Black Hat retrospective, with notes on DefCon. Mayhem captures DARPA's flag. ISIS propaganda-of-the-deed. Observations on election hacks and cyber war. Rio Olympics targeted by criminals and hacktivists.
news from Black Hat USA 2016
Black Hat has concluded, but there's still news coming out on the conference, and on BSides and DefCon, the other two security events held in Las Vegas last week.
Microsoft security researchers described an attack technique that could enable hackers to bypass local Windows authentication and defeat full disk encryption. They're calling it “Remote Butler” after a similarity they perceive to an Evil Maid attack.
The insecurity of the Internet-of-Things received a lot of attention in Las Vegas, with fresh demonstrations of automobile hacking attracting a great deal of interest. OpenSource Security described "PLC-Blaster," a worm that automatically searches for and spreads among programmable logic controllers. Other researchers over at DefCon described IoT vulnerabilities in everything from seismic observation instrumentation to personal massage devices.
DARPA's machine versus machine capture the flag competition has a winner: "Mayhem" from ForAllSecure team took first place (and the $2,000,000 winner's stake). "Xandra" placed second (paying $1,000,000), and "Mechphish" showed at $750,000.
ISIS claims more propaganda-of-the-deed as it seeks to inspire online. Governments in various countries worry about the possibility of ISIS making good on its threats to the Rio Olympics.
Information leaks are said to be endangering journalists working in the Ukraine.
More evidence accumulates of Russian involvement in the DNC and DCC hacks. Observers are for some reason surprised that cyber war looks at least as much like Cold War influence operations as it does the blowing up of stuff featured in movies like “Skyfall.” Russia Today expresses outrage at some suggestions for cyber direct action recently expressed by the Atlantic Council think tank (and in another Cold War flashback they sound like Dean Reed in doing so). Some proof-of-concept hacks of voting technology add to US worries (already aroused by Cozy and Fancy Bear) about the integrity of its elections.
Hacktivists said to be affiliated with Anonymous DDoS Brazilian government sites to protest the Olympics. Criminals posing as public-spirited security hacktivists hit swimmer Michael Phelps’s website after Phelps takes his latest gold medal. Apart from the aforementioned terrorism alert, however, the biggest cyber threat to Rio is conventional cybercrime, especially the Panda Banker Zeus variant.
Trustwave reports vulnerabilities in the TRANE residential Comfortlink XL850 thermostat.
Checkpoint finds four issues with Qualcomm chips—the set of vulnerabilities is being called “Quadrooter.”
Agile Information Security finds problems with NUUO video surveillance recorders.
Researchers at Columbia University conclude that NSA really isn’t sitting on a large undisclosed hoard of vulnerabilities after all.
Notes.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Egypt, European Union, France, Germany, India, Iraq, Ireland, New Zealand, Russia, Saudi Arabia, Singapore, Syria, Ukraine, United Kingdom, and United States.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Jonathan Katz, from our partners at the University of Maryland's Cybersecurity Center, will talk us through the implications of the recent Etherium code fork (of interest to all who have to do with blockchains and cryptocurrencies). We'll also speak to Booz Allen Hamilton's Brad Medairy and Grey Burkhart, who will discuss the challenges of security at the Rio Olympics (a preview--those challenges, they're big ones). (As always, if you enjoy the podcast, please consider giving it an iTunes review.)
Las Vegas: the latest from Black Hat (with the occasional glance over at DefCon, and a side look at BSides...)
Black Hat USA Briefings (Black Hat) [Briefings at Black Hat USA 2016--a collection]
Black Hat 2016 round-up: Jeep Cherokee hacked again and Olympic cyber threats (Computer Business Review) List: What was on the Black Hat agenda?
