What Guccifer 2.0 and the Bears were up to, hacking the DNC, and why you should care (trust us—you should). Attend ThreatConnect’s webinar to find out.
ISIS forum administrator doxed. Could coup plotters have jammed Turkey's Internet? Philippine government sustains DDoS attack. (So does Pokémon GO.) Banking malware uses Excel macros. Phones can be made to call premium numbers.
A prominent ISIS web forum administrator (he runs the Shumukh al Islam, or “Glory of Islam” site) has had his online correspondence hacked and two years of it dumped on Pastebin, Motherboard reports. The content includes recruitment information and communication with forum members. A Forcepoint researcher observes that “the myth of a highly secure jihadi underground, is exactly that: It's a myth.”
This is consistent with ISIS operations in cyberspace serving inspiration as opposed to either hacking or command-and-control of terror operations. ISIS claims it inspired the Afghan teenager who attacked train passengers in Germany with an axe, and French authorities say the Nice murderer was inspired by the Orlando massacre (information about which he collected online).
The post mortem on whatever happened last weekend in Turkey concludes the coup plotters’ central error was failure to take down the Internet. How they might actually have done so analysts leave as an exercise for their readers—it’s easier said than done.
Distributed denial-of-service attacks might be one approach to Internet jamming. The Philippine government is sustaining such a campaign this week, probably, observers think, at the hands of Chinese services striking against a rival for South China Sea territory.
Other threat actors undertake DDoS attacks against a variety of targets, Pokémon GO prominent among them.
Symantec finds banking malware in Excel macros.
A researcher demonstrates how thieves could subvert the account-recovery and 2FA options various services make available to their customers. The theft would occur by diverting calls to premium numbers.
Notes.
Today's issue includes events affecting Australia, Austria, Brazil, Bulgaria, Canada, China, Czech Republic, France, Germany, Iceland, India, Iraq, Japan, Morocco, Nepal, Norway, Pakistan, Philippines, Poland, Russia, Spain, Syria, Switzerland, Taiwan, Turkey, United Kingdom, and United States.
A note to our readers: This Friday we'll be in Detroit, for the first annual Billington Global Automotive Cybersecurity Summit. Watch for live-tweets from the event, and a full report published here next week. And for an early look at (actually, an early listen to) some of the conference's important themes, check our interview with Booz Allen Hamilton's Jon Allen. He discusses the Automotive ISAC and offers a preview of the conference.
The CyberWire Special Edition Podcast, "Quantifying Cyber Risk," is out. This Special Edition features discussions with experts in the security and insurance sectors about quantifying cyber risk: how you do it, what you do with the numbers once you've got them, and why it all matters.
And, of course, you'll be able to catch the CyberWire's regular daily Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Joe Carrigan will again represent our partners at the Johns Hopkins University with some well-informed discussion of two-factor authentication. And we'll speak with Recorded Future expert Levi Gundert about their breaking news on the Cknife web shell. (As always, if you like our podcast, consider giving it an iTunes review. We appreciate the feedback.)
Cyber Attacks, Threats, and Vulnerabilities
'Prominent’ Admin of Top ISIS Forum Hacked (Motherboard) An administrator of a top-tier ISIS web forum, who one expert describes as a “prominent” member of the online jihadi community, has been hacked
ISIS Claims Responsibility for Ax Attack on German Train (New York Times) The Islamic State claimed responsibility on Tuesday after a 17-year-old Afghan who came to Germany as a migrant attacked passengers on a regional train with an ax before he was killed by the police, a development that is likely to intensify fears that the huge influx of migrants poses a security threat
Nice Attacker Was Inspired by Orlando Nightclub Attack (Time) The attacker searched for info about the attack on the Florida gay nightclub
Signs of Turkish Cyber Skirmish Follow Failed Coup, Cytegic Says (Bloomberg) Turkey is seeing the divisions that led to the failed coup move into the virtual arena with an outbreak of cyber attacks this week, Israeli cyber-security company Cytegic said
Turkish coup plotters’ cyber fail: Not turning off Internet (Ars Technica) Plotters, including an army cyber expert, got tripped up by social media
Philippines Government Websites Hit by Massive DDoS Attacks, China Suspected (Softpedia) Attacks came on the same day as a controversial decision regarding China's rights over islands near the Philippines
Massive DDoS cyber attack takes down Pokémon Go (Computer Business Review) Hacking group PoodleCorp has taken responsibility for the attack on Twitter, with further promises of a bigger attack coming soon
