ISIS under pressure and dangerous. Crimeware upgrades. Pokémon Go's astonishing success (and the attack surface it presents). SAP and Cisco patch. M&A notes, cybersecurity court decisions.
news from the SINET Innovation Summit
We'll be linking to a full report in Monday's issue, but here are some preliminary notes on SINET's 2016 Innovation Summit. The conference included its anticipated mix of contributors: security executives, business leaders, investors, and Government officials.
The US Department of Homeland Security offered a strong invitation to participate in the Department's Automated Indicator Sharing (AIS) program, which aspires to fill the role of a kind of international 911 for cyber. It won't detect zero-days or highly tailored attacks, but it will "shrink the battlefield" as Assistant Secretary Robert Silvers put it: the majority of attacks are recycled, and AIS is intended to help its participants stop these.
Panels throughout the day returned to the importance of approaching cyber security as an exercise in risk management, and to the first rule of communicating with C-suites and boards: do so by speaking the language of business. That language should make a business case, and do so in terms of sound estimation and management of value-at-risk They commented on the challenges of staying abreast of the growing number of regulations and standards (rarely coordinated, sometimes incompatible, and often an obstacle to innovation).
We also heard advice for security startups from both investors and large customers. They find that companies succeed if they can execute, if they're differentiated from the very large field of competitors, and if they have market space. And what counts as success? As one panelist put it, "Success is building a sustainable business, not how much money you raise, or who's on your board."
A full report on the 2016 SINET Innovation Summit will appear Monday. We note that SINET has been to London and is now heading for Australia—they'll be in Sydney this September.
Increasing pressure on the ground drives ISIS not only toward more dispersed attacks abroad, but also toward renewed aspirations for an aggressive online presence and cyber-attack capability. Police intelligence alerts over social media sadly failed to arrive in time to warn victims of the Bastille Day attack in Nice.
Three upgrades to familiar crimeware appear. Symantec observes that newer versions of the Android.Fakebank.B malware family (a family known to researchers since 2013) have picked up a call-blocking capability. The Trojan blocks calls to the customer service numbers of selected banks. Avira warns that Locky ransomware is now able to encrypt victims’ files without needing to connect to a command-and-control server. And FireEye notes that an IE exploit has been added to the Neutrino kit. It appears to have been reverse-engineered from a proof-of-concept researchers at Theori prepared in June.
Pokémon Go shows no signs of slowing popularity. Its security risks remain intensely debated. Whether privacy issues deriving from the extensive privileges the game initially assumed have been fully addressed or not, players are strongly cautioned to be alert for bogus apps and pirated versions. (And to look both ways in physical space before crossing streets.)
In industry news, SAP has fixed thirty-six vulnerabilities (two “high priority”) in its software. Cisco addresses security issues in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server, and Cisco Meeting Server. CyberGRX emerges from stealth with $9 million in Series A funding (led by Allegis Capital), and Delta Risk Cybersecurity Services acquires Allied InfoSecurity.
Notes.
Today's issue includes events affecting Australia, Azerbaijan, China, European Union, France, Germany, Iraq, Ireland, Kazakhstan, Kyrgyzstan, Russia, Saudi Arabia, South Africa, Syria, Taiwan, Tajikistan, Tunisia, Turkey, Turkmenistan, United Kingdom, United States, and and Uzbekistan.
A note to our readers: we're back from New York, where we covered SINET's 2016 Innovation Summit. Next week we'll be in Detroit, for the first annual Billington Global Automotive Cybersecurity Summit, convening Friday the 22nd.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partners at the University of Maryland's Center for Health and Homeland Security are represented by Ben Yelin, who'll take us through a recent ruling on privacy, home computing, and the 4th Amendment. We'll also have as our guest Eli Sugarman of the William and Flora Hewlett Foundation. He'll describe the Foundation's Cyber Initiative. (And as always, if you listen to and like our podcast, consider giving it an iTunes review.)
