The CyberWire Daily Briefing 07.12.16

Cyber Trends

Room for Application Security Improvement (eSecurity Planet) Application security suffers from the indiscriminate use of open source software components, finds Sonatype research

Phishing, GDPR & cyber hate crimes: UK cyber security post-Brexit (Computer Business Review) Q&A: CBR talks to Javvad Malik, security advocate at AlienVault, about cyber security in post-Brexit Britain

Encryption Finally Gaining Widespread Enterprise Adoption (eWeek) Survey reports that use of encryption jumped a full 7 percent to a total of 41 percent, the largest increase in the 11-year history of the Ponemon report

Profiles Of The Top 7 Bug Hunters From Around the Globe (Dark Reading) 'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does

Legislation, Policy and Regulation

David Cameron to resign Wednesday as Theresa May to become British PM (CNN) British Prime Minister David Cameron is to resign Wednesday, paving the way for Home Secretary Theresa May to take the reins

Opinion: The fatal flaw behind Snooper's Charter (Christian Science Monitor Passcode) British Prime Minister-in-waiting Theresa May is relying on public fears of terrorist attacks to push through her Investigatory Powers Bill to expand government surveillance powers

NATO members ink pledge on cyber defense (C4ISRNET) The new realities of cyber threats and interconnected networks have forced one of the world's top military alliances to make necessary adjustments to its doctrine and operations

Cyber security expert: EU and NATO co-operation pledge bodes well for Finland (Yle Uutiset) At the recent Warsaw NATO Summit, which wrapped up on Saturday, EU and NATO leaders pledged to deepen cooperation in five areas, including cyber safety and security - two areas of Finnish expertise. Cyber security expert Jarno Limnéll says this is good news for Finland, especially if a potential EU hybrid threat defence centre were to be located in Finland

EU-US Privacy Shield now officially adopted but criticisms linger (TechCrunch) The European Commission has formally adopted a new framework for governing personal data transfers between the EU and the U.S., replacing the prior Safe Harbor agreement which was invalidated last fall, and aiming to end nine months of uncertainty

Head of Israel’s Cyber Authority: ‘Holistic Approach’ Best Way to Counter Threats from ‘Borderless’ Realm of Cyberspace (Allgemeiner) Due to the constantly evolving nature of cyberspace, Israel must use innovative approaches not usually seen in cybersecurity practices to defend the country’s cyber home-front, the head of Israel’s National Cyber Directorate told Defense News on Monday

The US Supreme Court uses email after all — or at least two justices do (VICE News) A few years ago, US Supreme Court Justice Elena Kagan revealed that her fellow justices on the High Court were not technologically savvy. They didn't really understand Facebook and Twitter, she said, and they still communicated with each other by writing memos on heavy ivory paper delivered by an aide

National Guard looks to private sector for cyber expertise (FedScoop) Hiring workers who wear two hats — civilian cybersecurity professional and National Guard cyber warrior — can be a force multiplier, Col. Shawn Bratton told a Capitol Hill briefing

Products, Services, and Solutions

Forcepoint™ Launches SureView® Insider Threat Worldwide (PR Newswire) Technology protects the enterprise against threats from within; supports an inside-out approach to security

AlgoSec Announces Support for Cisco ACI (Yahoo! Finance) Integration delivers visibility of security policy across the network estate, and helps customers assess risk and rapidly deploy business applications securely across the Cisco ACI Framework

Deep Run Security Services and Edwards Performance Solutions Announce a Strategic Business Partnership to Offer Solutions and Leadership for Businesses to Combat Cyber Risk (BusinessWire) Deep Run Security Services (Deep Run) and Edwards Performance Solutions today announced the availability of a combined offering or solution that delivers the best of both cybersecurity risk management and strategic performance leadership providing their customers industry leading solutions and resources needed to combat cyber loss

And winner for the best Mac security solution is… (Security Brief AU) Are you a Mac user? Apple’s offerings claim a substantial part of the market, and thus it is always good to know which security solution is the most effective

AppRiver Rolls Out Dial-in Conferencing (Globe Newswire) New Skype for Business feature available with any AppRiver Office 365 and Secure Hosted Exchange plans

Cisco aims to simplify security (CIO) By combining its network visibility and breadth of integrated products, Cisco aims to make it simple for distributed and mobile businesses to deploy effective security while reducing the complexity required to manage it