Pokemon Go hit by cyber attack: Industry reaction (IT Pro Portal) Following the news that the hugely popular mobile game Pokemon Go was taken offline by a DDoS attack over the weekend, various industry professionals have offered their thoughts and analysis
Pokémon GO: PoodleCorp threatens DDoS outage on August 1 (Naked Security) Are you a Pokémon GO fan? I can’t tell you whether I like it yet, because the darn thing won’t work on my Android
Attackers launch multi-vector DDoS attacks that use DNSSEC amplification (CSO) Researchers from Akamai observed multiple attacks abusing DNSSEC-enabled domains for DDoS amplification
DDoS attacks continue to escalate in both size and frequency (Help Net Security) Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks
RNC braces for cyber attacks (TechCrunch) The Republican National Convention kicks off today in Cleveland and the event promises to be unusual. Donald Trump’s campaign has, of course, been controversial, and he’s putting his own strange spin on the event. Major GOP figures have declined to attend, so Trump has replaced them with the likes of Scott Baio and Peter Thiel
Malicious macros arrive in phishing emails, steal banking information (Symantec) Malicious macros made a comeback in 2015 to deliver malware. Now we’re seeing phishing emails use macros in Excel attachments to steal sensitive banking details
Criminals plant banking malware where victims least expect it (Ars Technica) Result was a highly effective means for distributing account-draining Trojan
Delilah malware secretly taps webcam, blackmails and recruits insider threat victims (Computerworld) Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company’s secrets
How to scam $750,000 out of Microsoft Office: Two-factor auth calls to premium-rate numbers (Register) Tech giants scramble to fix pricey loophole
Attackers could steal millions through online phone verification systems (CSO) Many systems can be tricked to call premium-rate numbers set up by attackers
How to steal money from Instagram, Google and Microsoft (Help Net Security) Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated
Software fraud claims billions of dollars but the industry finds it difficult to stop (Financial Times) Shailin Dhar began his career on the dark side of the online advertising industry. In 2013, aged 22, he started working for a New York-based entrepreneur who owned dozens of bogus websites. His job was to inflate the number of visits to the sites — thereby boosting advertising sales — by purchasing fake web traffic
After 7 Years, Enfal Keeps Changing Its Spots but the Danger Remains (Verint) The Enfal malware, first spotted in 2004, is more dangerous than ever given its ability to morph over time often enough to evade detection
Carbanak Gang Tied to Russian Security Firm? (KrebsOnSecurity) Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity
Mystery surrounds $2M ATM “jackpotting” attack in Taiwan (Naked Security) Mystery still surrounds a recent series of bank heists in Taipei, Taiwan
CGI Script Vulnerability ‘Httpoxy’ Allows Man-in-the-Middle Attacks (Threatpost) An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms
No, SFG isn't Stuxnet 2.0 (IT News) Overhyped and underdone
Researchers Crack Furtim, SFG Malware Connection (Threatpost) New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies.
Inside the diabolical Ukrainian hack that put the U.S. grid on high alert (E&E News) Eastern Europe was blanketed in a heat wave last summer. In Kiev, Ukraine, a state of desperate resignation had set in as fighting intensified between pro-Russia rebels and Ukrainian forces to the east. Separatists closed highways and attacked ports. Meanwhile, a silent incursion had started to worm its way into the email accounts of employees at media outlets, national railroads and power distributors in the western half of the country
Critical infrastructure in Europe exposed to hackers (SC Magazine) Power stations in Germany, Italy and Israeli smart building could be accessed by criminal hackers
Critical infrastructure in the crosshairs (GCN) The security threat faced by government networks and computer systems should now be obvious to everyone, even if some of the efforts to protect against those threats have been tardy. Threats against critical infrastructure systems, which are just as important to all levels of government, are less well known
Stuxnet ushered in era of government hacking, say experts (Christian Science Monitor Passcode) In the new documentary "Zero Days," director Alex Gibney chronicles the rise of Stuxnet and the widespread use of cyberweapons that followed
'Zero Days' Director Alex Gibney On Making Stuxnet A Movie Star (New America and Christian Science Monitor Passcode) Filmmaker Alex Gibney is known for his awardwinning documenteries on topics that range from Enron to Wikileaks, but now he's taken on a tough challenge: Making a movie about a secret program that few people will publicly acknowledge. "Zero Days" focuses on the Stuxnet computer virus that's believed to be the world’s first digital weapon
