The CyberWire Daily Briefing 08.05.16

Summary

By The CyberWire Staff

In news of international cyber conflict, F-Secure continues to track the NanHaiShu Trojan, implicated in collecting against China’s opponents in the dispute over rights to the South China Sea.

Recorded Future adds to the accumulation of circumstantial evidence pointing to Cozy Bear and Fancy Bear as the actors behind the Democratic National Committee hack and related operations against political networks. Cozy and Fancy Bear are closely tied, respectively, to Russia’s FSB and GRU. There’s much dudgeon in the US over foreign attempts to influence November’s elections.

Critics charge that this involves disingenuous reading of US intelligence operations, with NSA watcher James Bamford charging in a Reuters op-ed that the US is “the only country ever to launch an actual cyberwar,” a contention that would probably be disputed in Estonia, Georgia, and Ukraine, to name three places. (Bamford is of course referring to Stuxnet’s use against Iranian uranium separation centrifuges.)

ISIS works to assert itself over Boko Haram’s leadership in Nigeria. Time magazine publishes a shortform guide to terrorist groups vying for jihadi mindshare.

Researchers describe an exploit they’re calling “HEIST” (“HTTP Encrypted Information can be Stolen Through TCP-Windows”). An attack (demonstrated as a proof-of-concept but not yet, insofar as is known, encountered in the wild) doesn’t require a man-in-the-middle position to execute.

A new Android RAT hits users in China and Japan. Panda Banker is observed in Brazil.

In industry news, two sector leaders, FireEye and Fortinet, are said to respond to poor results with layoffs (FireEye’s announced, Fortinet’s rumored).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bangladesh, Belgium, China, European Union, India, Iran, Iraq, Israel, Italy, Japan, Nigeria, Pakistan, Philippines, Russia, Syria, Turkey, United Arab Emirates, United States, and and Vietnam.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Malek Ben Salem from our partners at Accenture Labs will talk about software defined networking. We'll also hear from Vaporstream's Galina Datskovsky, who discuss the security issues associated with voice technologies, including voice-controlled devices. (If you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

CyberTexas Job Fair (San Antonio, TX, USA, August 23, 2016) Top companies looking for cybersecurity professionals, cleared or non-cleared career opportunities.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

58% of orgs have no controls in place to prevent insider threats (Help Net Security) More than half of organizations (58 percent) still lack the appropriate controls to prevent insider attacks, with just under half (44 percent) unaware if their organization has experienced an insider attack at all, according to a new survey of more than 500 cybersecurity professionals

71 Percent of IT Pros Say Cyber Security Skills Shortage Causes Damage to Organizations (eSecurity Planet) And 82 percent admit to a shortage of cyber security skills, a recent survey found

Legislation, Policy and Regulation

How are U.S. allies targeting ISIS on the cyber front? (C4ISRNET) While recent attacks in Europe inspired by the Islamic State group are hastening a need to up the ante against the terrorist organization, government officials from around the world are also looking to intensify efforts as to seize on recent battlefield gains

What does CTIIC actually do? (Federal Times) When the administration announced the creation of a new Cyber Threat Intelligence Integration Center (CTIIC), not everyone in government was happy about the news

Why we must move from cyber response to cyber prevention (The Hill) The presidential directive on cyber security the White House released last week officially codified a unified cyber incident response plan which mimics what those inside the FBI and Department of Homeland Security have been doing ad hoc over many years

U.S. Army Materiel Command Seeks Greater Role in Cyber (SIGNAL) Service officials stress the search for novel technological solutions

Hackers grapple with a once-unthinkable idea: Political action (Christian Science Monitor) As the DNC hack puts digital security in the national spotlight, cybersecurity professionals took the unusual step of staging a Hillary Clinton fundraiser at a hacker conference known for its fiercely independent and antiestablishment attendees

Prominent Cybersecurity Leader Favors Clinton, Despite Email Debacle (NPR) Now here's a political endorsement you might not expect

Dateline

Welcome to Black Hat USA 2016 (Black Hat) Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4)

Black Hat: Quick look at hot issues (CSO) Black Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference

The four cybersecurity terms everyone is talking about at Black Hat (TechCrunch) As the saying goes, knowledge is power. And when it comes to cybersecurity knowledge, every year thousands descend on Las Vegas for the Black Hat conference to acquire as much of it as they can

Dark Reading News Desk Coming Back To Black Hat, Live (Dark Reading) Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET

A Peek Inside the Black Hat Network Operations Center (PC Magazine) The default hotel network may be fine for a pet supply vendor conference, but Black Hat is a different story

Black Hat: We need agency focused on fixing internet’s problems (CSO) The agency needs the funding and bureaucratic bulk to fend off the NSA, says Dan Kaminsky