Remote Butler attack: APT groups’ dream come true (Help Net Security) Microsoft security researchers have come up with an extension of the “Evil Maid” attack that allows attackers to bypass local Windows authentication to defeat full disk encryption: “Remote Butler”
Malware hidden in digitally signed executables can bypass AV protection (Help Net Security) Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all without triggering AV solutions
Black Hat: Researchers Reveal PIN Pad Risks (eSecurity Planet) PIN pads from multiple vendors are potentially at risk from attack, according to researchers from NCR
PLC-Blaster Worm Targets Industrial Control Systems (Threatpost) Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs)
Top 5 scary hacks that emerged from the Black Hat USA hacker conference (International Business Times) This year's conference has highlighted how hackers can manipulate every gadget and even the Internet of Things to launch attacks
Gunter Ollmann on the Future of Ransomware, Exploit Kits, and IoT (Threatpost) Gunter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later
With the drama but not the bruises, hacking becomes a spectator sport (Christian Science Monitor Passcode) DARPA staged the world's first live computer-versus-computer hacking competition in which teams battled for a multimillion dollar purse in front of thousands of cheering fans in Las Vegas
Can a computer system compete against human CTF experts? (Help Net Security) DARPA announced on Thursday that a computer system designed by a team of Pittsburgh-based researchers is the presumptive winner of the Agency’s Cyber Grand Challenge
DARPA Cyber Grand Challenge Ends With Mayhem (eWeek) DARPA's Cyber Grand Challenge pitted machine against machine in an effort to find the best in autonomous computer security. In the end, Mayhem was the big winner.
GrammaTech's Team TECHx Places Second in DARPA's Cyber Grand Challenge (PRNewswire) TECHx takes home the silver in the world's first all-machine hacking tournament
Check Point Researchers Uncover ‘QuadRooter’ Vulnerability Affecting Over 900M Android Devices (CSO) Four newly discovered Android vulnerabilities can give attackers complete control of devices and access to sensitive personal and enterprise data on them
New home router OS tackles firmware shortcomings (Help Net Security) Untangle announced the release of a new operating system for consumer Wi-Fi routers at DEF CON 24
PC monitor hack manipulates pixels for malicious effect (Computerworld) Researchers at DEF CON questioned the security of PC monitors' firmware
Def Con: Do smart devices mean dumb security? (BBC) From net-connected sex toys to smart light bulbs you can control via your phone, there's no doubt that the internet of things is here to stay
Security of seismic sensor grid probed (BBC) Thousands of seismic sensors monitoring geological activity are vulnerable to cyber attack, suggests research
Your 'intimate personal massager' - cough - is spying on you (Register) Bluetooth hack lets Australian researchers reveal your deepest desires
High-security electronic safes can be hacked through power and timing analysis (CSO) Researcher shows that variations in voltage and execution times can expose the correct access codes for electronic safe locks
FTC seeks research help from DEF CON hackers (CSO) FTC objective is better security and privacy in consumer services and products
Cyber Attacks, Threats, and Vulnerabilities
IS claims Belgium machete attack that wounded 2 policewomen (AP via Yahoo!) The Islamic State group on Sunday claimed responsibility for a weekend machete attack that wounded two policewomen in the Belgian city of Charleroi, calling it an act of reprisal carried out by one of its "soldiers"
Saudi Government: Attacker in Germany Was in Touch With IS (ABC News) The Saudi Interior Ministry says a member of the extremist Islamic State group was in contact through a social networking application with a Syrian asylum-seeker who blew himself up outside a bar in southern Germany, injuring 15 people
Malicious Leaks Make Journalists Targets in Ukraine (Daily Beast) Security services and rabid nationalists in Kiev are working hard to intimidate reporters trying to do their job covering the Ukraine conflict. The consequences could be deadly
FANCY BEAR Has an (IT) Itch that They Can’t Scratch (ThreatConnect) ThreatConnect and Fidelis team up to explore the Democratic Congressional Campaign Committee (DCCC) compromise
Russian APTs Prefer Windows, Office, Internet Explorer Exploits (Softpedia) Cyber-espionage groups linked to the Russian government often use Microsoft Windows, Office, and Internet Explorer exploits to compromise their targets, according to a study of past cyber-incidents going back to January 1, 2012
Is Cyberwar Turning Out to Be Very Different From What We Thought? (Politico) The future might look much more like Russia’s DNC hack than physical attacks on nuclear power plants
