The CyberWire Daily Briefing 08.03.16

Summary

By The CyberWire Staff

An ISIS leader imprisoned in Germany offers some jailhouse insight into how the terrorist group mixes inspiration with command-and-control. The traditional C2 and operational planning is largely provided by a unit called “Emni,” which recruits, vets, and delivers fighters across an international ratline. Control remains relatively loose, but the general direction seems sufficient to meet ISIS requirements. Emni is likely to grow in importance as ISIS loses ground in its core territories.

Citizen Lab continues its description of state surveillance tools deployed in cyberspace. Part of the growth in this sector is explained by rising Islamist terrorism. Foreign Affairs notes a European reassessment of NSA—upward—as that threat rises.

Three more leaders of the US Democratic National Committee have resigned over the emails published recently by WikiLeaks. Security firms have begun explaining the use of sockpuppets, fronts, and other tools by Russia in the cause of plausible deniability. Concern over disruption of this year’s US elections grows.

Yahoo is investigating the claims by “Peace” that he’s offering a large trove of Yahoo credentials—200,000,000 of them—on the black market.

University of Michigan researchers add to worries about automotive cyber vulnerabilities. They promise a proof-of-concept hack against the brakes and accelerator of an 18-wheeler next week.

In crime news, media outlets are warned of a coming wave of denial-of-service attacks. And the ransomware black market appears to have matured. US county governments in California and Iowa are among the more recent victims.

Google improves Android warnings of suspicious activity.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Argentina, Austria, Bangladesh, China, Czech Republic, Ethiopia, Germany, Indonesia, Iran, Iraq, Italy, Lebanon, Malaysia, Peru, Russia, Singapore, Spain, Sudan, Syria, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, and United States.

A note to our readers: We're at Black Hat this week, talking to people and keeping our ears open, as usual. You'll see coverage in our daily briefings, and you'll hear updates in our podcasts.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast our partners at the Johns Hopkins University are represented by Joe Carrigan, who's got the skinny on some important Android updates. And we'll also hear from Tripwire's Dwayne Melancon about the risk of highly targeted spearphishing attacks. (And should you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

CyberTexas Job Fair (San Antonio, TX, USA, August 23, 2016) Top companies looking for cybersecurity professionals, cleared or non-cleared career opportunities.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

We Asked Hackers To Predict The Future of Hacking (Motherboard) As our lives become ever more digitized, the security of our data will become ever more important to protect

Awareness Improving But Security Still Lags For SAP Implementations (Dark Reading) SAP ecosystem a huge Achilles heel for enterprise system security, report says

Legislation, Policy and Regulation

What Europe Got Wrong About the NSA (Foreign Affairs) And why terrorism might change its mind about spying

Turks Can Agree on One Thing: U.S. Was Behind Failed Coup (New York Times) A Turkish newspaper reported that an American academic and former State Department official had helped orchestrate a violent conspiracy to topple the Turkish government from a fancy hotel on an island in the Sea of Marmara, near Istanbul. The same newspaper, in a front-page headline, flat-out said the United States had tried to assassinate President Recep Tayyip Erdogan on the night of the failed coup

Turkey's Erdogan Blasts Foreign Countries Over Coup Reaction (AP via ABC News) Turkish President Recep Tayyip Erdogan once more blasted unnamed Western countries Tuesday for what he said was support for the attempted coup on July 15 that left more than 270 people dead

Obama Says Alleged Russian Hack Wouldn't Change Relations (Radio Free Europe/Radio Liberty) U.S. President Barack Obama said the alleged Russian hack of Democratic Party computers, if confirmed, would not dramatically change already troubled relations between the two countries

What DoD, IC can teach OPM on hiring cyber pros (C4ISRNET) Beth Cobert, acting director of the Office of Personnel Management, seemed a bit out of place on the agenda for the 2016 DoD Intelligence Information Systems (DoDIIS) conference, a gathering of mostly Department of Defense and intelligence community officials

Singapore, US ink MOU on cybersecurity (Channel News Asia) The United States and Singapore on Tuesday (Aug 2) signed a cybersecurity Memorandum of Understanding (MOU) to formalise their commitment to work together in building a secure and resilient cyberspace through cybersecurity cooperation