New York: the latest from the SINET Innovation Summit
Automated Indicator Sharing (AIS) (US-CERT) The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed. Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email (although they can also be much more complicated)
DHS/NPPD/PIA-029 Automated Indicator Sharing (US Department of Homeland Security) The Department of Homeland Security (DHS) National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities
Cyber Attacks, Threats, and Vulnerabilities
Is the Islamic State planning a cyber-caliphate? (Al Monitor) Judging from the Islamic State's (IS) losses of territory and revenue in Iraq and Syria, IS is coming under more pressure by the day. If the losses continue at this pace, many observers think 2016 could well be the final year of IS in these two countries
FBI director warns of terrorist exodus as ISIS 'caliphate' squeezed (Fox News) FBI Director James Comey predicted an exodus of Islamic State fighters spreading worldwide as they prepare for the potential fall of the so-called caliphate in Iraq and Syria, warning lawmakers Thursday that ISIS will become increasingly “desperate” to launch attacks elsewhere
Death of Islamic State's Shishani may damage foreign recruitment (Reuters) The death of Islamic State's "minister of war" may disrupt its operations, a senior U.S. military officer said on Thursday, and an Iraqi security expert said it could damage the group's important recruitment efforts in ex-Soviet republics
This Android Trojan blocks the victim from alerting banks (CSO) Symantec has noticed a “call-barring” function in a newer version of Android malware
Locky Ransomware Gets Offline Encryption Capabilities (SecurityWeek) Locky, one of the most used ransomware families during the first half of the year, is now able to encrypt files without connecting to a command and control (C&C) server, Avira researchers warn
IE Exploit Added to Neutrino After Experts Publish POC (SecurityXSpace) The developers of the Neutrino exploit kit have added a recently patched Internet Explorer vulnerability to their arsenal after researchers published a proof-of-concept (PoC) exploit
Fake apps on Google Play tricked users into paying instead of delivering promised followers (We Live Security) Many malicious developers try to trick users into downloading their apps by creating the illusion of a useful application. They accomplish it by creating a very interesting app name and adding a bogus description that does not match the functionality of the application
Blog: Does the Pokemon Go Craze Threaten Networks? (SIGNAL) Do you play Pokemon Go?
Pokémon GO-themed malicious apps lurk on Google Play (Help Net Security) Researchers have discovered three malicious apps taking advantage of Pokémon GO’s immense popularity, offered for download on Google Play
Does Pokemon Go really pose a security and privacy risk? (Live Mint) Security experts are divided, but one thing is certain, those who are using the pirated versions of Pokemon Go face a bigger risk
Pokémon Go und die Sicherheit (One to One) Manche Hypes sind zwar bemerkenswert, aber auch nicht überraschend: Pokémon war schon immer beliebt, aber die starke Verbreitung der neuen Mobile-App Pokémon Go ist auffällig. Derzeit entstehen offenbar auch erste Sorgen um die Sicherheit der Nutzer
Pokémon Go to go global ‘soon’ as hit game launches in three more countries (TechCrunch) Pokémon Go is already a phenomenon that has captured the attention of millions and added billions to Nintendo’s market cap, but the game itself remains limited to a handful of countries. There’s good news for wannabe players, then, with word that it most definitely harbors global expansion plans
Pokémon Go’s retention rates, average revenue per user are double the industry average (TechCrunch) New data released this morning on the mobile phenomenon Pokémon Go shows that the popular game isn’t only the biggest in U.S. history – it’s also breaking records when it comes to its ability to monetize and retain its users, as well. According to a report from SurveyMonkey, Pokémon Go is seeing retention rates at more than double the industry average, and is pulling in revenues at twice the average rate for casual games
Command Injection: A Deadly Needle in the Haystack (IBM Security Intelligence) Looking across the threat landscape at cybercriminals’ go-to attack vectors, we see SQL injection high on the list. But there’s another injection method that also poses a serious threat: command injection
NXP warns cryptographic keys can be hacked (Electronics Weekly) An encrypted key technology used to make hardware like mobile phones secure may not be as hackable as first thought
Crypto flaw made it easy for attackers to snoop on Juniper customers (Ars Technica) Networking gear maker kills bug that failed to catch self-signed certificates