No joke: US think-tank suggests cyber-attacks on Moscow Metro, St. Pete power grid, RT offices (RT) The hysterical ‘information war’ just stopped being funny. The influential Atlantic Council has released a paper calling for Poland to ‘reserve the right’ to attack Russian infrastructure, including Moscow’s public transport and RT’s offices, via electronic warfare
How Russia Dominates Your Twitter Feed to Promote Lies (And, Trump, Too) (Daily Beast) Fake news stories from Kremlin propagandists regularly become social media trends. Here’s how Moscow does it… and what it means for America’s election 2016
Julian Assange to Bill Maher: WikiLeaks ‘Working On’ Hacking Trump’s Tax Returns (Daily Beast) The head of WikiLeaks opened up to the comedian about how he hacked the DNC and why the organization hasn’t targeted Trump yet
How Vulnerable to Hacking is the Election Cyber Infrastructure? (Government Executive) Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation
How to Hack an Election in 7 Minutes (Politico) With Russia already meddling in 2016, a ragtag group of obsessive tech experts is warning that stealing the ultimate prize—victory on Nov. 8—would be child’s play
Anonymous DDoS Brazilian Government Websites Because Rio Olympics (Hack Read) The online hacktivist Anonymous Brazil is targeting Brazilian government websites to register their protest against the ongoing Olympics in Rio de Janeiro
Michael Phelps Targeted by Hackers After Winning 19th Gold Medal (Infosecurity Magazine) Just a few hours after Michael Phelps, the most-decorated Olympian of all time, added a 19th gold medal to his collection, hackers decided to target him
Zeus Panda variant targets Brazilians, wants to steal everything (Help Net Security) A new Zeus Trojan variant dubbed Panda Banker has been specially crafted to target users of 10 major Brazilian banks, but also other locally popular services
Cyber Crime Threatening Brazil Olympics (TeleSur) The influx of money and tourists for the Rio games will likely entice more and more cybercriminals, say watchdogs
Cyber threat activity in Brazil deserves special attention: Fortinet (Hindu Business Line) Cyber attacks during the Olympic games are not new. But the increased threat activity in Brazil deserves special attention, says Rajesh Maurya, Regional Director, India and SAARC, Fortinet
Brazil Leads Cyber Hacks (Valley News) Forget about Olympic medals. The gold and silver sought this year in Rio de Janeiro are the colors of credit and debit cards
Cyber attack: Brazilian hackers win the gold in credit card crime (South China Morning Post) Forget about Olympic medals. The gold and silver sought this year in Rio de Janeiro are the colours of credit and debit cards
Cerber2 ransomware released, no decryption tool available (Help Net Security) The author of the widely distributed Cerber ransomware has released a newer version, and files encrypted with Cerber2, unfortunately, can’t be decrypted without paying the ransom
Turning Up The Heat on IoT: TRANE Comfortlink XL850 (Trustwave SpiderLabs Blog) The Internet of Things (IoT) continues to explode in the consumer market as demand for network connected devices has spread to all kinds non-traditional network connected systems from toasters to toilets and from refrigerators to lamps. Unfortunately this rush to market often leaves security concerns unanswered and IoT devices are quickly earning a reputation as security hazards. Not every IoT device is equally vulnerable or dangerous. Some companies have even participated in bug bounty programs for their devices and services to help weed out security issues and protect customers
Video surveillance recorders RIDDLED with 0-days (Register) Kit from NUUO, Netgear has face-palm grade stoopid
Major spike in Malware encryption, Blue Coat finds (Security Brief) Web security specialists Blue Coat is warning enterprises and governments against a ‘significant’ spike in malware hidden in SSL traffic
Major Qualcomm chip security flaws expose 900M Android users (Ars Technica) Range of devices open to exploit by "Quadrooter" collection of vulnerabilities
Flaw in Samsung Pay lets hackers wirelessly skim credit cards (ZDNet) The tokens that are used to make purchases can be easily stolen and used in other hardware to make fraudulent transactions
Fake iPhone order dispatch confirmations hitting inboxes (Help Net Security) Fake dispatch confirmation emails for a bogus order of an iPhone from Apple’s App Store are hitting inboxes, warns Hoax-Slayer
Gardaí forced to shut down systems after cyber attack (Independent) A major investigation is under way after gardaí discovered a malicious cyber attack on their internal network
Delta Air Lines flights delayed by widespread computer outage (CSO) The computer outage has affected outgoing flights
75% of the top 20 US banks are infected with malware (Help Net Security) SecurityScorecard released its 2016 Financial Cybersecurity Report, a comprehensive analysis that exposes cybersecurity vulnerabilities across 7,111 global financial institutions including investment banks, asset management firms, and major commercial banks