Why the Vivaldi browser wants you to control everything (Help Net Security) The number of Internet users has been growing steadily, and now stands at nearly 3.5 billion. And despite the growing popularity of mobile devices and specialized apps, the Internet browser is still the most popular medium for interacting with the World Wide Web for the great majority of users

Technologies, Techniques, and Standards

5 Dangerous Misconceptions When Sharing Our Personal Data (Open Business Council) Many consumers are exposing themselves to risk by not understanding how data security works, The five biggest myths around personal data security are explained by security specialists Eckoh

Network monitoring tips for an increasingly unsafe world (Help Net Security) Enterprise IT has evolved significantly over the last decade. Today, IT teams are not only responsible for the availability and performance of their network but also the security of it. Key drivers of IT complexity have been the adoption of cloud based applications and the emergence of BYOD to work

How to set up two-step authentication for WordPress.com (Naked Security) Continuing our series on setting up two-factor authentication (2FA), today let’s check out how to get 2FA enabled on your WordPress.com account

An In-House Security Approach for Cloud Services That Won’t Drive Your IT Department Insane (Cloud Security Alliance) “If your security sucks now, you’ll be pleasantly surprised by the lack of change when you move to cloud.” — Chris Hoff, Former CTO of Security, Jupiter Networks

S21sec, Among the Companies Working With the EU to Develop a Global Framework for Cybersecurity (Yahoo! Finance ) S21sec, a leading cyber security company, today announced that it will actively participate in the development of future guidelines for cybersecurity in Europe, through its role as a member of the group of companies that will work with the European Commission to improve the EU policy on this field

Marketplace

Insurers need to delineate cyber insurance to prevent coverage gaps: Study (Insurance Business America) The cyber insurance business is one of the fastest-growing in the country, but it is still not without its complications as a relatively new subset of insurance; a joint study recently conducted by cyber insurance research body Advisen and the SANS institute revealed that due to differences between insurers and clients, there is a tendency for gaps in cyber insurance coverage to occur

Crisis communications: IR and the cyber-attack (IR Magazine) Recent rise in cyber-security breaches in Asia highlights role of IR during a crisis

SWIFT Hires Security Firms to Fight Hackers (CFO) The addition of BAE Systems and Fox-IT to SWIFT's security team follows the use of its payment platform in a cyber attack on a Bangladesh bank

Banking network hacked in $81m heist hires outside cyber team (The Hill) The SWIFT banking transaction network has hired third-party experts help to secure its beleaguered systems following a high-profile bank heist

Swift's beefing up its security after fraud troubles (City A.M.) The global bank messaging system which was targeted in a multi-million dollar hack of the Bangladesh central bank has beefed up its cyber security in the wake of the fraudulent attack

Office of Naval Research Awards Leidos Prime Contract (Yahoo! Finance) Company to provide technical solutions for the Electromagnetic Maneuver Warfare Command and Control Program

Intrigue, nastiness engulfs latest protest of DHS’ $1B cyber contract (Federal News Radio) Let’s add a little intrigue and nastiness to the already exciting saga of the $1.15 billion cybersecurity contract the Homeland Security Department has been trying to award for the last 10 months

USAF Wants Cyber-Hard Supply Chain For B-21 (Aviation Week) The U.S. Air Force’s chief of information dominance says contractors and their suppliers are being held to a “higher standard” when it comes to defending against cyber espionage than in years past, as modern, digitally dependent weapons such as the Northrop Grumman B-21 bomber enter development

Flashpoint Expands into Business Risk Intelligence (BRI), Raises $10M in Funding (PRNewswire) Company's unique blend of deep & dark Web data, technology, and expertise to inform decision-making throughout organizations

MACH37 Cyber Accelerator Accepting Applications for Fall 2016 Session (PR Web) Fall ‘16 cohort to begin on September 6th

Imperva Said to Be Working With Qatalyst to Explore a Sale (Bloomberg) Imperva said to hire adviser after unsolicited interest. Cybersecurity firm targeted by activist Elliott last month