Juniper Junos up to 16.1r1 Ipv6 Mac Address Ethernet Handler Flooding Denial of Service (vulbd) A vulnerability was found in Juniper Junos. It has been declared as problematic. This vulnerability affects an unknown function of the component IPv6 MAC Address Ethernet Handler. The manipulation with an unknown input leads to a denial of service vulnerability (flooding). As an impact it is known to affect availability
Hackers steal millions from ATMs without using a card (CNN Money) Taiwan is trying to figure out how hackers managed to trick a network of bank ATMs into spitting out millions
Why We Should Be a Little Paranoid About Hackers Messing With Robot Surgeons (Motherboard) A few weeks ago, my colleague Victoria Turk sat down in a surgical chair, slid her fingers into something that looked like pliers, wore a pair of 3D glasses, and tried to control a robotic surgeon remotely
Your website may be engaged in secret criminal activity (TechCrunch) Most of us think of website hacks as illicit activities aimed at siphoning critical information or disrupting the business of website owners. But what happens when your site becomes hacked, not for the purpose of harming you but rather to further the ends of other parties? Most likely, the attackers would manage to feed off your resources and reputation for months or years without being discovered, because it’s hard to take note of something that isn’t directly affecting you
Rise in brand impersonation exploits user trust (Help Net Security) A rise in brand impersonation means bad actors can exploit user trust by intercepting communication with rogue social media profiles and expose them to malware, ransomware or credential harvesting sites
Big Data and elections: The candidates know you – better than you know them (CSO) Most political campaigns emphasize providing information – carefully controlled information – about a candidate to voters. But in the era of Big Data, they are also collecting information about voters – with little or no control, consent or security
Security Patches, Mitigations, and Software Updates
SAP releases monthly patch update closing 36 vulnerabilities – two rated 'high priority' (Computing) Enterprise applications giant finally gets round to dealing with 'clickjacking' vulnerabilities
Cisco patches serious flaws in router and conferencing server software (CSO) The patches fix flaws in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server and Cisco Meeting Server
Cisco Patches DoS Flaw in NCS 6000 Routers (Threatpost) Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers
Cyber Trends
Cybersecurity concern continues to rise (Help Net Security) A new Black Hat report reveals some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises
76% of companies believe IoT is critical to success (Help Net Security) Vodafone published its global survey of business sentiment regarding innovation and investment in the Internet of Things. The survey was conducted by Circle Research in April and May 2016 and involved more than 1,096 companies around the world
Companies failing to plan for many cyber dangers (CSO) Only 22 percent of companies have a comprehensive plan in place to deal with major security incidents
The Cyber-Security Industry Must Be More Realistic (Baseline) The reason post-attack incident response wasn’t a market until recently was blind optimism. Firms assumed that with enough resources, they could stop breaches
The damaging divide in application security (Help Net Security) It’s time to get serious about application security and the divisive reality of breaches
South Africa has crossed the cyber Rubicon (Enigineering News) The recent spate of well-publicised cyber-attacks on South African organisations should be a wake-up call to government and corporates indicating that the country is amongst those being targeted globally, says Evert Smith, Threat Intelligence Lead at Deloitte South Africa
Marketplace
CyberGRX Gets $9M to Manage Security Risks From Business Partners (Xconomy) An interesting cybersecurity startup emerged from stealth mode in Denver today. CyberGRX, which develops cyber risk management software, said it has closed $9 million in Series A funding, led by Allegis Capital
Delta Risk Cybersecurity Services Acquires Allied InfoSecurity, With Plans to Expand (Mergers & Acquisitions) The PE arm of ex-Homeland Security Secretary Michael Chertoff's Chertoff Group owns a majority stake in Delta Risk
Organization’s cyber security can have an effect on acquisition, says report (IT World Canada) There are three common reasons cyber security has to be among the top priorities for the C-suite: To maintain confidence of partners, customers and investors. Loss of confidence by any of those groups could undermine corporate revenues