Torrentz Has Died, But It Won’t Take Torrenting With It (Wired) Two weeks ago, federal authorities seized and shuttered KickassTorrents (KAT), the world’s largest torrenting site. This week, Torrentz, the world’s largest torrent search engine, closed without notice or explanation. Two of the largest sites in piracy have blinked out—but that won’t speed piracy’s steady decline
Bitfinex asks users to share losses of bitcoin theft (CSO) The digital currency exchange is bringing the website back online in phases
Security Patches, Mitigations, and Software Updates
Apple rushes out iOS update, shuts out jailbreakers (Naked Security) Just two weeks ago, Apple released iOS 9.3.3, an update that fixed numerous security holes including one that was compared to last year’s “Stagefright” bug on Android
iOS 9.3.4 Patches Critical Code Execution Flaw (Threatpost) Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices
Cyber Trends
Four IT trends CIOs need to know about (Help Net Security) CIOs looking for a benchmark to gauge IT success can depend on user experience metrics to provide the answer. In each of today’s “third platform” technologies – cloud, analytics, security and mobile – emerging millennial users expect their compute experience to be seamless, secure, and portable, but delivering on those expectations is not as easy as it sounds
Corporate Espionage: Cyber Attacks in the Manufacturing Industry (Formtek) Security and cyber attacks have got manufacturers worried. 92 percent of manufacturers surveyed said that they are worried about cyber attacks, nearly double the number of businesses who cited security as a high concern just three years ago, according to a report by BDO USA. Similarly, a report by IBM found that in 2015 manufacturers were the second most frequently targeted industry for cyber attack — the healthcare industry has the dubious honor of being in first place. Manufacturers have at risk their proprietary information, trade secrets, intellectual property and products
Healthcare cybersecurity market flooded with solutions (Help Net Security) Hospitals face heightened concerns due to ubiquitous cyber-attacks that threaten the privacy and security of their data assets and enterprise IT systems. Theft of protected health information for sale on the black market for identity theft or financial fraud is bad enough, but hospitals also have the added and very significant concern of actual patient harm that could result from compromised IT systems
Marketplace
Doing the math on cyber risk (Business Insurance) Risk managers, insurers start from scratch in assessing emerging exposures
FireEye Inc. (FEYE) Releases Earnings Results, Beats Expectations By $0.06 EPS (Cerbat Gem) FireEye Inc. (NASDAQ:FEYE) announced its earnings results on Thursday. The information security company reported ($0.33) earnings per share (EPS) for the quarter, topping the Zacks’ consensus estimate of ($0.39) by $0.06
FireEye plans layoffs, cuts outlook as sales of its security services weaken (ZDNet) According to FireEye CEO Kevin Mandia, changes in the threat environment have resulted in lower sales of its security subscriptions and products
Biz Break: FireEye slumps amid fewer security deals (SIlicon Beat) Security? No Security: Over the last couple of years, you could throw a rock in the air and you would likely hit a network security breach. Retailers, financial organizations, movie studios, even the Democratic National Committee have all been victim to various sorts of network hacks
FireEye: Still Dismal (Seeking Alpha) FireEye continues to scale back expectations, including cutting full-year cash flow targets. The cybersecurity company completed a workforce reduction that will likely have negative implications to future results. The stock offers some hope of making a positive retest of recent lows, otherwise the situation is too dismal to watch from a fundamental basis
IBM Vs. Microsoft: The Best Way To Profit From Blockchain (Seeking Alpha) Both IBM and Microsoft have launched their cloud-based Blockchain as a Service (BaaS) software suit. For investors, IBM’s blockchain initiative seems to be more compelling although Microsoft's approach is more sophisticated. IBM’s leadership position in cognitive computing and Linux makes it the ideal choice for profiting from blockchain
Symantec appoints first cybersecurity czar to woo hacking talent (Register) Uber-nerd Tarah Wheeler aims to build bridges
The Chinese firm taking threats to UK national security very seriously (Guardian) Overseen by a UK government board, the Cell is a part of Huawei in Oxfordshire ensuring its own technology cannot be compromised for nefarious purposes
Apple acquires artificial intelligence startup Turi for $200m – reports (International Business Times) The deal reflects Apple's efforts to gain an edge over Google, Facebook and Amazon in the AI space
IBM, Cisco or Raytheon Could Buy Imperva, Now Seeking Suitors (The Street) Under pressure from Elliott, the cyber security products company hired Frank Quattrone's Qatalyst Partners to launch a strategic review, which is likely focused on a sale of the business
