The CyberWire Daily Briefing 07.22.16

Summary

By The CyberWire Staff

Observers continue to sift through the hacked AKP emails as the Turkish government firmly re-establishes control over the country. The Pastebin dump is accompanied by the hacker’s explanation of his motives—most agree that Phineas Phisher is indeed behind the hack.

Flashpoint has released a report detailing the technical toolkits being used online by jihadists adhering to ISIS and its competitors. While the study acknowledges that ISIS has expansive aspirations to extensive cyber-attack capabilities, the jihadists’ core requirement is “consistent channels through which they can release propaganda.” Flashpoint sees their technologies falling into these categories: secure browsers, virtual private networks and proxy services, protected email services, mobile security applications, encrypted messengers, and mobile propaganda applications.

Ransomware and distributed denial-of-service have been the principal trends in cybercrime this year, and an Akamai study of the second suggests that criminals may be preparing long-duration campaigns. Technicians who can help enterprises mitigate DDoS attacks are in high demand.

The US Library of Congress acknowledged that it sustained a DDoS attack that began Sunday. The attack has been contained and is now under investigation. Turk Hack Team claimed responsibility on a message board, but that attribution is unconfirmed.

Google has patched forty-eight bugs in Chrome, one of them a serious sandbox escape vulnerability.

The Tor Project has turned its attentions to ways of keeping smart homes effectively anonymous.

Both the Wassenaar cyber arms control regime and the Digital Millennium Copyright Act (DCMA) remain unpopular among those who see them as inimical to security research.

Notes.

Today's issue includes events affecting Estonia, France, Iraq, Poland, Russia, Syria, Turkey, Ukraine, United Kingdom, and United States.

A note to our readers: We're in Detroit today for the inaugural Billington Global Automotive Cybersecurity Summit. Watch for live-tweets from the event, and a full report published here next week. In addition to the early news noted in this issue, you can find a preview of some of the conference's themes in this interview with Booz Allen Hamilton's Jon Allen.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about a court ruling on the Constitutionality of Stingrays (the ruling found them unconstitutional). We also will speak to our guest, attorney Tom Coale, on security clearances. (If you enjoy the podcast, please consider giving it an iTunes review.)

We also invite risk professionals to listen to the CyberWire's Special Edition Podcast, "Quantifying Cyber Risk." Experts in the security and insurance sectors discuss quantifying cyber risk: how you do it, what you do with the numbers once you've got them, and why it all matters.

Selected Reading

Cyber Trends

A new way to view cybersecurity: Moving to cyber-enabled threats (Security Info Watch) Five years ago cyber-related issues weren’t on the minds of many people. Now, concern over cyber issues is at an all-time high, but that attention has given us somewhat tunnel vision on what cybersecurity really is, and the risk it presents

Cybersecurity Study Shows Corporate Data Vulnerabilities (Law.com) Kilpatrick Townsend & Stockton and the Ponemon Institute jointly released a study this week pointing to the vulnerability of many companies’ knowledge assets

Three Quarters of US Firms Have Failed to Detect Breach – Report (Infosecurity Magazine) Nearly two-thirds (60%) of US firms believe some of their data is now in the hands of a competitor because of a breach, according to a new study from Ponemon Institute

Legislation, Policy and Regulation

Wassenaar Arrangement 'inhibits international cyber-security efforts' (SC Magazine) The Wassenaar Arrangement controlling the sale of technology and software which could be used as weapons is threatening the choke the cyber-security industry, according to a consortium of cyber-security companies

U.S. Government Program to Wipe Out Hackers Could Become Their Prime Target (SIGNAL) Now that the federal government is collecting cyberthreat intelligence from agencies and private businesses, the repository undoubtedly will be a prime target by the very threat the program seeks to wipe out

If Trump Wants to Make Cyber Great Again, He Needs to Do His Homework (Foreign Policy) When Donald Trump discusses cyberspace, it’s with the assured belligerence of a man who appears to know very little about it

Dateline

New Automotive Cybersecurity Summit (Billington Cybersecurity) U.S. Secretary of Transportation Anthony Foxx and the CEO of GM to speak