How a healthcare hacker is pressuring victims to pay up (CSO) A hacker who claims to have stolen 10 million patient records is extorting victims for money
Cerber ransomware strain now targeting Office 365 users (SC Magazine) Researchers have discovered a new strain of the Cerber ransomware targeting Office 365 users. The variant, discovered by Trend Micro, is part of a trend of new ransomware that targets victims using cloud platforms
CuteRansomware using Google Docs as a launch platform (SC Magazine) Despite its benign nickname, a new strain of malware called cuteRansomware has been uncovered that uses a Google Doc generated by the cybercriminal to host the decryption key and command-and-control functionality, according to a blog post from Netskope
Ransomware Victims Rarely Pay The Full Ransom Price (Dark Reading) The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds
FireEye on Extortion: To Pay or Not to Pay? (BankInfo Security) Charles Carmakal on how to weigh response to the tough question
IAITAM: Pokémon Go Should Be Banned From Corporate-owned Phones, Tablets, As Well As Personal Phones Linked To Sensitive Business Data (PRNewswire) "Too many questions and too many risks" to allow gaming app to be used in business-related devices
Pokémon Go 'a nightmare' for IT departments (San Francisco Business Times) With Pokémon Go downloaded on millions of phones, some security experts are warning that the game could cause big problems for companies. And it’s not just the distraction factor of employees more focused on catching the digital creatures than doing work
3 Security Measures Before Playing Pokémon Go (Business2Community) Launched in USA on 6 July 2016, Pokémon Go is the new location-based augmented reality mobile game. Even though available in few countries, it is the new latest Internet sensation and according to TechCrunch, it is earning $1.6 million in daily revenue!
Fitness Bands Struggle With Privacy; Leave Data Exposed (Infosecurity Magazine) They may be one of the hottest gadgets around right now, but fitness bands and smartwatches may be a disaster waiting to happen from a security point of view, according to a new report. And considering the personal information held on many of them, the consequences of a breach could be disastrous
The First Cyber Espionage Attacks: How Operation Moonlight Maze made history (Medium) Newly declassified documents shed light on the original cyber cold-case
Security Patches, Mitigations, and Software Updates
Apple Fixes Vulnerabilities Across OS X, iOS, Safari (Threatpost) Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS
Cyber Trends
Failure to Secure: The 2016 State of Privileged Account Management Report (Thycotic) Benchmark global survey shows privileged account management a top security priority but failing in enforcement
Most CISOs and CIOs need better resources to mitigate threats (Help Net Security) Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study
Study: When It Comes to Cybersecurity, IT Is Too Obsessed with Malware (The VAR Guy) The Cyber Weapons Report 2016 details other threats we should be worried about
Ixia: Developers must improve security testing and nab those anomalies (Security Brief AU) Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia
Marketplace
Three Enigmas Facing Indian Banks: Reputation, Regulation and Resources (IBM Security Intelligence) According to professor Francis Amasa Walker’s definition for the function of money, “Money is what money does.” In modern times, especially for Indian banks, the function has changed: The money does what a banker allows it to do
Security in the M&A process: Have you done your technical due diligence? (Help Net Security) Company acquisitions are common in the cyber security market. Whether you are attempting to bolster your strategic position or looking to acquire the best talent, chances are if you’re company is growing, you’ll find yourself on a deal team at some point
Cyber Security: Is It Still The Place To Be For Venture Capitalists? (Market Mogul) People’s lives are tied in with the different online services. Among other things, people work, play and shop online. These are all such activities that people can misuse and take advantage of. In a time where it is possible for someone to access the personal email account of Hillary Clinton herself, it is clear that no one is safe in the online world
Skycure Secures $16.5 Million in Funding to Protect Enterprises from Mobile Threats (Yahoo! Finance) Award-winning mobile threat defense platform proactively protects against malware, network threats, and app/OS vulnerability exploits
Carbon Black Acquires Next-Gen AV Firm Confer (Infosecurity Magazine) Endpoint security firm Carbon Black has today announced its acquisition of Confer, a next-generation antivirus (NGAV) company
Has Palo Alto Networks Inc Stock Finally Hit Bottom? (Motley Fool) The data security upstart’s stock has taken a beating of late, but has the negative sentiment gone too far?