Dateline

Welcome to Black Hat USA 2016 (Black Hat) Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4)

Going to Black Hat? You don’t want to miss the Arsenal! (Help Net Security) Every August, more than 10,000 information security professionals from all over the world converge in Las Vegas to attend Black Hat USA. The event features innovative research, in-depth trainings, and a few special events

Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters (Dark Reading) Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends

Threatpost Black Hat Preview, August 2, 2016 (Thnreatpost) Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more

Black Hat: Be wary of HTTP/2 on Web servers (CSO) Imperva researchers found four flaws in how the Web protocol was implemented on popular servers

Unmasking xDedic’s Black Market for Servers and PCs (Threatpost) Black market machine trading of PC and server resources is maturing at alarming speeds. Underground networks such as xDedic have fine-tuned their compute platform to the point where they are almost indistinguishable to legitimate networks such as Amazon Web Services and Rackspace

Black Hat: Kaspersky is seeking white hats (CSO) The security vendor has started up a bug-bounty program

Kudelski Security Expands Into U.S. Market To Address Unmet Demand For Advanced Cybersecurity Solutions (The Street) Swiss cybersecurity leader brings unmatched history of innovation, deep engineering expertise and a new solutions perspective to help defend against advanced threats, ongoing attacks

Kudelski Security Names Andrew Howard Chief Technology Officer (Sys-Con Media) Former director of Cyber Technology and Information Security Lab at Georgia Tech joins growing leadership team to expand global capabilities and drive new security innovation

Security testing platform for app-aware infrastructures (Help Net Security) At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios

Endace Branch Office Network Recorders for Securing the Network Edge Debut at Black Hat (PRNewswire) Endace demonstrates how network-wide monitoring and recording delivers greater visibility to security tools and speeds breach investigation

Bug Hunting Cyber Bots Set to Square Off at DEF CON (Threatpost) A government project in the works since 2013 is set to conclude Thursday at DEF CON when DARPA’s Cyber Grand Challenge culminates with a competition it’s calling the CGC Final Event

Frequent password changes are the enemy of security, FTC technologist says Contrary to what you've been told, frequent changes can be counterproductive (Ars Technica) Shortly after Carnegie Mellon University professor Lorrie Cranor became chief technologist at the Federal Trade Commission in January, she was surprised by an official agency tweet that echoed some oft-repeated security advice. It read: "Encourage your loved ones to change passwords often, making them long, strong, and unique." Cranor wasted no time challenging it

Products, Services, and Solutions

FireEye admits filtering out legitimate emails in sniffer snafu (Register) Benign messages frogmarched into quarantine

CrowdStrike Expands Endpoint Prevention and Visibility Capabilities as Part of Falcon Platform Summer Release (BusinessWire) CrowdStrike Falcon achieves top score for antivirus certification

IBM Unleashes X-Force Red (Infosecurity Magazine) IBM Security has formed an elite team of security professionals and ethical hackers, dubbed IBM X-Force Red

NSA certifies Raytheon encryption (C4ISRNET) The NSA has certified Raytheon's KG-350 Ethernet encryption system for networks

Anyone (with $3,000) can now buy Microsoft HoloLens (The Verge) Microsoft is opening up sales of its HoloLens augmented reality headset. In a blog post today, project head Alex Kipman said that all "developers and business customers" in the US and Canada can now order up to five HoloLens development kits apiece, instead of going through an application process. It’s taking orders through the HoloLens website, requiring only a Microsoft account — and, of course, $3,000 per headset

Fortinet Security Fabric Earns 100% Detection Scores Across Several Attack Vectors in NSS Labs’ Latest Breach Detection Group Test (Engineering News) Fortinet demonstrates superior breach detection and performance; earns two recommended ratings for cloud and appliance advanced threat protection solutions

Sophos Announces Beta Release of Sophos Intercept -- Next-Generation Endpoint Technology to Boost Protection Against Unknown Exploits (MarketWired) Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced the availability of a beta program for Sophos Intercept, the next generation of advanced endpoint protection in the company's broad portfolio of security solutions

