consequently, we are always striving toward more integrated intelligence to stay a step ahead. NATO is positioned to take an important, integrative step in establishing the new Assistant Secretary General for Intelligence and Security. We fully endorse this, having firsthand experience in undertaking similar modernization efforts within the U.S. Intelligence Community
New rules aim to help EU member states tackle cyber attacks (Help Net Security) Firms supplying essential services, e.g. for energy, transport, banking and health, or digital ones, such as search engines and cloud services, will have to improve their ability to withstand cyber-attacks under the first EU-wide rules on cybersecurity, approved by MEPs on Wednesday
UK/US Cybersecurity Cooperation Will Thrive With or Without Brexit (IT Security Planet) The potential cybersecurity implications of Brexit has stirred much discussion and many visceral reactions. Analysts Frost and Sullivan surmised that “fundamentally, the UK could lose its footing as a technology powerhouse; said earlier this week that the UK’s role as a digital hub, acting as a gateway to US firms, could be under threat. Other reputable analysts have echoed the same theme
UK Govt Websites Switch to HTTPS Encryption (LIFARS) Come October, all Government Digital Services (GDS) websites will switch to mandatory HTTPS encryption. Some would say it’s about time too
Do not outsource Nigeria’s national security to foreigners – NCS tells FG (Today) The President of the Nigerian Computer Society, NCS, Prof. Sola Adorounmu, has warned the Federal Government not to outsource Nigeria’s national security to foreigners
Dems oppose data localization in draft platform (Cybersecurity Dojo) The Democratic National Committee carves out a stance against data localization requirements in the party’s draft platform, released Friday
DoD’s NSCSAR cyber program revs up (Federal News Radio) The Department of Defense (DoD) is undertaking a continuing review of the operational systems that ensure cybersecurity is spearheaded by the offices charged with maintaining information superiority
Air Force cyber and intel wings get new commanders (C4ISRNET) Several Air Force cyber and intelligence wings recently underwent key leadership changes. The 24th Air Force, or AFCYBER, late last month held a change of command ceremony at Joint Base San Antonio in Lackland, Texas, with Maj. Gen. Christopher Weggeman replacing outgoing commander Maj. Gen. Burke “Ed” Wilson
Litigation, Investigation, and Law Enforcement
House Oversight Committee grills Comey over Clinton e-mail findings (Ars Technica) Expect lots of exasperation over the decision not to prosecute
Clinton email decision seen as lifeline for those facing similar charges (Charlotte Observer) The FBI recommendation not to prosecute Hillary Clinton and her staff on charges of mishandling classified information will give those accused of flouting national security rules a new line of defense even as it highlights a dual standard in how senior government officials are treated, several experts said Wednesday
Email Case May Complicate Clinton Aides’ Pursuit of Security Clearance (New York Times) Questions raised by the F.B.I. about the State Department’s handling of Hillary Clinton’s emails have cast a cloud of doubt over the political futures of a number of her top advisers, including some expected to hold high-level jobs in her administration if she is elected president
Ryan calls for denying classified briefings to Clinton, Comey to testify before House committee (Washington Post) House Speaker Paul D. Ryan on Wednesday said he believes Hillary Clinton received preferential treatment from the FBI in its investigation of her email practices at the State Department and offered a series of next steps Republicans will take to push the case themselves
FBI Director James Comey’s must-watch testimony from 2007 (Washington Post) FBI Director James B. Comey announced Tuesday that he would not recommend any criminal charges against Hillary Clinton for her use of a private email server as secretary of state. That decision earned Comey a date with the House Oversight Committee, which just announced that Comey will testify before it on Thursday. (Attorney General Loretta E. Lynch will also appear before the House Judiciary Committee next week
The Weird Hedge Fund That Prepared James Comey for His Capitol Hill Hot Seat (Politico) House Republicans might want to think twice before taking on the FBI director over Hillary’s emails
Ex-special ops group blasts Clinton email decision (The Hill) A group of former special operations forces and CIA officials critical of the Obama administration blasted the FBI's announcement earlier this week that it would not recommend charges against Hillary Clinton over her private email server
U.S. defends warrantless spying in Christmas tree bomber case (Reuters) U.S. government lawyers on Wednesday defended the legality of a warrantless surveillance program challenged as unconstitutional in an Oregon court by a Somali-born American citizen convicted of attempting to detonate a bomb at a Christmas tree-lighting ceremony
Infidelity website Ashley Madison facing FTC probe, CEO apologizes (Reuters) The parent company of infidelity dating site Ashley Madison, hit by a devastating hack last year, is now the target of a U.S. Federal Trade Commission investigation, the new executives seeking to revive its credibility told Reuters
Indian-origin engineer guilty of revenge cyber attack (Tribune) An Indian origin network engineer has pleaded guilty to a revenge cyber attack on a network security company and its clients after he was fired, according to officials
StubHub fraud ringleader sentenced to state prison (Help Net Security) Vadim Polyakov was sentenced to 4-to-12 years in state prison for coordinating an international cybercrime and money laundering scheme that involved the theft of personal information from users of an e-ticket service operated by StubHub, and the resale of thousands illegally acquired e-tickets
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ISS World South Africa (Johannesburg, South Africa, Jul 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SINET Innovation Summit 2016 (New York, New York, USA, Jul 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, Jul 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East Coast Time). The importance of open-source intelligence (OSINT) has increased exponentially as more and more information has come available online. At the same time, the increased sophistication of websites and platforms means the content one sees can be easily blocked or manipulated based on one’s attribution to an organization, region, or country. This presentation focuses on the importance of Managed Attribution, detailing the technical methods employed by websites and platforms to determine attribution, and presenting solutions that allow users to manage their attribution in order to get access to the most authentic and accurate information.
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.