FireEye: The Ruby Or The Rhinestone Of Cybersecurity? (Seeking Alpha) FireEye is is best known as the leader in a cybersecurity space known as Advanced Intrusion Detection. Its shares have been mercilessly volatile and down by 2/3rds in the past year. The company is far away from non-GAAP profitability, and non-GAAP profitability is beyond the horizon. It is undergoing a significant financial transition from sales of on-premise appliances to sales of FireEye services. The company has been rumored to be a merger target. Its current compressed valuation makes such a transaction very feasible and at a significant premium
Gigamon Stock Soars To The Clouds As Analyst Sees Amazon Boost (Investor's Business Daily) Gigamon (GIMO) will get a boost from supporting Amazon Web Services, the cloud computing business of Amazon.com (AMZN), says Needham & Co., which upped its price target on Gigamon stock on Monday
Meet The Cyber Mercenaries Selling Spyware To Governments (Motherboard) On the night of March 5, 2011, at the height of the Egyptian revolution of 2011, a group of pro-democracy protesters stormed and ransacked the office of Egypt’s security service
Fortinet names Fujitsu, Missing Link and CDM as its top partners (CRN) Fortinet has revealed Fujitsu, CDM and The Missing Link Security as its Australian partners of the year
Covington Bulks Up Cybersecurity Practice With Ex-Mandiant Consultant (Law.com) Law firms that are hired to respond to data breaches can face a cultural and technical divide—between the lawyers on one side, and IT staff in the trenches trying to locate and stop the breach on the other
Forcepoint appoints three top executives for cybersecurity strength (Security Brief AU) Forcepoint has announced the appointment of Richard Ford, Krist Lamb and Brian Shirey to chief roles in the company as it hopes to expand its innovation capabilities
Products, Services, and Solutions
IBM Announces Blockchain Cloud Services on LinuxOne Server (Top Tech News) new cloud Relevant Products/Services environment for business-to-business networks announced by IBM last week will allow companies to test performance, privacy, and interoperability of their blockchain ecosystems within a secure environment, the company said. Based on IBM’s LinuxONE, a Linux-only server designed for high-security projects, the new cloud environment will let enterprises test and run blockchain projects that handle private data for their customers
Pulse Workspace certified by Google for use with Android for Work (Marketwired) Boosts mobile application productivity with Android for Work, simplifying secure access, policy enforcement and management for mobile and desktop users
Black Hat Selects Fortinet to Support Networking and Security at the World's Premier Information Security Conference (Yahoo! Finance) the global leader in high-performance cyber security solutions, has been chosen to work alongside Black Hat to provide networking and secutiy solutions and help support the infrastructure serving participants and staff during the 2016 U.S. Black Hat conference. Taking place in Las Vegas, July 30th through August 4th, Black Hat's team will lead a group of experts to build out the sophisticated networks needed to meet the evolving access, performance, and security requirements of the conference
Sophos Mobile Security arrives on iOS! (Sophos) As a security vendor, we’re often asked, “What about Sophos Antivirus for iPhones and iPads?”
Attivo Networks Completes Integration With Palo Alto Networks Firewall to Empower Automatic Blocking of Data Exfiltration (MarketWired) Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today an integration combining the Attivo Networks Deception Platform with the Palo Alto Networks® Next-Generation Firewall. The integration brings together prevention, detection, and incident response capabilities into a solution that can automatically block infected nodes from gaining Internet access and exfiltrating valuable company data
CyberInt Enhances Security Offerings Through Webroot Collective Threat Intelligence (Yahoo! Finance) Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced a partnership with CyberInt, a leader in targeted cyber threat intelligence. CyberInt will integrate Webroot BrightCloud® Threat Intelligence Services in its platform, providing additional predictive intelligence on URLs, IPs, files, and mobile apps for better protection from advanced cyberattacks
FireEye's latest security feature detects and protects from ransomware (Security Brief AU) FireEye have recently detected a cerber ransomware campaign with Exploit Guard, a new feature of FireEye Endpoint Security (HX)
ThreatMetrix Enhances Digital Security Platform (Find Biometrics) ThreatMetrix has announced a new update to its eponymous digital authentication and threat detection platform
SafeBreach Enables Enterprises to Weaponize Threat Intelligence (MarketWired) Integrates leading intelligence from FireEye iSIGHT Intelligence within continuous security validation platform
Radiant Logic Integration with CyberArk Delivers a Federated Identity Service with Enhanced Security and Governance (BusinessWire) Radiant Logic joins CyberArk-led C3 Alliance