Druva Unveils New Technology Integration With Palo Alto Networks to Extend Visibility and Security for Joint Customers (MarketWired) Druva, the leader in converged data protection, today announced a technological integration with the Palo Alto Networks® Next-Generation Firewall. The integration allows joint customers to use Druva inSync and Phoenix with Palo Alto Networks firewalls to enhance visibility, increase security and shape traffic for inSync and Phoenix in their networks

PhishMe Expands Availability of Phishing Incident Response Solution with Cloud and Managed Deployments (BusinessWire) PhishMe Triage is now more easily deployed to meet the needs of organizations of all sizes

Eastwind Networks and CyberSponse Team Up to Increase Security Efficiencies (BusinessWire) Partnership will automate incident response, mitigation actions and cyber specific workflow

Check Point Receives Second Consecutive 'Recommended' Rating From NSS Labs for Breach Detection Systems (Sys-Con Media) SandBlast zero-day protection technology continues the company's threat prevention leadership

Technologies, Techniques, and Standards

The Motherboard Guide to Not Getting Hacked (Motherboard) The internet can sometimes be a scary place, where hackers steal hundreds of millions of passwords in one swoop, or cause large-scale blackouts. The future is probably not going to get better, with real-life disasters caused by internet-connected stuff, smart house robots that could kill you, flying hacker laptops, and the dangers of hackers getting your genetic data

To stop ransomware, opt for app graylisting and admin rights removal (Help Net Security) CyberArk Labs tested over 23,000 ransomware samples from more than 30 prevalent malware families, including Cryptolocker, Petya and Locky, in order to better understand common infection, encryption and removal characteristics, and identify potential strategies for mitigating the impact of ransomware attacks on enterprises

5 Email Security Tips to Combat Macro-Enabled Ransomware (Dark Reading) Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can

Automated Cybersecurity Tools Can Aid Agencies Facing a Talent Gap (FedTech) Automating IT security functions can help agencies overcome staffing shortages while they bulk up their cybersecurity workforces

Famed hacker creates new ratings system for software (Agence France-Presse) A famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes is now going after the computer software industry, whose standard practices all but guarantee that most products will be vulnerable to cyber attacks

Marketplace

A case for reviewing cyber coverage at the onset of M&A activity (Property and Casualty 360) Merger and acquisition (M&A) activity hit an all-time high in 2015. Simultaneously, awareness of cyber-related risks and the ability to transfer those risks through cyber insurance also increased

Deloitte acquires Vancouver cyber-security firm (Business Vancouver) Purchase of Integrity-Paahi Solutions is firm's 18th transaction in sector

Booz Allen Hamilton: Why This Under-the-Radar Stock Demands Your Attention Today (The Street) You may not have heard of this management firm in an investment context, but that doesn't mean its profit potential isn't legendary

CyberX Raises $9 Million In Funding For Industrial Cyber Protection (Defense Daily) CyberX, a provider of cybersecurity for industrial Internet of Things (IIoT), completed a $9 million funding round, the company said Tuesday.The funding round was led by Flint Capital and also included existing investors Glilot Capital Partners, Swarth Group, GlenRock

Distill Networks Raises $21 Million to Boost Security Efforts (Channel Partners) Distil Networks, Inc., the global leader in bot detection and mitigation, today announced that it has closed $21 million in Series C financing. The funding included participation from Silicon Valley Bank and existing venture investors Bessemer Venture Partners, Foundry Group, and TechStars. The new round brings Distil’s total funding to $65 million to date. The company plans to use the investment to bolster global marketing and sales efforts, strengthen core offerings, and double the current workforce over the next 12-18 months

Research and Development

RetroScope opens doors to the past in smart phone investigations (Purdue University News) Purdue University researchers are working on a new technique that could aid law enforcement in gathering data from smart phones when investigating crimes

UTSA pair working with feds to sniff out next Snowden (San Antonio Express-News) In the 2002 movie Minority Report, Tom Cruise plays a cop in the “precrime” unit of the D.C. police department who uses psychic precognition to arrest people before they actually commit a crime