Auto cybersecurity conference in focus (Seeking Alpha) The Billington Automotive Cybersecurity Summit kicks off today in Detroit, where industry executives and government officials will discuss rising auto cyber concerns and hacking

Billington Automotive Cybersecurity Summit to Focus on Cyber Best Practices for Connected and Autonomous Vehicles (PRNewswire) Automakers, who have historically been fiercely competitive, have a common goal when it comes to cybersecurity. The goal: work collaboratively to share information about cyber threats and develop best cybersecurity practices

Auto Industry Publishes Its First Set Of Cybersecurity Best Practices (Forbes) The past 18 months have brought a sea change in the automotive industry’s attitude toward cybersecurity. What was generally considered a non-issue as recently as early 2014 has suddenly become one of the most important issues to deal with and most of the industry is now collaborating to keep black hat hackers at bay. The latest evidence of this newfound concern is the publication of the first set of cybersecurity best practices by the Automotive Information Sharing and Analysis Center (Auto-ISAC)

Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity (Dark Reading) Goal is to provide car manufactures with guidelines for protecting modern vehicles against emerging cyber threats

Automotive Cybersecurity Best Practices (Auto-ISAC) As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry. The Proactive Safety Principles released in January 2016 demonstrate the automotive industry’s commitment to collaboratively enhance the safety of the traveling public. The objective of the fourth Principle, “Enhance Automotive Cybersecurity,” is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of best practices to secure the motor vehicle ecosystem

NHTSA and Vehicle Cybersecurity (National Highway Traffic Safety Administration) In 2013, 32,719 people died on the Nation's roadways. Sadly, NHTSA estimates 94 percent of highway crashes are a result of human error. Today's electronics, sensors, and computing power enable the deployment of safety technologies, such as forward-collision warning, automatic-emergency braking, and vehicle-to-vehicle technologies, which can keep drivers from crashing in the first place. Given the potential of these innovations, NHTSA is looking at all of our tools, as well as exploring new ones, that can be used to deploy these technologies in safe and effective ways, taking steps to address the new challenges they pose — particularly with respect to cybersecurity

Lohrmann Presents at Billington Automotive Cybersecurity Summit (Video) (American Security Today) Security Mentor, a pioneer of innovative security awareness training that drives real behavior change, today announced that Chief Strategist and Chief Security Officer Dan Lohrmann will be speaking at the inaugural Billington Global Automotive Cybersecurity Summit, which will be held on July 22, 2016, at the Cobo Center in Detroit, Michigan

Products, Services, and Solutions

SecurityScorecard Secures Multiple Security And Technology Patents; Solidifies Presence As Leader In Security Ratings (Sys-Con Media) Leading security cloud provider secures five patents across security benchmarking and scoring, entity IP mapping, graphical user interface, and other categories

Israeli cyber security startup illusive networks takes on ransomware with new package of deceptions (Geektime) Illusive networks, one of Israel’s most talked about cyber security startups, announced that they are releasing a new set of tools to limit ransomware’s damage

Supercomputers power cyber-as-a-service offering (FedScoop) Analytics in near real-time offer an "attacker's eye view" of a network

Leading Provider of Cybersecurity for Industrial Control Systems, NexDefense, Launches Sophia™ 3.1 (PR Rocket) To combat threats to critical infrastructure, NexDefense updates its award-winning ICS network security monitoring & anomaly detection software with greater ICS protocol support, security dashboard & enhanced visualization

Bulgari and WISeKey Partner to Create Secure Storage App (LowCards) As wearable devices increase in popularity, they face a growing number of hacks. Bulgari and WISeKey announced a partnership hoping to change that trend by teaming up to create the BVLGARI Vault, a mobile app that secures personal data, such as various codes, credit card information, documents and scanned signatures. The app also provides secure message sending

ForgeRock releases new identity management solution (Biometric Update) ForgeRock has released the latest edition of the ForgeRock identity platform, which features advanced new capabilities that will enable organizations to facilitate highly secure, frictionless user experiences using push authentication

