Black Hat trends and observations. South China Sea cyber espionage. Russian involvement in US election season hacks. ISIS and its competitors for jihadi mindshare. Layoffs reported at two cyber sector leaders.
news from Black Hat USA 2016
Black Hat USA 2016 has concluded, its participants returning whence they came. We’ll be publishing our conference wrap-up Monday, including reports of interviews with some of the more interesting companies to attend.
In the meantime, see our suggested reading in the Black Hat section below. TechCrunch reports that four concepts tended to dominate talk in Las Vegas: “Behavior Baselining” (for anomaly detection), “Active Response” (to be sharply distinguished from “hacking back,” a concept finding less favor nowadays, active response involves faster, more automated reaction to incidents), “Security Analytics” (especially in the service of vulnerability recognition and management), and “Public Key Cryptography” (which of course you’re familiar with—and this conference was nothing if not crypto-friendly).
A lot of companies are talking these up; they’d do well to consider how they might differentiate their offerings from the other companies doing the same. Investors want differentiation. Customers want ease of deployment and a low burden on scarce skilled labor.
In some industry news that broke at the event this week, Apple announced its intention to join a growing industry trend and start a bug bounty program. Only invited bughunters will participate at first (“a few dozen”), but Ivan Krstić, Apple’s head of Security Engineering and Architecture, said that it’s not meant “to be an exclusive club.” Other researchers may submit flaws they discover and be considered for admission to the program. Bounties will range from $25,000 to $200,000. Apple says it’s willing to double the bounties paid to hunters who intend to donate the proceeds to charity.
Over at DefCon, DARPA ran its capture-the-flag competition for artificially intelligent systems. The winners will be announced later today, and then will go on to compete against naturally intelligent humans in a second round of capture-the-flag. DARPA doesn’t expect the machines to win, this time, but it thinks it’s demonstrated the future of security.
In news of international cyber conflict, F-Secure continues to track the NanHaiShu Trojan, implicated in collecting against China’s opponents in the dispute over rights to the South China Sea.
Recorded Future adds to the accumulation of circumstantial evidence pointing to Cozy Bear and Fancy Bear as the actors behind the Democratic National Committee hack and related operations against political networks. Cozy and Fancy Bear are closely tied, respectively, to Russia’s FSB and GRU. There’s much dudgeon in the US over foreign attempts to influence November’s elections.
Critics charge that this involves disingenuous reading of US intelligence operations, with NSA watcher James Bamford charging in a Reuters op-ed that the US is “the only country ever to launch an actual cyberwar,” a contention that would probably be disputed in Estonia, Georgia, and Ukraine, to name three places. (Bamford is of course referring to Stuxnet’s use against Iranian uranium separation centrifuges.)
ISIS works to assert itself over Boko Haram’s leadership in Nigeria. Time magazine publishes a shortform guide to terrorist groups vying for jihadi mindshare.
Researchers describe an exploit they’re calling “HEIST” (“HTTP Encrypted Information can be Stolen Through TCP-Windows”). An attack (demonstrated as a proof-of-concept but not yet, insofar as is known, encountered in the wild) doesn’t require a man-in-the-middle position to execute.
A new Android RAT hits users in China and Japan. Panda Banker is observed in Brazil.
In industry news, two sector leaders, FireEye and Fortinet, are said to respond to poor results with layoffs (FireEye’s announced, Fortinet’s rumored).
Notes.
Today's issue includes events affecting Bangladesh, Belgium, China, European Union, India, Iran, Iraq, Israel, Italy, Japan, Nigeria, Pakistan, Philippines, Russia, Syria, Turkey, United Arab Emirates, United States, and and Vietnam.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Malek Ben Salem from our partners at Accenture Labs will talk about software defined networking. We'll also hear from Vaporstream's Galina Datskovsky, who discuss the security issues associated with voice technologies, including voice-controlled devices. (If you enjoy the podcast, please consider giving it an iTunes review.)
Las Vegas: the latest from Black Hat (with the occasional glance over at DefCon, and a side look at BSides...)