At Black Hat, a Reminder That Decryption Can’t Be Legally Mandated (Wired) What kind of information can the US legally demand that a company hand over? And under what circumstances? And which laws give the government and law enforcement those rights? Eh, it’s not currently very clear, as was recently proven by the Apple/FBI battle over unlocking one of the San Bernardino shooters’ iPhones and the death of secure email service Lavabit after its founder refused to produce its Secure Sockets Layer (SSL) private keys for an FBI probe

#BUHSA Attacks on Activists are Prevalent, but Unsophisticated (Infosecurity Magazine) State-sponsored attacks and tools used have been observed not as sophisticated, but experts warn that activists remain in danger

#BHUSA Build Backdoors and Government Will Use Them (Infosecurity Magazine) Law enforcement has become more aggressive because of encryption, and more eager to access details in investigation

Lack of Encryption Leads to Large Scale Cookie Exposure (Threatpost) There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers

Hackers reveal their cybersecurity secrets at Black Hat summit (CBS News) Heavy metal and hackers - it's a pair only Sin City could bring together

Black Hat: How to make and deploy malicious USB keys (CSO) Spread them around public places and about half of them will get plugged into victim’s computers

#BHUSA: 15 Years of Under-investment in Cybersecurity Makes Us Think the Sky is Falling (Infosecurity Magazine) We can’t stop spending on cybersecurity in favour of cyber-insurance, say Deloitte researchers at Black Hat, Las Vegas

Apple finally announces bug bounty program (Help Net Security) Apple is finally going to monetarily reward security researchers for spotting and responsibly disclosing bugs in the company’s products

Apple’s bug bounty program favors quality over quantity (CSO) The company will pay between $25,000 and $200,000 for exploits

How Bugs Lead to a Better Android (Threatpost) Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed

Context warns of VoIP wars at Black Hat USA (ComputerWeekly) A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA

New attack steals personal details, e-mail addresses from HTTPS pages (Ars Technica) Approach exploits how HTTPS responses are delivered over transmission control protocol

#BHUSA: How to Use Linguistic Forensics to Detect Phone Scammers (Infosecurity Magazine) There is a non-technological solution to defending against phone scammers, said Dr Judith Tabron at Black Hat USA 2016, and it’s at the human level

DDoS Attacks: Cybercriminals Are More Homegrown Than You Think (Dark Reading) Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West

Farsight Security CEO Dr. Paul Vixie Wins Dark Reading's Best of Black Hat Most Innovative Thought Leader Award (EIN News) Farsight Security, Inc. today announced that Internet pioneer and Chairman, CEO and cofounder Dr. Paul Vixie has won Dark Reading's Best of Black Hat Most Innovative Thought Leader Award

Photo gallery: Black Hat USA 2016 Arsenal (Help Net Security) Black Hat USA 2016 is underway at Las Vegas, and here are a few photos from the Arsenal, where the open source community demonstrates tools they develop and use in their daily professions

How vendors attract hackers to their booth (CSO) Attendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by

Supercomputers give a glimpse of cybersecurity's automated future (CSO) Seven supercomputers competed in a contest to find software vulnerabilities

Products, Services, and Solutions

A10 Networks and Cylance Join Forces to Secure Networks from Perimeter to Data Center with OEM Agreement (MarketWired) Technology partnership to deliver advanced threat detection and mitigation solutions for encrypted traffic

Cylance Expands Cyber Attack Visibility Through Integrations With Robust Ecosystem of Leading SIEM Technologies (BusinessWire) Offers seamless Interoperability with Splunk, LogRhythm, Sumo Logic, and other leading SIEMs

Accenture, Splunk, Palo Alto Networks and Tanium Team on New Cyber Breach Prevention and Defense Solution (BusinessWire) Delivered through Accenture cyber defense platform, enables organizations to quickly close security gaps and stop the spread of attacks

Dashlane and Google team up for 'OpenYOLO' security project (Greenbot) The new initiative with the weird name is designed to quickly grant you entry into your Android apps

HEAT Software’s PatchLink and AntiVirus Security Solutions Now OPSWAT Certified at Silver Level (BusinessWire) HEAT Software, a leading provider of Cloud Service Management and Unified Endpoint Management software, announced today that its HEAT® PatchLink® security product and HEAT® AntiVirus solution are now OPSWAT Certified Security Applications at the Silver level for Patch Management and Anti-malware

Technologies, Techniques, and Standards

Olympics Cybersecurity is Like Protecting a Major Company, Symantec Says (Meritalk) How do you approach managing the cybersecurity of an event as massive and popular as the Olympics? According to Symantec’s vice president for the Americas, Rob Potter, treat the event like a Fortune 100 company