Qualys Joins Forces With Microsoft to Deliver Continuous Security and Compliance Visibility Through Azure Security Center (MarketWired) Native integration of Qualys Cloud Agent streamlines security assessment across Azure virtual machines running Windows

Williams leads Formula One with Thales cybersecurity solutions (Security News Desk) Thales, leader in critical information systems, cybersecurity and data protection, and Williams (ETR WGF1), a leading Formula One team and advanced engineering company have entered into a new technical partnership

Microsoft and IBM Set Sights on the Next Cloud Frontier: Blockchain-as-a-Service (PC Magazine) IBM Blockchain and Microsoft Blockchain-as-a-Service (BaaS) are carving out and fighting for control over a new enterprise market of cloud-based blockchain infrastructure

Sqrrl Delivers the First Threat Hunting Solution for HPE Security ArcSight (Globe Newswire) Sqrrl announces partnership with HPE to fully integrate its threat hunting platform with the HPE ArcSight SIEM. This is the first threat hunting solution for HPE ArcSight and enables HPE ArcSight customers to take a more proactive approach to threat detection

Azure Security Center Raises The Bar For Security (Forbes) In December of 2015 Microsoft MSFT -0.26% released a preview of Azure Security Center—a platform designed to merge Microsoft security research with insights into global threats to give customers the tools to defend against emerging threats. Today, Microsoft announced the general availability of Azure Security Center for enterprise customers

Fireglass Integrates Isolation Platform with Check Point Next-Gen Firewalls and SandBlast to Eliminate Malware, Phishing and Other Advanced Threats (Yahoo! Finance) Fireglass, the leader in web isolation, and Check Point Software Technologies Ltd. (CHKP), today announced a new partnership that enables organizations to protect their users from advanced threats by completely eliminating attack vectors including browsers, emails and documents

Technologies, Techniques, and Standards

Now You Can Hide Your Smart Home on the Darknet (Wired) The privacy software Tor has aided everything from drug dealing marketplaces to whistleblowing websites in evading surveillance on the darknet. Now that same software can be applied to a far more personal form of security: keeping hackers out of your toaster

Why IT Service Desk Should be your First Line of Defence (Infosecurity Magazine) Technology is evolving at a stellar pace, and the frequency, size and level of sophistication of cyber-crime is evolving alongside it. AV Test, an Independent IT-Security Institute, claims that 390,000 pieces of new malware are found every day, that’s over 270 per minute

Upgrading Security: Setting the Right Priorities (BankInfoSecurity) While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black, which specializes in endpoint security

Take care when computing on the road (Des Moines Register) I just spent a week traveling and was reminded of the issues you can run into using your computer at a coffee shop, airport or hotel

Opinion: How to talk digital privacy with kids (Christian Science Monitor Passcode) It may not be possible without eliciting moans and eye rolls. But the digital privacy talk is essential in an era when technology is so intimately intertwined with childhood

Marketplace

Proofpoint soars after raising guidance, beating on earnings (MarketWatch) Proofpoint Inc. PFPT, -4.35% beat earnings expectations in a report Thursday and increased its expectations for the year, leading to a big after-hours spike for the company's stock. The security-software company reported a loss of $38.3 million, or 92 cents a share, on sales of $89.9 million in the second quarter; after adjusting for stock-based compensation and an extremely long list of other factors, the company claimed a profit of 6 cents a share

3 Reasons Imperva Inc. Stock Could Rise (Motley Fool) There are a few reasons this out-of-favor cybersecurity stock could bounce back in the near future, but they don't necessarily make it a buy

Carbon Black aims to be leader in end-point security with Confer buy (CRN) End-point security vendor completes fourth acquisition in two and a half years

SoftBank Embraces Smart Robots, Emotional Cars (Wall Street Journal) CEO Masayoshi Son focuses on artificial intelligence; can vehicles learn to love?