Open source hardware cryptographic module offered for $800 (CSO) For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure
Technologies, Techniques, and Standards
Meet the hacker who tries to break Yahoo every day (ZDNet) No matter how strong a company's defenses, the red team should "always win"
How to improve your incident response plan (CSO) Incident response plans are, in many ways, like family relics. These written instructions, which detail how firms should adequately detect, respond and limit the effects of an information security incident, are highly valued by some, and yet all too often left gathering dust in the cupboard. To many, they remain untried and untested for years, and thus most are unfit for purpose when that untimely data breach becomes reality
Research and Development
Galois snags $6M DARPA contract to halt sophisticated cyberthreats (FedScoop) Under the contract, Galois will create ADAPT, a complex project that will detect attacks from elite-level hacking groups
Legislation, Policy, and Regulation
What Pokémon, Japanese Schoolgirl Punks, and Cocaine Have in Common (Foreign Policy) There wouldn’t be Pikachu without kawaii, Japan’s highly addictive cult of cuteness
What defines an armed cyberattack? It depends (C4ISRNET) The cyber domain, while declared an operational domain of warfare, has blurred the traditional lines established in the physical world. Lawmakers and policymakers have sought to address what cyber redlines are and what cyber acts of war merit a response within international law and self-defense
Strategic Competence Has Moral Dimension (Association of the United States Army) Every soldier and leader knows that moral principles govern our behavior in war. In combat, we are responsible for attending to the difference between combatants and noncombatants, using proportional force even in the pursuit of legitimate targets and objectives, providing due care to the innocent even if doing so requires risk to ourselves, and assuring that we limit collateral damage as much as possible. Application in combat is part of our tactical competence
Pre-Snowden Whistleblower Explains How NSA Got 'Unleashed' To Spy On Everyone (Motherboard) Thomas Drake was a 48-year-old decorated Air Force and Navy veteran, and a senior executive at the National Security Agency, the NSA, when he decided he had to speak up against what he considered the spy agency’s abuses
Update on ARCYBER’s HQ move (C4ISRNET) Army Cyber Command and Second Army are working to transition headquarters from Fort Belvoir, Virginia, to Fort Gordon, Georgia. The move is expected to happen in fiscal year 2020
Litigation, Investigation, and Law Enforcement
Bulk data collection only lawful for fighting serious crime, says Europe’s top court (TechCrunch) The European Court of Justice has issued a preliminary ruling on a data retention case brought by UK MPs and privacy rights groups seeking to challenge the government’s data retention regime under DRIPA
Governments Ramp Up User Data Requests to Google (Infosecurity Magazine) Google handed over data on users to the authorities in nearly two-thirds of cases in the second half of 2015, according to its latest Transparency Report
New York Times sues for Defense Secretary Ash Carter's emails (Politico) Attorneys for The New York Times and the Justice Department are due in federal court Tuesday as part of a lawsuit seeking to force the Pentagon to release full copies of more than a thousand pages of work-related emails Defense Secretary Ash Carter sent and received from his personal account
The FBI is using outdated IT to foil FOIA requests, lawsuit alleges (CSO) Its searches for documents often fail 'by design,' an MIT researcher says
Could Donald Trump Block Hillary Clinton's Campaign From Visiting His Website Via The CFAA? (Tech Dirt) From the who-the-hell-knows dept. In the past few weeks, we've written about two troubling rulings in the 9th Circuit appeals court concerning the CFAA, the Computer Fraud and Abuse Act
Former Cardinals exec sentenced to prison for hacking Astros (Chicago Tribune) A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs
Army Will Hold Off On DCGS-A Award As Palantir Lawsuit Plays Out (Defense News) The US Army has provided notice to the US Court of Federal Claims that it will not make a contract award for the next version of its intelligence analysis software suite before Sept. 1, as a lawsuit against the service plays out in court
How Protesters at the RNC Can Protect Themselves From Digital Surveillance (Slate) Activists at the political conventions should prepare themselves and their cellphones
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CANCELLED: Insider Threat Program Development Training (Cleveland, Ohio, USA, Aug 22 - 23, 2016) This event has been cancelled.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
Upcoming Events
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
SANS Boston 2016 (Boston, Massachusetts, USA , Aug 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.
Secure Bermuda 2016 (Bermuda, Aug 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.