Windows 10 Edge: Now Microsoft puts $15k bounty on remote attack browser bugs (ZDNet) Microsoft is running a special 10-month bug bounty for Edge on Windows Insider Preview builds
Apple, Panasonic to incentivize third-party security research (The Hill) Apple, Panasonic and security vendor Kaspersky Labs all announced programs to reward hackers who find and report security flaws in their products this week
National Bank of Egypt CISO Offers Women Career Advice (InfoRisk Today) Abeer Khedr discusses opportunities in the Middle East, shares security priorities
Products, Services, and Solutions
CREST Offering Pen Testing Certification in Singapore (InfoRisk Today) Collaborative effort with government agency, others
Software can predict when employees are about to do something really bad (Quartz) When it comes to cyber attacks, Russian spies aren’t the only ones to worry about. Businesses forced to confront the growing risk of cybercrime are waking up to the fact that it’s often someone on the inside who’s responsible. In other words, as a 2014 Oxford University study found, employees are increasingly attacking their own companies
Accenture, Splunk, Palo Alto Networks, Tanium to offer cybersecurity (Techseen) The integrated offering will be delivered via Accenture Cyber Defense Platform (ACDP) to improve security and enhance visibility across global network
Ixia’s ThreatARMOR promises ‘Zero-Day Malware Immunity’ with automatic blocking (IT Wire) Security company Ixia says its new ThreatARMOR solution adds ‘zero-day malware immunity,’ blocking mutated versions of malware that try evading traditional security solutions
MWR InfoSecurity Develops a New Kernel Fuzzer to Identify OS Security Vulnerabilities (App Developer Magazine) MWR InfoSecurity has announced a new kernel fuzzer implemented to run across Microsoft Windows and POSIX based operating systems
Secure USB 3.0 flash drive receives ultimate seal of approval (Channel EMEA) datAshur Pro awarded the globally recognised data security benchmark FIPS 140-2 Level 3 certification, making it the device of choice for organisations large or small
It’s time to replace firewalls in industrial network environments (Help Net Security) Waterfall Security Solutions announced the expansion of its stronger-than-firewall solution portfolio for industrial control systems and critical infrastructure sites
Technologies, Techniques, and Standards
Network Monitoring Past Present and Future: Part Two (CSO) Vulnerabilities must be monitored too
Treat Security As a Business Problem First (InfoRisk Today) Veteran CISO Manoj Sarangi shares insights on Indian practitioner challenges
Regional consortium takes aim at hackers, cyber crime (Crain's Cleveland Business) What do cyber attacks and the heroin epidemic have in common?
Microsoft suggests temporary work-around for Gmail issue (MS Power User) @anmol_112 Aug 6, 2016 at 15:04 GMT google search app Just a few days ago we reported that Google is blocking Windows 10 Mobile users from adding new Gmail accounts to the built-in Outlook app. While Microsoft has been relatively quiet about the outrage and no one really came forward to comment on the situation, a person named “Rowena Cam” from Microsoft forum team commented a possible workout for the problem. The comment was posted in reply to the problem on Microsoft’s official forum and below is the suggested way to solve the problem
Design and Innovation
MAP Announces Call for Entry in Partnership with the CyberWire: “Creating Connections” (NY Arts) Maryland Art Place (MAP), in partnership with The CyberWire is pleased to announce an open ‘Call for Entry’. An extension of MAP’s annual IMPRINT project, MAP is working with The CyberWire to offer “CREATING CONNECTIONS”, a commission and print replication project. The image of that artwork will be reproduced in a limited edition and presented to the guests of The CyberWire’s 3rd Annual Women in Cyber Security reception on September 27, 2016. Applications are due Saturday, August 27, 2016
Research and Development
Researchers Made the First Quantum Enigma Machine (Motherboard) In 1949, the father of information theory Claude Shannon wrote a paper proving that it was possible to create a perfectly secure message, one where the code could never be cracked—even with all the time and computing power in the universe
Machine-Learning Algorithm Combs the Darknet for Zero Day Exploits, and Finds Them (Technology Review) The first machine-based search of online hacker marketplaces identifies over 300 significant cyberthreats every week
Security Firm Patents Technology to Remove Complex Malware (Tech Facts Live) Security research and products giant Kaspersky Lab have been presented a new patent on a technology which will unveil destructive files trying to hide with unique re-packing methods
Air Force developing cyber weapon locator (C4ISRNET) Vencore Labs has been awarded a $9 million Air Force contract to develop technology to locate hostile cyber weapons
Legislation, Policy, and Regulation
How ISIS Is Shaking Up Transatlantic Views on Surveillance and Counter-Terrorism (Defense One) France's heightened security didn’t prevent a bloody July. Why not?