MoD upgrades cryptography in comsec deal (UK Authority) Contract maintains role of CGI Group in cyber and crypto management for UK defence

Cloud24x7 appoints new Vice President of Americas (Open PR) Cloud24x7, a cyber security services start-up has announced that it has roped in former Cyberoam North American channel & enterprise business VP Jacob Thankachen to head the organization’s expansion in the Americas region. A seasoned channel veteran with a strong sales background, Thankachen brings deep expertise in streamlining sales operations, developing new business and recruiting strategic channel partners

Pwnie Express Appoints Artur Adib as Chief Technology Officer (Yahoo! Finance) Pwnie Express, the leading provider of device threat detection for wired, wireless and IoT devices, today announced the appointment of Artur Adib as Chief Technology Officer. Adib will be responsible for shaping and delivering the technology roadmap for Pwnie Express and will report to CEO Paul Paget

Security Patches, Mitigations, and Software Updates

Google Fixes 48 Bugs, Sandbox Escape, in Chrome (Threatpost) Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox

Dell patches critical flaws in SonicWALL Global Management System (CSO) The flaws allow unauthenticated attackers to take full control of management systems

Motorola confirms Moto Z and Z Force will get security updates (GSM Arena) This morning, media outlets all over the world report about the Moto Z and Moto Z Force for the first time since the embargo lifted. One such site speculated that Motorola’s update policy has changed since Lenovo’s acquisition and will not offer regular security patch updates, leaving the Moto Z susceptible to known vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

Hacking Team Hacker Behind WikiLeaks Turkey AKP Emails Dump (Softpedia) Phineas Fisher behind this politically charged hack as well

[AKP email posting] (Pastebin (h/t Terbium Labs)) I hacked AKP (the ruling party in Turkey) because I support the society people are trying to build in Rojava and Bakur [1], and they're being attacked by Turkey [2][3][4]. I don't see leaking as an end in itself, so I was talking with people in Rojava and Bakur to see how best to use the access I'd gotten

Flashpoint's New Research Illuminates Jihadists' Digital Toolbox (Newschannel 10) Researchers identify 36 technologies that facilitate the online operations of radical jihadist groups

Tech for Jihad: Dissecting Jihadists’ Digital Toolbox (Flashpoint) Over the past two years, the media has tended to sensationalize jihadists’ rapid adoption and strategic use of social media. Despite perpetual news coverage on the issue, the general public remains relatively uninformed about the complex ways in which many jihadists maintain robust yet secretive online presences

Library of Congress fights off massive cyberattack (Fox News) The Library of Congress has fought off a massive cyberattack, officials confirmed Wednesday

Avast Software: Amidst Charged Cyber Security Dialogue, Republican National Convention Attendees Show Negligent Behavior (BusinessWire) More than 1,200 of RNC attendees unknowingly connect to Avast’s bogus Wi-Fi hotspot outside the Republican National Convention

Latest massive DDoS attack suggests criminals are plotting long campaigns (Computerworld) Behind the scenes, DDoS attacks are still evolving. What, if anything, does it all mean?

Analysis of WiFi-enabled ISP modems (SEARCH-LAB) SEARCH-LAB Ltd evaluated five home gateway models, all of them are used by many internet service providers worldwide, but the actual devices have been operated by one of the Hungarian Cable TV operators, UPC Magyarország(https://www.upc.hu/). The analysis was executed on commercially available devices and publicly accessible firmware images, obtained from the ISP’s network automatic firmware update mechanism

They Might Be Smart, But These Contracts Need to Be More Secure (American Banker) The DAO was supposed to be the first major smart contract project. It cratered after someone exploited a flaw in the code controlling the funds. Investors were partially bailed out Wednesday by a hard fork, or reversal of transactions, on the Ethereum blockchain

Why Ethereum Succeeded Where Bitcoin Failed (Motherboard) Imagine that tomorrow you wake up and discover that you’ve been taken for all you’re worth by an anonymous hacker. The thief has managed to steal everything that belonged to you and a good deal of others—$56 million worth of a new virtual currency that you’ve invested in, to be exact. You have a month to decide what to do