Imperva warns of weak sales, stock plunges (MarketWatch) Imperva Inc. IMPV, -4.90% revealed Monday that revenues for the fiscal second quarter will be much lower than previously projected, sending the company's stock down more than 10%. The company, which specializes in data-center-level security, said that revenues for its most recent quarter will be $57.5 million to $58 million, after previously forecasting a range of $65.5 million to $66.5 million. The company expected to lose $6 million to $6.5 million in the quarter, a per-share loss of 20 cents to 22 cents; the previous projection was for a loss of 2 cents to 4 cents a share. "We are disappointed with our second quarter financial results, which were primarily impacted by extended sales cycles across most geographies and verticals predominantly relating to larger deals," Chief Executive Anthony Bettencourt said in Monday's announcement. Imperva shares dove to around $43 in late trading Monday, after closing with a 7.6% gain at $48.14

If You Own KEYW Or Are Thinking About Shorting It, Here's Some Important Information (Seeking Alpha) We included links to other sources to better understand the new CEO's background. We are again predicting significant downside in the stock. We believe the stock will trade under $4.00 again, but stay there this time, and we have numbers to support it. Hexis was worth roughly zero (as we predicted). The same analysts who pushed Hexis thesis are now pushing KEYW with the latest management talking points. History doesn't repeat, but rhymes

Did FireEye Make a Mistake by Rejecting Acquisition Offer? (GuruFocus via Yahoo!) Shares of FireEye (FEYE) have performed nicely over the last few weeks after it came to light that the company had rejected several acquisition offers

Symantec (SYMC) Names New COO; Says Blue Coat Acquisition Closed (Street Insider) Symantec Corp. (Nasdaq: SYMC) announced that Michael Fey will join Symantec as President and Chief Operating Officer upon closing of the previously announced acquisition of Blue Coat, Inc. He will report to Greg Clark, Symantec CEO-designate

Can Barracuda Networks Inc. (NYSE: CUDA) Continue Revenue Gains? (Scibility Media) Barracuda Networks Inc. (NYSE: CUDA) delivered a pleasant surprise in 1Q2016 whereby revenue and EPS grew over the previous year and also exceeded the average projection of Wall Street analysts covering the stock. But investor focus is on the future not the past, which leads to the important question about whether the network security vendor can continue beating expectations in the coming quarters and possibly year

Cisco Systems' Growing Cybersecurity Business a Good Reason to Add It to a Portfolio (The Street) The San Jose company has made intelligent acquisitions in recent years to add to its cybersecurity services, but it is also multi-faceted

CyberArk CEO: We are just getting started (CRN) Udi Mokady speaks to CRN about how the company got started and what it will do next

Thycotic Cited in Privileged Identity Management Report by Independent Research Firm (Yahoo! Finance) New Report Identifies Company as a Strong Performer for Q3 2016

Research and Development

Researchers create effective anti-ransomware solution (Help Net Security) Are you willing to sacrifice a dozen or so of your files in order to save the rest from the grasping hands of modern crypto-ransomware?

NBC Universal patents a method for hunting BitTorrent pirates in real-time (TNW) In an effort to curb piracy of copyrighted content, entertainment giant NBC Universal has patented a way to detect files being shared by large groups of people on peer-to-peer networks in real-time.

Cyber Attacks, Threats, and Vulnerabilities

Stealthy cyberespionage malware targets energy companies (CSO) The threat uses sophisticated techniques to evade detection and prepares the ground for more malware components

Malware Dropper Built to Target European Energy Company (Threatpost) A malware dropper with designs on specific targets was found in a private underground forum and is likely the predecessor to the Furtim malware that was uncovered in May

SFG: Furtim’s Parent (SentinelOne) The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one European energy company. Upon discovery, the team reverse engineered the code and believes that based on the nature, behavior and sophistication of the malware and the extreme measures it takes to evade detection, it likely points to a nation-state sponsored initiative, potentially originating in Eastern Europe

IoT Medical Devices: A Prescription for Disaster (Threatpost) If you’re sick and sitting in a drab hospital room hooked-up to a dialysis pump, the last thing you want to worry about is hackers. But according to IT healthcare security experts, there is a chance that life-saving dialysis machine is infected with malware, could even be processing fraudulent credit card transactions, or is part of a DDoS attack as it cleans your blood