UK faces Human Rights challenge to state’s bulk hacking abroad (TechCrunch) Privacy rights organization Privacy International has filed another legal challenge to the UK government’s use of bulk hacking against foreigners
Scott Morrison says national security will be put first in decision on Ausgrid sale (Guardian) Treasurer says decision near, but Bill Shorten says Coalition should not rush sale to suit Mike Baird’s government
White House set to split Pentagon ‘Cyber Command’ from NSA (Reuters via the Raw Story) The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters
NSA denies ‘Raiders of the Lost Ark' stockpile of security vulnerabilities (Guardian) The agency’s stockpile of unpatched, undisclosed vulnerabilities is a big concern to the security community, but research suggests it discloses more than it keeps
How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently (Register) While some fear the US government is hoarding a vast pool of zero-day security vulnerabilities, the reality is that it probably holds just a few dozen, according to a study by Columbia University
FBI director: Fix clashes between privacy, public safety with 'robust conversation,' not litigation (ABA Journal) The FBI is collecting data on how the widespread use of encryption technology is “impacting our world,” and is looking for examples to share with the American people for an informed debate over the collision of two of our most basic values: privacy and public safety, FBI Director James Comey said Friday
Obama adviser says cyberthreat response rests on private sector cooperation (Federal Times) President Barack Obama’s top cybersecurity adviser said the next president should keep focusing on cybersecurity concerns by forming strong partnerships between government and the private sector
Cyber Protection Brigade overcoming obstacles, but has 'a long way to go' (C4ISRNET) There can be little doubt that building a cyber force is without its challenges — from transitioning lessons learned in the signals intel business over the last half century into a military context to operationalizing a new domain and staffing an entire workforce that can integrate with traditional military units
Information sharing hinders alliance partnerships (C4ISRNET) Despite the importance placed on allies and partners, one factor hindering joint operations between the United States and key coalition members is restrictions on information sharing. This issue breaks down into a few separate yet interconnected trends surrounding the over-classification of materials, the need to protect certain secrets while sharing others with the coalition and cultural schisms, to name a few
Litigation, Investigation, and Law Enforcement
American Authorities Fear Terror Networks Already in US (Voice of America) After years of undercover work, the U.S. is starting to pull back the veil on what appear to be loose-knit, perhaps deeply rooted networks of would-be terrorists who support each other even as many prepare to act alone
Iran Executes Nuclear Scientist for Spying for the US (Voice of America) Iran has executed a nuclear scientist who was convicted of giving top secret information about Tehran's controversial nuclear program to the United States
How an Iranian’s Spy Saga Ends, 6 Years Later: He’s Executed (New York Times) When Shahram Amiri emerged from the shadows into the spotlight six years ago, he was a young Iranian scientist who suddenly appeared on YouTube from a safe house, telling a bizarre story of having been kidnapped by the Central Intelligence Agency
Iran executes nuclear scientist reputed to have spied for U.S. (Politico) The strange case of Shahram Amiri launched during Hillary Clinton's tenure at State
Cotton: Clinton discussed executed Iranian scientist on email (Washington Examiner) Hillary Clinton recklessly discussed, in emails hosted on her private server, an Iranian nuclear scientist who was executed by Iran for treason, Sen. Tom Cotton, R-Ark., said Sunday
1,000 US spies watching out for American athletes at Rio Olympics (International Business Times) American military units are standing by to mobilise in the event of terrorist action
Why did the US provide more than 1,000 spies to Rio Olympics? (Christian Science Monitor) The US provided more than 1,000 intelligence operatives and analysts to assist in security for the 2016 Olympic games. About 350 are working in Rio, the rest are working remotely
Local forces keep watchful eye on U.S. competitors in Rio (KRDO) A cyber defense team in Colorado Springs is keeping a close eye on the safety of hundreds of U.S. athletes competing in Rio for the summer Olympics
Finjan Is Cybersecurity’s Top Patent Litigator (Bloomberg BNA) Comb through records of intellectual property disputes in the cybersecurity market and one name comes up again and again
Another Crook from the 2008 RBS WorldPay Hack Indicted in the US (Softpedia) Levitskyy, of Ukraine, extradited to the US to face charges
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
NVTC 2016 Capital Cybersecurity Summit (McLean, Virginia, USA, Nov 2 - 3, 2016) The 2016 Capital Cybersecurity Summit will feature keynote speakers and panels offering unique insights on emerging cybersecurity technologies, digital solutions, operations and enforcement from the private sector, government and academic perspectives. The Summit will also include a technology showcase at which cybersecurity companies from the DC, Virginia and Maryland region can promote their products and services, network, and connect with potential customers, partners, investors and employees.
Upcoming Events
Secure Bermuda 2016 (Bermuda, Aug 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.