Symantec fires up innovation engine after Veritas spin-off (Channelnomics) EMEA channel chief signals R&D investment
Symantec, Intel carve out diminishing slice of growing security market (Register) Oh dear, Big 5. Looks like the Others are growing
Cisco's Path To Relevancy (Seeking Alpha) Cisco has seen significant growth recently in its high-margin, innovative product divisions. There are several new opportunities, and Cisco is looking to take full advantage of them. Fundamentally, it does not get much better than this
Don’t Buy FireEye (InvestorGuide) Cyber security is a growing space, but that doesn’t mean every company is the sector is well positioned to benefit from it. Most companies in the industry are reporting terrific losses and FireEye (FEYE) is one of them. While bulls have often argued that FireEye is an acquisition target, buying it on the hopes of an acquisition is not good investing
CyberArk- The Employees Already Within The Firewall Are The Greatest Threat To Enterprise Cybersecurity (Seeking Alpha) CyberArk is a leading vendor of "within firewall" security solutions. It is a leader in its space although there are many competitors ranging from point vendors to large companies who offer identity management and pass word protection. The company, almost uniquely these days, has a license only revenue model that has had a major impact that has made this company highly profitable without much scale. The company is increasing spend on both R&D and on sales & marketing at high rates in order to take advantage of a host of unexploited opportunities. Over the 6 quarters that this company has been public, its estimates have proved to be far below actual attainment. It is likely that trend is still persisting
BitSight Increases Customers by over 60% in the First Half of 2016 (PRNewswire) Most experienced and trusted security ratings provider announces 410 customers, record sales and rapid global expansion
FAST 25: Rook Security (Indianapolis Business Journal) Needed service: Rook Security’s continued growth—it was a Fast 25 company in 2015, too—reflects the ever-increasing need for cyber security services. CEO and founder J.J. Thompson said the staff grew 35 percent and Rook doubled its client base. It’s now in the process of raising capital
Products, Services, and Solutions
Inky Delivers Encrypted, Secure Affordable Email Management (Inky) Inky, a leader in email management, today announced its new email service, which offers an easy way to encrypt, tag, and manage email on multiple accounts
Identify risks before they become threats. Identify threats before they become a crisis. (Haystax) Haystax developed Carbon for insider threat detection using our patented algorithms and sophisticated identity analytics. Our approach relies on model-based continuous threat monitoring and analysis as well as automated alerting, so that an organization’s personnel are not overloaded with noisy data
ThreatTrack Launches ThreatAnalyzer 6.1 (PRNewswire) Latest version of industry leading malware analysis sandbox better enables enterprises and government agencies to discover and respond to advanced malware
Bank boffins drop slick incident response tool for Mandiant mobs (Register) Plugs hundreds of endpoints into 'single pane of glass'
IBM Unveils New Cloud Blockchain Security Service (CoinDesk) IBM today unveiled a new service designed to help businesses test and run blockchain projects meant to handle private or sensitive data
Businesses should get proactive about identifying potential account breaches: Akamai (CSO) Use big-data security analytics tools to see if compromised customer or supplier accounts are being used as conduits for economic crime
Cymmetria Releases Free Community Version of Innovative Cyber Deception Solution for Hunting Attackers (Dark Reading) Cymmetria, which develops a cyber deception solution for hunting attackers in organizational networks, today released a free community edition of its MazeRunner platform. Cymmetria’s release of the community edition comes after two years of development and customer deployments, in addition to successfully capturing three targeted nation state attacks
HummingBad: 40,000 avoidable infections in Germany alone (Realwire) Blocking malware before it can do damage – with cloud-based security
Guidance Software Delivers Real-Time Continuous Monitoring (BusinessWire) EnCase® Endpoint Security enhances detection and improves incident response
CRN Exclusive: HPE To Start Selling Data Security Products Through Partners (CRN) Hewlett Packard Enterprise is undertaking a strategy to move more of its security products through partners, telling CRN that it is starting to open its data security portfolio to the channel, lines that had previously only been sold direct