91.1% of ICS hosts have vulnerabilities that can be exploited remotely (Help Net Security) To minimize the possibility of a cyber attack, Industrial Control Systems (ICS) are supposed to be run in a physically isolated environment. However this is not always the case. Kaspersky Lab experts conducted an investigation into ICS threats. Their analysis was based on OSINT (Open Source Intelligence) and information from public sources like ICS CERT, with the research period limited to 2015

Indian hackers with lame tools doing cyber-espionage (IT Pro Portal) I guess the old saying ‘the artisan is only as good as his tools’ can’t really be applied to this hacker (or group of hackers) from India

Attackers Steal 600K Records From Health Care Firms: Report (eWeek) New research from security specialist InfoArmor shows how hackers have been able to get access to patient records in the United States

Datadog bitten by data breach, kills all passwords (Naked Security) Hackers took a bite out of Software-as-a-Service (SaaS) platform Datadog, breaching multiple servers on Friday

Cerber developers release Alfa Ransomware (+360 Blog) Ransomware has been appearing on the Internet for a while; Cerber, TeslaCrypt, and Jigsaw are already familiar names. And now, one new ransomware is floating around. The developers of Cerber Ransomware recently released a new malware, Alfa Ransomware

New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes (Dark Reading) Cisco Talos researchers discover new variant that doesn't decrypt your files after you pay up--it has already deleted them

Ranscam Ransomware Deletes Victims’ Files Outright (Threatpost) Researchers have observed ransomware so sophisticated over the last few months that we’ve seen a variant tease researchers with strings of hidden code and another composed entirely of JavaScript. But not every attacker is technically proficient; researchers are suggesting the ones behind a new strain of ransomware may just be plain lazy

Jigsaw Ransomware Decrypted, Again (Threatpost) The four-month-old Jigsaw ransomware has been defeated again. The ransomware, that packs an emotional punch with its creepy graphics and hallmark countdown clock, can be overcome simply by tricking the ransomware code into thinking you’ve already paid

Jigsaw Ransomware Decryption (Check Point Threat Intelligence and Research) The Jigsaw ransomware was first spotted in April 2016, and has since received a bit of traction. It became infamous thanks to an image of the Jigsaw killer from the movie ‘Saw’ displayed on the ransom note (hence its name), and its unique way of persuading victims to comply – if payments aren’t made within an hour, Jigsaw starts deleting files from the infected machine

Hiding in White Text: Word Documents with Embedded Payloads (SANS Internet Storm Center) Malicious macros in Office documents are not new, and several samples have been analyzed here at the ISC Diary website. Usually, the macro script is used to drop the second stage malware either by reaching to the internet or by extracting a binary embedded in the Office document itself. In this post, we will examine two similar malicious documents that were observed separately with each dropping a different malware sample, namely, NetWiredRC and iSpy

Experts say Pokémon Go exposes players to security and privacy risks (CSO) Attention iOS players: Pokémon Go has total control over your Google account

Privacy scare over Pokémon Go app for iOS (Graham Cluley) Google and Niantic are working on fixes

The Curious Mystery of the Map in Pokémon Go (Atlantic) Due to data flukes, private homes are being besieged by the game’s players

Cops warn Pokémon Go players: Please don’t trespass to catch ‘em all (Ars Technica) "Please use caution as I do not believe the game was intended to be used while driving"

Playing Pokémon GO can lead to unexpected dangers (Help Net Security) Interest in Pokémon GO, the mobile augmented reality game that has users going places in the real world to capture, train, and battle with virtual Pokemon, has exploded the moment it was released late last week

Covert Voice Commands Can Hack A Smartphone (Dark Reading) Researchers from Georgetown University and the University of California, Berkeley say cybercriminals could use hidden voice commands via popular YouTube videos to infect Androids and iPhones with malware

‘Our Mine’ Hacks Twitter Account of Twitter CEO Jack Dorsey (Hack Read) After Google's CEO Sundar Pichai and Facebook's Mark Zuckerbert, the "Our Mine" Hackers have found a new target and this time it's Twitter's CEO Jack Dorsey

Security analyst banned for disclosing vulnerabilities in web forums (Graham Cluley) Blind faith motivates website admins to dismiss multiple security flaws

Who Hacked Sony Pictures? Two Years Later, No One’s Really Sure (Motherboard) On November 24, 2014, an ominous message appeared on all the computers of the employees of Sony Pictures Entertainment in California. “Hacked by #GOP,” read the title of the message, which had a red skeleton in the background