Welcome to Black Hat USA 2016 (Black Hat) Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4)
Black Hat: Quick look at hot issues (CSO) Black Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference
The four cybersecurity terms everyone is talking about at Black Hat (TechCrunch) As the saying goes, knowledge is power. And when it comes to cybersecurity knowledge, every year thousands descend on Las Vegas for the Black Hat conference to acquire as much of it as they can
Dark Reading News Desk Coming Back To Black Hat, Live (Dark Reading) Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET
A Peek Inside the Black Hat Network Operations Center (PC Magazine) The default hotel network may be fine for a pet supply vendor conference, but Black Hat is a different story
Black Hat: We need agency focused on fixing internet’s problems (CSO) The agency needs the funding and bureaucratic bulk to fend off the NSA, says Dan Kaminsky
At Black Hat, a Reminder That Decryption Can’t Be Legally Mandated (Wired) What kind of information can the US legally demand that a company hand over? And under what circumstances? And which laws give the government and law enforcement those rights? Eh, it’s not currently very clear, as was recently proven by the Apple/FBI battle over unlocking one of the San Bernardino shooters’ iPhones and the death of secure email service Lavabit after its founder refused to produce its Secure Sockets Layer (SSL) private keys for an FBI probe
#BUHSA Attacks on Activists are Prevalent, but Unsophisticated (Infosecurity Magazine) State-sponsored attacks and tools used have been observed not as sophisticated, but experts warn that activists remain in danger
#BHUSA Build Backdoors and Government Will Use Them (Infosecurity Magazine) Law enforcement has become more aggressive because of encryption, and more eager to access details in investigation
Lack of Encryption Leads to Large Scale Cookie Exposure (Threatpost) There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers
Hackers reveal their cybersecurity secrets at Black Hat summit (CBS News) Heavy metal and hackers - it's a pair only Sin City could bring together
Black Hat: How to make and deploy malicious USB keys (CSO) Spread them around public places and about half of them will get plugged into victim’s computers
#BHUSA: 15 Years of Under-investment in Cybersecurity Makes Us Think the Sky is Falling (Infosecurity Magazine) We can’t stop spending on cybersecurity in favour of cyber-insurance, say Deloitte researchers at Black Hat, Las Vegas
Apple finally announces bug bounty program (Help Net Security) Apple is finally going to monetarily reward security researchers for spotting and responsibly disclosing bugs in the company’s products
Apple’s bug bounty program favors quality over quantity (CSO) The company will pay between $25,000 and $200,000 for exploits
How Bugs Lead to a Better Android (Threatpost) Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed
Context warns of VoIP wars at Black Hat USA (ComputerWeekly) A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA
New attack steals personal details, e-mail addresses from HTTPS pages (Ars Technica) Approach exploits how HTTPS responses are delivered over transmission control protocol
#BHUSA: How to Use Linguistic Forensics to Detect Phone Scammers (Infosecurity Magazine) There is a non-technological solution to defending against phone scammers, said Dr Judith Tabron at Black Hat USA 2016, and it’s at the human level
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think (Dark Reading) Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West
Farsight Security CEO Dr. Paul Vixie Wins Dark Reading's Best of Black Hat Most Innovative Thought Leader Award (EIN News) Farsight Security, Inc. today announced that Internet pioneer and Chairman, CEO and cofounder Dr. Paul Vixie has won Dark Reading's Best of Black Hat Most Innovative Thought Leader Award
Photo gallery: Black Hat USA 2016 Arsenal (Help Net Security) Black Hat USA 2016 is underway at Las Vegas, and here are a few photos from the Arsenal, where the open source community demonstrates tools they develop and use in their daily professions
How vendors attract hackers to their booth (CSO) Attendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by
Supercomputers give a glimpse of cybersecurity's automated future (CSO) Seven supercomputers competed in a contest to find software vulnerabilities
Cyber Attacks, Threats, and Vulnerabilities
How hackers used this Trojan malware to spy on a territorial dispute (ZDNet) F-Secure researchers say parties involved in the South China Sea arbitration case were infected with the data-stealing NanHaiShu Trojan