Tinder Spammers in ‘Verified Profile’ Scam (Infosecurity Magazine) Security experts are warning of a new scam on Tinder designed to lure users onto sites in the name of online safety, where they’re tricked into handing over their credit card details

Victims of Tinder safe dating scam can lose a lot of money (Help Net Security) Users of Tinder, the massively popular location-based dating app, are being targeted with a clever scam that may make them lose over a $100 per month

The Rise of Cyber-Crime as a Service (CIO Insight) This year began with explosive growth in ransomware domains, according to a DNS threat index, driving an all-time high in new malicious domains. The threat index, which measures the creation of malicious DNSs including malware, exploit kits, phishing and other threats, was created by Infoblox, the network control solutions provider. "There has been a seismic shift in the ransomware threat, expanding from a few actors pulling off limited, smaller-dollar heists targeting consumers to industrial-scale, big-money attacks on all sizes and manner of organizations, including major enterprises," said Rod Rasmussen, vice president of cyber-security at Infoblox

The Brazilian Malware Landscape: A Dime a Dozen and Going Strong (IBM Security Intelligence) Cybercrime is undoubtedly one of Brazil’s greatest challenges. Unlike other parts of the world, Brazil is targeted mostly by local criminals

Utilities look back to the future for hands-on cyberdefense (E&E News) The aftermath of the cyberattack in Ukraine on Dec. 23, 2015, produced two unexpected lessons that U.S. grid operators have started to take to heart

Academia

Fundamentals of Cybersecurity: Graduate-level certificate offered to US Army engineers at APG (UDaily) Employees of the U.S. Army’s Communications-Electronics Research, Development and Engineering Center (CERDEC) now have the opportunity to gain a solid grounding in the fundamentals of cybersecurity, thanks to a graduate-level certificate offered by the University of Delaware

Oakland University offers cybersecurity degree (Crain's Detroit) Oakland University is offering a new cybersecurity program to graduate students that could also prove to be an asset for the auto industry and other businesses

Litigation, Investigation, and Enforcement

EFF sues US government on how DMCA threatens security research (SlashGear) The Digital Millennium Copyright Act or DMCA has been one of the most debated laws affecting the tech industry. While the intention to protecty copyright in this modern age is commendable, the DMCA has often been waved around by giant companies, like record labels, as a threat to those who make even the slightest error in using, say, music in a YouTube video. That law happens to also impose restrictions in security research, which digital rights advocate Electronic Frontier Foundation or EFF is now challenging by suing the US government

Microsoft given 3 months to fix Windows 10 security and privacy (Naked Security) France’s privacy watchdog has declared that Windows 10 is gobbling up too much data and snooping on users’ browsing without their consent

Security industry welcomes cyber crime’s inclusion in official stats (ComputerWeekly) The security industry welcomes the inclusion of cyber crime statistic in official crime reports to highlight the size and nature of the threat

FBI needs to beef-up high-tech cyber threat evaluations says DoJ Inspector General (Network World) New FBI software that uses a weighted algorithm to prioritize cyber threats based on specific data could help

Alleged Kickass Torrent Founder Arrested, Site Goes Offline (Infosecurity Magazine) The alleged founder and owner of Kickass Torrents, one of the biggest piracy sites on the web, has been arrested in Poland

How Apple and Facebook Helped US to Arrest Kickass Torrents’ Owner (Hack Read) Kickass Torrents’ owner Artem Vaulin has been arrested but the way Apple, Facebook and Coinbase helped the US authorities to track Vaulin back to Europe sounds like some script from a James Bond movie

SeaWorld hacker and bomb hoaxer escapes prison sentence (Naked Security) Ah, to be young and more-or-less forgiven

Design and Innovation

We’re Not Just Fact-Checking Mr. Robot—We’re Hack-Checking It (Wired) Sam Esmail, the creator/writer/director of Mr. Robot, promised that the second season of his hit show would get dark fast. He wasn’t kidding

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

AKP email dump. Jihadists' technical toolkit. DDoS campaigns growing more protracted. Google patches Chrome. Tor for smart homes. Wassenaar, DCMA seen as threats to security research.