Academia

West Point cadets gain cyber experience in Silicon Valley internships (GCN) As cybersecurity becomes integral to military operations, learning the basics is imperative for the next generation of cyber warriors, signals intelligence analysts and network operators. While cadets at the service academies receive coursework in these subjects, gaining practical, real-world experience is especially valuable. That’s where Vidder, a small Silicon Valley-based network security startup, comes in

Litigation, Investigation, and Enforcement

VPN provider cuts off service to Russia after servers seized (CSO) Private Internet Access said it had not followed Russian rules for VPN providers

Big “carding gang” bust announced by Europol: 105 arrests across 15 countries (Naked Security) EC3, which is shorthand for Europol’s European Cybercrime Centre, just announced a big “carder gang” bust

Ruling could make sharing passwords for subscription services a federal crime (Fox News) A new federal court ruling could make sharing your passwords for subscription services -- covering everything from Netflix to HBO GO -- a federal crime punishable by prison time, according to a judge who opposed the decision

Commercial Facilities: Safeguarding places where people gather (Federal Times) In a non-descript office park in Columbia, Maryland, Michael Buratowski and his forensics team are on the trail of the country’s latest national security threat, cybercrime

House GOP Wants Clinton Investigated for Perjury (Mother Jones) The FBI's investigation of her email system "appears to directly contradict several aspects of her sworn testimony"

Poll finds majority of Americans disagree with FBI in Clinton e-mail flap (Ars Technica) Respondents' answers depended largely on their political affiliation

Pressure grows on Clinton aides to lose security clearances (The Hill) Pressure is growing on the State Department to revoke the security clearances of several of Hillary Clinton’s closest aides, potentially jeopardizing her ability to name her own national security team should she become president

Hunter: Marine had right intent, Hillary Clinton did not (Marine Corps Times) A Marine accused of mishandling classified information for warning troops in Afghanistan about the threat of an insider attack is being held to an “excessively high standard,” compared to former Secretary of State Hillary Clinton, a prominent lawmaker argues

Harlan Ullman: Where has all the accountability gone? (UPI) Last week, two major government inquiries went public, one on this side of the pond and the other in Washington, D.C

Serial Swatter, Stalker and Doxer Mir Islam Gets Just 1 Year in Jail (KrebsOnSecurity) Mir Islam, a 21-year-old Brooklyn man who pleaded guilty to an impressive array of cybercrimes including cyberstalking, “doxing” and “swatting” celebrities and public officials (as well as this author), was sentenced in federal court today to two years in prison. Unfortunately, thanks to time served in this and other cases, Islam will only see a year of jail time in connection with some fairly heinous assaults that are becoming all too common

Australian Convicted of Recruiting 7 Men to Fight in Syria (Australian Broacasting Corporation) The first person charged in Australia with recruiting and sending fighters to Syria was convicted Tuesday of recruiting seven foreign fighters

Kim Dotcom to reboot Megaupload half a decade after FBI shut it down (Ars Technica) File-sharing mogul still fighting against extradition to US

Design and Innovation

Risk-Based Security Lessons From Airport Lines (IBM Security Intelligence) The summer travel season is upon us. In an age of terrorism and other threats, this means that everyone is talking about airport security lines and the Transportation Security Administration (TSA)

Cybersecurity expert explains why Tesla's cars are some of the toughest to hack (Tech Insider) A cybersecurity expert says that Tesla's cars are some of the toughest to hack, even though they are among the most connected cars on the road

Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected (Dark Reading) New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, July 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East Coast Time). The importance of open-source intelligence (OSINT) has increased exponentially as more and more information has come available online. At the same time, the increased sophistication of websites and platforms means the content one sees can be easily blocked or manipulated based on one’s attribution to an organization, region, or country. This presentation focuses on the importance of Managed Attribution, detailing the technical methods employed by websites and platforms to determine attribution, and presenting solutions that allow users to manage their attribution in order to get access to the most authentic and accurate information.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Recon malware targets European energy sector. Medical devices, ICS systems increasingly attractive to hacking. Alfa and Ranscam join ransomware field; Jigsaw's decrypted. Use Pokémon Go with caution.