4 steps to a strong incident response plan (CSO) The sheer volume of cyberattacks essentially ensures that one or more will penetrate an organization’s defenses. That is why fast, intelligent incident response is critical to mitigating the effects of a breach. In AT&T’s latest Cybersecurity Insights report, 62 percent of organizations acknowledged they were breached in 2015. Yet only 34 percent believe they have an effective incident response plan

Marketplace

Cyber security firms vulnerable to M&A attacks (Financial Times) Deal boom as industry consolidates and private equity groups circle

U.S. Cloud Firms ‘Out Innovated’ Competitors in Wake of NSA Leak (Wall Street Journal) Firms have nearly tripled their combined cloud-infrastructure revenue in Europe since 2013

UAE recruiting 'elite task force' of cyber experts to build mass public spying system (International Business Times) The intelligence service in the United Arab Emirates (UAE) is actively creating an "elite task force" of cybersecurity experts from around the world to help develop a surveillance system that can be used to spy on any civilian in Abu Dhabi and Dubai. That's the claim of Italian security expert Simone Margaritelli, senior researcher with US-based cybersecurity firm Zimperium, who has published a first-hand account of how an allegedly government-sponsored firm tried to hire him to help build a state-of-the-art surveillance apparatus

Sources: Fortinet Lays Off Multiple VPs, 100 Employees In Sales And Marketing (CRN) The sales and marketing turmoil at Fortinet is continuing with the company laying off around 100 employees on Wednesday, including at least two vice presidents, sources told CRN

Cybersecurity Firm FireEye Plans Layoffs (Fortune) Job cuts come as company lowers its financial forecast

Rackspace Reportedly Nears a Sale; FireEye Plunges on Weak Sales and Billings (The Street) Rackspace is reportedly close to selling itself to a private-equity firm

Spirent steadies the ship amid wireless market lull (Investors Chronicle) Spirent's (SPT) business of testing communications networks and devices is subject to rapid technological change, making it critical that the company is in the right place at the right time. To that end, these results provide some reasons for optimism. Adjusted operating profit jumped over 70 per cent to $10.4m (£7.8m) as damage limitation in the wireless business kicked in

PivotPoint Named Gazelle Champion at The ISE® Lions' Den in Vegas; PacketSled, Waratek Named Runners Up (Benzinga) T.E.N., an information technology and security executive networking and relationship-marketing firm, named PivotPoint Risk Analytics the 2016 Gazelle Champion during The ISE® Lions' Den and Jungle Lounge on Wednesday, Aug. 3, at Vdara Hotel and Spa at Aria in Las Vegas. PacketSled, Waratek named runners up

Zensar Technologies Positioned in the Gartner 2016 Magic Quadrant for Data Center Outsourcing and Infrastructure Utility Services, North America (Zensar) Zensar is one of 19 organizations cited as delivering Data Center Outsourcing and Infrastructure Utility Services in North America

Talent Lab helps young professionals find their way into cybersecurity (Tempo) Top prizes at Kaspersky Lab’s talent competition include $10,000, participation at the Cannes Lions and an invitation to the Security Analyst Summit (SAS)

Security Patches, Mitigations, and Software Updates

iOS 9.3.4 released, fixing critical security hole. Update now (Hot for Security) Apple has just released iOS 9.3.4, the latest versions of its mobile operating system for iPhone and iPad users, and owners of the devices are recommended to upgrade as soon as possible

About the security content of iOS 9.3.4 (Apple Support) This document describes the security content of iOS 9.3.4. For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page

Cyber Attacks, Threats, and Vulnerabilities

How hackers used this Trojan malware to spy on a territorial dispute (ZDNet) F-Secure researchers say parties involved in the South China Sea arbitration case were infected with the data-stealing NanHaiShu Trojan

Everything We Know About ISIS Spy Chief Abu Mohammad al-Adnani (Time) Adnani has gone from chief propagandist to head of ISIS's intelligence unit

Isis tries to impose new leader on Boko Haram in Nigeria (Guardian) Leadership of terrorist group in doubt, with long-term leader believed to be out of favour after killing moderate Muslims

ISIS Causes Boko Haram Leadership Crisis (US News and World Report) There are now two competing claims over what is called Islamic State West Africa Province

Not just ISIS: Terror groups worldwide jockey for power (CNN) As world powers struggle to fight ISIS, other terror groups are trying to make their mark -- one deadly attack at a time. Here's a snapshot of some of the most significant groups and how they differ from ISIS

Running for Office: Russian APT Toolkits Revealed (Recorded Future) Recorded Future analysis of Russian hacking collectives has highlighted 33 known exploited product vulnerabilities used by various groups to steal information or compromise victim computers. 27 of these are tied to APT28 and APT29, collectives known by many names and possibly associated with Russian military intelligence (GRU) and the Federal Security Service (FSB) respectively

Hacking of DNC raises fears of cyber attack on US election (Nation) Can the US election be hacked? The recent breach of Democratic National Committee data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests

The world's best cyber army doesn’t belong to Russia (Thanh Nien News) National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns -- and the presidents -- of even its closest allies

PC-nuking malware sneakily replaces popular free software on FossHub (CSO) Everything is fine now, but a few unfortunate users installed a fake Classic Shell installer that may have temporarily messed up their computers

Blog: When Hackers Corrupt GPS Data (SIGNAL) A novel attack knocks out power substations, recounts a Red Hat Inc. official

Hackers Could Take Control of Your Smart Light Bulbs and Cause a Blackout (Motherboard) Hackers can take full control of a popular model of internet-connected light bulb from as far away as 400 yards, and mess with it by turning it off and on or even bricking it

Italian Android RAT Targets China and Japan (Infosecurity Magazine) Security researchers are warning of a new Android Remote Access Trojan (RAT) designed to target smartphones with specific IMEI numbers in China and Japan

Panda Is One Hungry Bear! A Heavyweight Banking Trojan Rolls Into Brazil (IBM Security Intelligence) IBM X-Force Research observed that a relatively new Zeus Trojan variant known as Panda, or Panda Banker, that started targeting banks in Europe and North America early this year has now spread to Brazil. According to IBM X-Force Research, Panda now targets 10 local bank brands and multiple payment platforms right as Brazil prepares to host a global sporting event

New Era in Anti-Virus Detection Evasions (Fortinet) In the last couple of months, we wrote about the discoveries we found in Dridex, the long-lived banking Trojan that is still quite active in-the-wild. In the blog post, TL;DR, we mentioned the Trojan has equipped with new module that could be used to evade one of the anti-virus products, however, the affected vendor has now released a fix, so we decided to share the details. In this post, we will briefly discuss some of the novel techniques used by the Trojan to evade detection by anti-virus

Nigerian email sting leads to theft of millions from companies (Financial Times) A criminal syndicate in Nigeria is stealing millions of dollars from companies around the world by intercepting their emails and diverting bank transfers, a report says

Want to keep those iOS app purchases private? You can hide, but you can't delete (ZDNet) When David Gewirtz started researching this article, it was meant as a simple organizing tip. But he wound up uncovering a really unfortunate privacy issue in how Apple manages apps

Banner Health alerts 3.7M potential victims of hack of its computers (CSO) Banner Health said payment card, patient information and other data could have been pilfered

Pokémon Go API Fiasco Exemplifies Mobile API Security Concerns (ProgrammableWeb) It seems as though just about everyone lately is either playing or talking about the runaway phenomenon that is Pokémon Go. Pokémon Go may be one of the fastest, if not the fastest, growing mobile games the world has ever seen

This cybersecurity company kills Pokemon (CNN Money) There's now money to be made in Pokemon extermination

We Asked the Canadian Who Caught All the Pokémon If He’ll Ever Feel Joy Again (Motherboard) Pokémon Go is not a video game. It is a never-ending treadmill of manufactured desire, the perfect vehicle for late capitalism’s least offensive and most insidious tendencies, and Roberto Vazquez is running like hell

Sad Windows XP Machine Spotted at the Las Vegas Airport (Wired) Windows XP is not exactly what you want to be greeted by after a soul-crushing plane ride, but there it was at McCarran International Airport in Las Vegas last night

Litigation, Investigation, and Enforcement

Tinder swipes too much personal information, says EU lawmaker (CSO) Runkeeper is keeping too much data on its users' movements, too, says European lawmaker Marc Tarabella

Turkey Issues Arrest Warrant for U.S.-Based Cleric Accused of Coup Involvement (Time) President Recep Tayyip Erdogan has accused Fethullah Gulen of ordering the coup

U.S. Not Persuaded to Extradite Imam Over Turkey Coup (Wall Street Journal) Officials aren’t convinced by evidence against Fethullah Gulen, Pennsylvania-based imam who Turkey says masterminded the failed putsch

Illinois hospital chain to pay record $5.5M for exposing data about millions of patients (CSO) Advocate Health Care Network was fined for several violations

Man arrested for trying to recruit people for terrorist attack (Washington Examiner) A North Carolina man was arrested Thursday after allegedly trying to recruit people to conduct a terror attack in the United States on behalf of the Islamic State, according to a Justice Department statement

Mayor arrested, accused of secretly recording strip poker game with teens (Ars Technica) Defense lawyer says his client, Stockton Mayor Anthony Silva, "denies the charges"

Design and Innovation

Facebook continues its war on clickbait (Ars Technica) New system “identifies words and phrases that are commonly used in clickbait”

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Black Hat trends and observations. South China Sea cyber espionage. Russian involvement in US election season hacks. ISIS and its competitors for jihadi mindshare. Layoffs reported at two cyber sector leaders.