Everything We Know About ISIS Spy Chief Abu Mohammad al-Adnani (Time) Adnani has gone from chief propagandist to head of ISIS's intelligence unit
Isis tries to impose new leader on Boko Haram in Nigeria (Guardian) Leadership of terrorist group in doubt, with long-term leader believed to be out of favour after killing moderate Muslims
ISIS Causes Boko Haram Leadership Crisis (US News and World Report) There are now two competing claims over what is called Islamic State West Africa Province
Not just ISIS: Terror groups worldwide jockey for power (CNN) As world powers struggle to fight ISIS, other terror groups are trying to make their mark -- one deadly attack at a time. Here's a snapshot of some of the most significant groups and how they differ from ISIS
Running for Office: Russian APT Toolkits Revealed (Recorded Future) Recorded Future analysis of Russian hacking collectives has highlighted 33 known exploited product vulnerabilities used by various groups to steal information or compromise victim computers. 27 of these are tied to APT28 and APT29, collectives known by many names and possibly associated with Russian military intelligence (GRU) and the Federal Security Service (FSB) respectively
Hacking of DNC raises fears of cyber attack on US election (Nation) Can the US election be hacked? The recent breach of Democratic National Committee data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests
The world's best cyber army doesn’t belong to Russia (Thanh Nien News) National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns -- and the presidents -- of even its closest allies
PC-nuking malware sneakily replaces popular free software on FossHub (CSO) Everything is fine now, but a few unfortunate users installed a fake Classic Shell installer that may have temporarily messed up their computers
Blog: When Hackers Corrupt GPS Data (SIGNAL) A novel attack knocks out power substations, recounts a Red Hat Inc. official
Hackers Could Take Control of Your Smart Light Bulbs and Cause a Blackout (Motherboard) Hackers can take full control of a popular model of internet-connected light bulb from as far away as 400 yards, and mess with it by turning it off and on or even bricking it
Italian Android RAT Targets China and Japan (Infosecurity Magazine) Security researchers are warning of a new Android Remote Access Trojan (RAT) designed to target smartphones with specific IMEI numbers in China and Japan
Panda Is One Hungry Bear! A Heavyweight Banking Trojan Rolls Into Brazil (IBM Security Intelligence) IBM X-Force Research observed that a relatively new Zeus Trojan variant known as Panda, or Panda Banker, that started targeting banks in Europe and North America early this year has now spread to Brazil. According to IBM X-Force Research, Panda now targets 10 local bank brands and multiple payment platforms right as Brazil prepares to host a global sporting event
New Era in Anti-Virus Detection Evasions (Fortinet) In the last couple of months, we wrote about the discoveries we found in Dridex, the long-lived banking Trojan that is still quite active in-the-wild. In the blog post, TL;DR, we mentioned the Trojan has equipped with new module that could be used to evade one of the anti-virus products, however, the affected vendor has now released a fix, so we decided to share the details. In this post, we will briefly discuss some of the novel techniques used by the Trojan to evade detection by anti-virus
Nigerian email sting leads to theft of millions from companies (Financial Times) A criminal syndicate in Nigeria is stealing millions of dollars from companies around the world by intercepting their emails and diverting bank transfers, a report says
Want to keep those iOS app purchases private? You can hide, but you can't delete (ZDNet) When David Gewirtz started researching this article, it was meant as a simple organizing tip. But he wound up uncovering a really unfortunate privacy issue in how Apple manages apps
Banner Health alerts 3.7M potential victims of hack of its computers (CSO) Banner Health said payment card, patient information and other data could have been pilfered
Pokémon Go API Fiasco Exemplifies Mobile API Security Concerns (ProgrammableWeb) It seems as though just about everyone lately is either playing or talking about the runaway phenomenon that is Pokémon Go. Pokémon Go may be one of the fastest, if not the fastest, growing mobile games the world has ever seen
This cybersecurity company kills Pokemon (CNN Money) There's now money to be made in Pokemon extermination
We Asked the Canadian Who Caught All the Pokémon If He’ll Ever Feel Joy Again (Motherboard) Pokémon Go is not a video game. It is a never-ending treadmill of manufactured desire, the perfect vehicle for late capitalism’s least offensive and most insidious tendencies, and Roberto Vazquez is running like hell