Encryption's quantum leap: The race to stop the hackers of tomorrow (ZDNet) Quantum computers could tear through the encryption used today, so researchers are looking at building new quantum-proof cryptography

Security Patches, Mitigations, and Software Updates

Microsoft tightens up Windows 10 security with kernel mode drivers (IT Pro Portal) Windows 10 will not load unsigned kernel mode drivers, starting with version 1607 of the operating system. This is something that had been announced back in 2015, but is only just being implemented

Microsoft Updating Windows To Kill Off Its Journal Application (Redmond Magazine) Microsoft wants its Windows Journal note-taking app gone because it's considered to be a security risk

Android users to be warned of suspect Google account activity in real-time (Help Net Security) Android users will soon enjoy an additional security layer that will allow them to quickly discover that their Google account might have been compromised

Cyber Attacks, Threats, and Vulnerabilities

How a Secretive Branch of ISIS Built a Global Network of Killers (New York Times) A jailhouse interview with a German man who joined the Islamic State reveals the workings of a unit whose lieutenants are empowered to plan attacks around the world

Hack Brief: Hackers Breach the Ultra-Secure Messaging App Telegram in Iran (Wired) You're trying to protect yourself from the hacks and data breaches that make headlines every week. Great! Maybe you even switched to an encrypted messaging service that specifically touts its strong data protections. Smart! Or was it? In today’s security climate, apparently no good deed goes unpunished. Reuters reported today that more than a dozen Iranian Telegram accounts, the messaging app “with a focus on security,” have been compromised in the last year thanks to an SMS text message vulnerability

How foreign governments spy using PowerPoint and Twitter (Washington Post) It's not just the DNC. Activists all over the world are hacked, and the results are deadly

Blackout: Thailand's Cyber Wars (VICE News) In BLACKOUT, a series made possible by Jigsaw, VICE News takes viewers across the globe, from Pakistan to Belarus, to examine technology's role in the ongoing fight for free expression. Watch the rest of the series here

Q&A: Investigating the DNC hack (IT Pro Portal) Following uncertainty around who was responsible for the compromise of the Democratic National Committee’s (DNC) servers in the US – which was first blamed on the Russian Government and then claimed by an individual named Guccifer 2.0 – Fidelis Cybersecurity was approached by personnel handling the investigation for the DNC to undertake an independent investigation in order to provide its perspective on the intrusion

How the Kremlin is sure to keep its fingerprints off any cyberattack (Washington Post) It has become something of a ritual over the past decade. Revelations of a cyberattack against a geopolitical foe of Russia, accusations from Western leaders, and then the inevitable Kremlin response: “Prove it”

Bambenek: It was the Russians (News-Gazette) As Russian officials continued to deny any links to the hacking of Democratic Party e-mails, a Champaign cyber-security expert involved in the investigation says it’s almost certain the trail leads back to Moscow

Email fallout: 3 Democratic National Committee resignations (AP) The chief executive of the Democratic National Committee and two other top officials have resigned in the wake of an email hack that embarrassed the party on the eve of its presidential nominating convention

FBI took months to warn Democrats of suspected Russian role in hack: sources (Reuters) The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters

How Hackers Could Destroy Election Day (Daily Beast) Donald Trump is already warning that the election’s going to be ‘rigged.’ Maybe, maybe not. But hacking the vote—and throwing the country into chaos—is terrifyingly simple

NSA Director Rogers On DNC Hacking, Cyberwarfare And ISIS (WUUM NPR News) When it comes to warfare - the weapons, the budgets, the personnel - America is king. But the United States has not yet conquered cyberwarfare

Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web (Threatpost) Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peace_of_mind"

Hackers Hijack a Big Rig Truck’s Accelerator and Brakes (Wired) When cybersecurity researchers showed in recent years that they could hack a Chevy Impala or a Jeep Cherokee to disable the vehicles’ brakes or hijack their steering, the results were a disturbing wakeup call to the consumer automotive industry. But industrial automakers are still due for a reminder that they, too, are selling vulnerable computer networks on wheels—ones with direct control of 33,000 pounds of high velocity metal and glass