Technologies, Techniques, and Standards
Digital Rights Advocates Call for Investigation Around W3C’s DRM Extension (Threatpost) Digital rights advocates are again pleading with the World Wide Web Consortium (W3C) to reconsider standardizing DRM in Encrypted Media Extensions, a draft specification that would ultimately feed into HTML 5
Evaluating a Cloud-Based Service (Security Infowatch) Cloud-based applications are the central focus of technology development in general, and are quickly becoming the primary experience and expectation of end-users. That’s why the future of your business will involve cloud-based applications
Is Full Packet Capture Worth the Investment? (IBM Security Intelligence) Let’s face it: Cybersecurity isn’t getting any easier as attacks become stealthier, more complex and harder to assess
Name All the Things! (SANS Internet Storm Center) With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to speak the same language and to avoid ambiguities while talking to them. A best practice is to apply a naming convention to everything that can be labeled. It applies to multiple domains and not only information security
Design and Innovation
Google offers 'New Hope' for cryptanalysis resistant public-key crypto (SC Magazine) Google has taken to its online security blog to announce it has started to experiment with cryptanalysis resistant public-key cryptography
Why AI could be the key to turning the tide in the fight against cybercrime (ZDNet) A lack of cybersecurity staff is well documented: could artificial intelligence be what makes life harder for hackers?
Research and Development
Clever Tool Shields Your Car From Hacks by Watching Its Internal Clocks (Wired) Car-hacking demonstrations tend to get all the glory in the security research community—remotely paralyzing a Jeep on the highway or cutting a Corvette’s brakes through its Internet-connected insurance dongle. But as the nascent automotive security field evolves, defensive tricks are getting cleverer, too. Now there’s a new prototype gadget that stops those vehicular attacks with an ingenious hack of its own
Meet The Teams In DARPA's All-Machine Hacking Tournament (Dark Reading) "Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities
Academia
Senator Carper & Federal CIO Tony Scott to Recognize U.S. Cyber Challenge Competitors (US Cyber Challenge) Tomorrow, the 7th annual U.S. Cyber Challenge camp in Delaware will host a Capture-the-Flag competition and award ceremony. A variety of government officials will be attending the award ceremony to speak to the country’s on-going workforce needs. The camp is hosted by US Cyber Challenge and in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College and the Delaware Department of Technology and Information (DTI). [Update: CIO Snow was called away and proved unable to attend]
Legislation, Policy, and Regulation
Opinion: The triumph of Privacy Shield (Christian Science Monitor Passcode) The new data transfer pact between the US and European Union known as Privacy Shield opens the door to a new era of safe and secure digital commerce for Europeans
UK surveillance bill includes powers to limit end-to-end encryption (TechCrunch) The UK government has explicitly confirmed that a surveillance bill now making its way through the second chamber could be used to require a company to remove encryption. And even, in some circumstances, to force a comms service provider not to use end-to-end encryption to secure a future service they are developing. The details were revealed during debate of the Investigatory Powers Bill at a committee session in the House of Lords this week
Ex-NSA chief: Responding to cyberattacks is a government responsibility (FedScoop) Officials told Congress that outside of lives lost, drawing a red line is going to be difficult
Rogers: National Security Agency Becoming ‘FEMA of the Cyber World’ (UPDATED) (National Defense) Following major cybersecurity breaches nationwide, the National Security Agency is increasingly being called upon to advise both government offices and the private sector, said the head of the United States’ spy agency
NSA Boss Says U.S. Cyber Troops Are Nearly Ready (WBAA) The director of the National Security Agency says his first few dedicated cyber troops will be operational by early fall but the nation can't wait for the full unit to be ready
U.S. Army officials designate ARCYBER as an Army Service Component Command (Military Embedded Systems) U.S. Cyber Command (ARCYBER) has been designed as an Army Service Component Command (ASCC). The Secretary of the Army signed the Department of the Army General Order (DA GO 2016-11) on July, 11, 2016 designating ARCYBER as an ASCC