Sad Windows XP Machine Spotted at the Las Vegas Airport (Wired) Windows XP is not exactly what you want to be greeted by after a soul-crushing plane ride, but there it was at McCarran International Airport in Las Vegas last night
Security Patches, Mitigations, and Software Updates
iOS 9.3.4 released, fixing critical security hole. Update now (Hot for Security) Apple has just released iOS 9.3.4, the latest versions of its mobile operating system for iPhone and iPad users, and owners of the devices are recommended to upgrade as soon as possible
About the security content of iOS 9.3.4 (Apple Support) This document describes the security content of iOS 9.3.4. For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page
Cyber Trends
58% of orgs have no controls in place to prevent insider threats (Help Net Security) More than half of organizations (58 percent) still lack the appropriate controls to prevent insider attacks, with just under half (44 percent) unaware if their organization has experienced an insider attack at all, according to a new survey of more than 500 cybersecurity professionals
71 Percent of IT Pros Say Cyber Security Skills Shortage Causes Damage to Organizations (eSecurity Planet) And 82 percent admit to a shortage of cyber security skills, a recent survey found
Marketplace
Cyber security firms vulnerable to M&A attacks (Financial Times) Deal boom as industry consolidates and private equity groups circle
U.S. Cloud Firms ‘Out Innovated’ Competitors in Wake of NSA Leak (Wall Street Journal) Firms have nearly tripled their combined cloud-infrastructure revenue in Europe since 2013
UAE recruiting 'elite task force' of cyber experts to build mass public spying system (International Business Times) The intelligence service in the United Arab Emirates (UAE) is actively creating an "elite task force" of cybersecurity experts from around the world to help develop a surveillance system that can be used to spy on any civilian in Abu Dhabi and Dubai. That's the claim of Italian security expert Simone Margaritelli, senior researcher with US-based cybersecurity firm Zimperium, who has published a first-hand account of how an allegedly government-sponsored firm tried to hire him to help build a state-of-the-art surveillance apparatus
Sources: Fortinet Lays Off Multiple VPs, 100 Employees In Sales And Marketing (CRN) The sales and marketing turmoil at Fortinet is continuing with the company laying off around 100 employees on Wednesday, including at least two vice presidents, sources told CRN
Cybersecurity Firm FireEye Plans Layoffs (Fortune) Job cuts come as company lowers its financial forecast
Rackspace Reportedly Nears a Sale; FireEye Plunges on Weak Sales and Billings (The Street) Rackspace is reportedly close to selling itself to a private-equity firm
Spirent steadies the ship amid wireless market lull (Investors Chronicle) Spirent's (SPT) business of testing communications networks and devices is subject to rapid technological change, making it critical that the company is in the right place at the right time. To that end, these results provide some reasons for optimism. Adjusted operating profit jumped over 70 per cent to $10.4m (£7.8m) as damage limitation in the wireless business kicked in
PivotPoint Named Gazelle Champion at The ISE® Lions' Den in Vegas; PacketSled, Waratek Named Runners Up (Benzinga) T.E.N., an information technology and security executive networking and relationship-marketing firm, named PivotPoint Risk Analytics the 2016 Gazelle Champion during The ISE® Lions' Den and Jungle Lounge on Wednesday, Aug. 3, at Vdara Hotel and Spa at Aria in Las Vegas. PacketSled, Waratek named runners up
Zensar Technologies Positioned in the Gartner 2016 Magic Quadrant for Data Center Outsourcing and Infrastructure Utility Services, North America (Zensar) Zensar is one of 19 organizations cited as delivering Data Center Outsourcing and Infrastructure Utility Services in North America
Talent Lab helps young professionals find their way into cybersecurity (Tempo) Top prizes at Kaspersky Lab’s talent competition include $10,000, participation at the Cannes Lions and an invitation to the Security Analyst Summit (SAS)
Products, Services, and Solutions
A10 Networks and Cylance Join Forces to Secure Networks from Perimeter to Data Center with OEM Agreement (MarketWired) Technology partnership to deliver advanced threat detection and mitigation solutions for encrypted traffic
Cylance Expands Cyber Attack Visibility Through Integrations With Robust Ecosystem of Leading SIEM Technologies (BusinessWire) Offers seamless Interoperability with Splunk, LogRhythm, Sumo Logic, and other leading SIEMs