Malware disguised by SSL traffic spikes over the last year (ZDNet) New research suggests encrypted traffic is becoming the go-to method for threat actors to hide malicious code

Cloud File Storage Can Be a Shadow Threat (IBM Security Intelligence) Blue Coat Elastica Cloud Threat Labs released the latest edition of the Shadow Data Report on cloud file storage, which covers the first half of 2016

This tiny device can infect point-of-sale systems and unlock hotel rooms (CSO) The new device generates an electromagnetic field that tricks card readers

Media Organizations Beware – DDos Attacks are Coming (Infosecurity Magazine) There’s nothing subtle about a DDoS attack. Your incident response console is lit up like a Christmas tree. Alarms are going off indicating that your network is down or severely disrupted. System users and managers are sending you panicky messages that business has ground to a halt. Meanwhile your mind is racing: Who would do this to us? Some kind of cyber extortionist? An unsavoury competitor? Hacktivists trying to send a message? And why would they do this?

IRS warns on super summer scam scourge (CSO) In the ideal world the infamous Internal Revenue Service call scam should have faded away replaced by some other stupid ploy but alas

Central Ohio Urology Group Hacked; 223GB of Crucial Data Leaked (Hack Read) Ukrainian hacking group ”Pravyy Sector” has breached the servers of Central Ohio Urology Group (COUG) and leaked a trove of data and by trove we mean trove

Malicious JavaScript takes a break after an “explosive” quarter of growth for ransomware (IT World Canada) Even cybercriminals need to slow down every so often

Transportation Authority Kept Secret Cyber Attack That Cost $600,000 (Voice of Orange County) The Orange County Transportation Authority was struck with a major cyber attack in February that cost over $600,000 and disabled dozens of computer servers for days, including a total shutdown of email, voicemail and numerous other services

Woodbury County falls victim to cyber attack (Sioux City Journal) Woodbury County fell victim to a cyber attack approximately two weeks ago, according to county officials

Supervisors approve investigation into cyber attack that compromised 3,700 county files (Sioux City Journal) In the wake of a cyber attack last month that compromised about 3,700 Woodbury County files, the board of supervisors on Tuesday moved to retain a national firm to conduct a forensic investigation into the email assault

Ransomware is a mature business model for cyber criminals, says report (ComputerWeekly) Ransomware is now an established business model for cyber criminals as malware increasingly uses evasion techniques, second quarter research by PhishMe reveals

NFL star quits Pokemon Go, fears it involves mind control (C|Net) Technically Incorrect: The Detroit Lions' Larry Warford sees everyone around him playing the game and worries that there's something sinister going on

Academia

Cybersecurity Degree Program Expanding to Jacksonville (Webster University) Webster's Cybersecurity Program is expanding to Jacksonville this fall

Litigation, Investigation, and Enforcement

Alleged ISIS sympathizer to remain in custody (Pensacola News-Journal) A Pensacola man accused of lying to investigators to mask his support for the Islamic State has been deemed a danger to the public and ordered to remain in custody, pending his trial

Czech Man Is Charged With Attempted Terrorism (New York Times) A 25-year-old mechanic and loner from a small Czech town, who tried to travel to Syria in January, was charged on Tuesday with attempted terrorism, in what the authorities said was the first known case of a Czech citizen trying to join the Islamic State

Clerk printed lottery tickets she didn’t pay for but didn’t break hacking law (Ars Technica) Oregon Supreme Court: Woman stole, but she was "authorized" to use lottery machine

Design and Innovation

Kill a smartphone password with a scan of your eye (CSO) Iris scanning is featured in Samsung's Galaxy Note7, and the technology will slowly reach other smartphones, tablets, and PCs

Profiles in cryptographic courage (InfoWorld) Security problems sometimes seem depressingly intractable. The cure? Read about the fascinating people responsible for seminal breakthroughs

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

upcoming Events

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Notes from Black Hat USA. ISIS C2. Sockpuppets and plausible deniability. Election hacking. Security upgrades from Microsoft, Google.