McCain Pushes Apple, Google On Encryption Standards in Cyber Hearing (USNI News) Sen. John McCain warned Google and Apple executives Thursday that the Senate Armed Services Committee “has subpoena power” that could compel them to testify on why their encryption systems on newer smartphones are not accessible to law enforcement operating under court orders
U.S. Privacy and Civil Liberty Watchdog Faces Limits in Congress (New York Times) A leading Democrat in Congress is pushing back against an effort to impose new constraints on a civil liberties watchdog agency that investigates the nation’s security programs
House Science Committee convinced fraud investigations stifle free speech (Ars Technica) To preserve the free speech of Exxon, Rep. Smith wants e-mails of others
Intelligence group wants to use wearables to assess agent recruits (Washington Post) Becoming an intelligence agent might get a lot harder
Congresswoman introduces revenge porn bill, setting max penalty at 5 years (Ars Technica) Rep. Jackie Speier: A person’s life can be shattered "with the click of a button"
Litigation, Investigation, and Law Enforcement
In Nice attack, government's official terror alert comes too late (CSO) Government officials used Twitter to encourage those affected to use Facebook to signal their safety
Police raid homes over Facebook hate speech (Naked Security) German police raided about 60 people’s houses on Wednesday, accusing most of the suspects of posting xenophobic, anti-Semitic or other extremist right-wing content to a private Facebook group
Microsoft wins appeal over U.S. email requests (USA Today) In a ruling that has important data security implications, a court ruled Thursday Microsoft can't be forced to give the government e-mails stored in Ireland that are part of a U.S. drug investigation
Microsoft ruling limits government access to data stored overseas (Christian Science Monitor Passcode) Tech advocates hailed the decision in a case over access to emails stored on data servers in Ireland as a boon for privacy rights in the Digital Age
Microsoft's overseas privacy battle may be far from over (CSO) Thursday's ruling says the U.S. can't force Microsoft to give up emails stored on a server in Ireland
Is it ethical to use malware when disrupting cyber-crime? (SC Magazine) As the FBI declares its malware-like software cannot be malware as it is used with non-malicious intent, we ponder the ethics of the good guys using the same tools as the bad guys
46-month sentence for businessman who helped Chinese military hackers (Washington Post) A businessman who admitted helping Chinese military officers as they hacked into the computer systems of U.S. defense contractors and stole significant information was sentenced Wednesday to three years and 10 months in prison, authorities said
Feds ask judge to toss case about Olympics snooping claim (12News) The National Security Agency asked a judge Thursday to dismiss a lawsuit from a former Salt Lake City mayor who says the agency conducted a mass warrantless surveillance program during the 2002 Winter Olympics
Serial hacker, doxxer, and swatter sentenced to two years in prison (Ars Technica) He and others "embarked on this digital crime spree to entertain themselves"
Sex offender arrested, accused of playing Pokémon Go with kids (Ars Technica) Probation agent saw offender playing game with kids outside agency's office
Indifference and ignorance: Delving deep into the Clinton e-mail saga (Ars Technica) Clinton wasn't alone in mishandling communications, classified data
'Gag' order: FBI confirms special secrecy agreements for agents in Clinton email probe (Fox News) The FBI has confirmed to a senior Republican senator that agents were sworn to secrecy -- and subject to lie detector tests -- in the Hillary Clinton email probe, an extensive measure one former agent said could have a "chilling effect"
The Strange Gaps in Hillary Clinton's Email Traffic (Politico) An analysis of the released emails raises questions about whether Clinton deleted a number of work-related emails--and if she did, why
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, Jul 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East Coast Time). The importance of open-source intelligence (OSINT) has increased exponentially as more and more information has come available online. At the same time, the increased sophistication of websites and platforms means the content one sees can be easily blocked or manipulated based on one’s attribution to an organization, region, or country. This presentation focuses on the importance of Managed Attribution, detailing the technical methods employed by websites and platforms to determine attribution, and presenting solutions that allow users to manage their attribution in order to get access to the most authentic and accurate information.
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.