Accenture, Splunk, Palo Alto Networks and Tanium Team on New Cyber Breach Prevention and Defense Solution (BusinessWire) Delivered through Accenture cyber defense platform, enables organizations to quickly close security gaps and stop the spread of attacks
Dashlane and Google team up for 'OpenYOLO' security project (Greenbot) The new initiative with the weird name is designed to quickly grant you entry into your Android apps
HEAT Software’s PatchLink and AntiVirus Security Solutions Now OPSWAT Certified at Silver Level (BusinessWire) HEAT Software, a leading provider of Cloud Service Management and Unified Endpoint Management software, announced today that its HEAT® PatchLink® security product and HEAT® AntiVirus solution are now OPSWAT Certified Security Applications at the Silver level for Patch Management and Anti-malware
Technologies, Techniques, and Standards
Olympics Cybersecurity is Like Protecting a Major Company, Symantec Says (Meritalk) How do you approach managing the cybersecurity of an event as massive and popular as the Olympics? According to Symantec’s vice president for the Americas, Rob Potter, treat the event like a Fortune 100 company
4 steps to a strong incident response plan (CSO) The sheer volume of cyberattacks essentially ensures that one or more will penetrate an organization’s defenses. That is why fast, intelligent incident response is critical to mitigating the effects of a breach. In AT&T’s latest Cybersecurity Insights report, 62 percent of organizations acknowledged they were breached in 2015. Yet only 34 percent believe they have an effective incident response plan
Design and Innovation
Facebook continues its war on clickbait (Ars Technica) New system “identifies words and phrases that are commonly used in clickbait”
Legislation, Policy, and Regulation
How are U.S. allies targeting ISIS on the cyber front? (C4ISRNET) While recent attacks in Europe inspired by the Islamic State group are hastening a need to up the ante against the terrorist organization, government officials from around the world are also looking to intensify efforts as to seize on recent battlefield gains
What does CTIIC actually do? (Federal Times) When the administration announced the creation of a new Cyber Threat Intelligence Integration Center (CTIIC), not everyone in government was happy about the news
Why we must move from cyber response to cyber prevention (The Hill) The presidential directive on cyber security the White House released last week officially codified a unified cyber incident response plan which mimics what those inside the FBI and Department of Homeland Security have been doing ad hoc over many years
U.S. Army Materiel Command Seeks Greater Role in Cyber (SIGNAL) Service officials stress the search for novel technological solutions
Hackers grapple with a once-unthinkable idea: Political action (Christian Science Monitor) As the DNC hack puts digital security in the national spotlight, cybersecurity professionals took the unusual step of staging a Hillary Clinton fundraiser at a hacker conference known for its fiercely independent and antiestablishment attendees
Prominent Cybersecurity Leader Favors Clinton, Despite Email Debacle (NPR) Now here's a political endorsement you might not expect
Litigation, Investigation, and Law Enforcement
Tinder swipes too much personal information, says EU lawmaker (CSO) Runkeeper is keeping too much data on its users' movements, too, says European lawmaker Marc Tarabella
Turkey Issues Arrest Warrant for U.S.-Based Cleric Accused of Coup Involvement (Time) President Recep Tayyip Erdogan has accused Fethullah Gulen of ordering the coup
U.S. Not Persuaded to Extradite Imam Over Turkey Coup (Wall Street Journal) Officials aren’t convinced by evidence against Fethullah Gulen, Pennsylvania-based imam who Turkey says masterminded the failed putsch
Illinois hospital chain to pay record $5.5M for exposing data about millions of patients (CSO) Advocate Health Care Network was fined for several violations
Man arrested for trying to recruit people for terrorist attack (Washington Examiner) A North Carolina man was arrested Thursday after allegedly trying to recruit people to conduct a terror attack in the United States on behalf of the Islamic State, according to a Justice Department statement
Mayor arrested, accused of secretly recording strip poker game with teens (Ars Technica) Defense lawyer says his client, Stockton Mayor Anthony Silva, "denies the charges"
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Boston 2016 (Boston, Massachusetts, USA , Aug 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.
Secure Bermuda 2016 (Bermuda, Aug 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.