Looking back at Las Vegas and remembering some basics. Quadrooter sounds scarier than it may be. Strider (or Sauron) APT discovered. Rio's rogue Wi-Fi. Cyberwar and actual war. Law enforcement notes.
news from Black Hat USA 2016
Both the Guardian and eWeek look back at last week’s conferences.in Las Vegas and conclude that things aren’t as one might wish in security. While the Guardian’s indelicate characterization of the situation is no doubt overstated for effect, still, a lot of enterprises seem not to be learning what eWeek calls “Security 101 lessons.”
That well-known, commodity attacks continue to succeed is of course as familiar as it is lamentable. There are a lot of reasons for that: enterprises have a lot to do, their resources aren’t unlimited, and, for small and medium-sized businesses as well as for private individuals, it’s easy to fall into a kind of learned helplessness in which whistling past the graveyard and hoping nothing happens becomes a default security posture.
You may see some of the challenges, problems, and solutions in the section below. It might be worth quoting some perspective we received from Ntrepid’s Chief Scientist Lance Cottrell last week. He notes that many of the things people worry about are Hollywood hacks. Reflecting on his participation in panels on Internet-of-things security, he said, “We tend to look for the extreme movie plot threat scenarios. What if they hacked your car and drove you off a cliff?” And how likely is it that someone would go after you in such a “Rube Goldberg” fashion? If they were rationally evil, and not in it for the baroque, Blofeldian lulz, wouldn’t they just hire a hitman?
Cottrell suggested that it’s useful to think about what he called the attackers “mindspace.” “What are their goals? They want to generate money. Why is ransomware suddenly a thing? Because it's hugely lucrative. Why DDoS? Because it works, and can be easily monetized." And, he noted, some once common attacks are fading because of black market forces. There are fewer attempts to steal credit cards in part because stolen paycard numbers have now been so commoditized that it’s hard to make money from them.
So, develop a realistic understanding of what you have that might be of value to an attacker and then manage your risk accordingly. Not every attack is out of “Skyfall.” Whenever an enterprise is breached, Cottrell noted, the first press release talks about how extremely sophisticated the attackers were. Of course it would: "You don't want to say some script kiddie used a well-known exploit against our unpatched browser from two years ago to own us, but that's actually what's happening most of the time."
Thus: watch the basics, and manage risks intelligently.
And, by the way, congratulations to Carnegie Mellon, whose team ("the Plaid Parliament of Pwning") won DefCon's Capture the Flag tournament this year. (And a Carnegie Mellon spinoff, "ForAllSecure" took honors in DARPA's AI grand challenge with their "Mayhem" entry. All in all, a good week for the Pittsburghers.)
We’ll wrap up our Black Hat coverage tomorrow.
The “Quadrooter” firmware vulnerability Checkpoint’s discovered in Qualcomm chipsets powering Android devices is worrisome but not, apparently, being exploited in the wild. Qualcomm has been issuing updates since April that may have fixed the issue in many devices. A general patch is expected next month.
Symantec and Kaspersky independently warn of a new APT group they’re calling either “Strider” or “PojectSauron.” The group is thought to be state-sponsored, but hasn’t been attributed yet to any state. Kaspersky says the APT has operated against “government agencies, telecommunications firms, financial organizations, military and research centers in Russia, Iran, Rwanda, China, Sweden, Belgium and Italy” since 2011. Strider (or ProjectSauron) seems highly targeted, and particularly interested in encryption software. Symantec reports that the group (which reminds them of “Flamer) uses Remsec malware to establish backdoors.
A Russian organized crime mob, thought to be Carbanak, has compromised Oracle’s MICROS point-of-sale system. Oracle has advised affected customers to reset passwords. Other remediation is underway.
Skycure warns of rogue Wi-Fi hotspots around the Rio Olympics.
As the US considers enhancing the status of US Cyber Command, observers suggest that the world collectively (and its security and defense sectors especially) need to devote some thought to reaching clarity about conflict in cyberspace and how it relates to actual, lethal, kinetic warfare.
In law enforcement news, Ireland’s Garda upgrades its defenses after the cyberattack it recently sustained, Australia sets up a cyber unit to track terrorist funding, and the US prepares to auction off Bitcoin seized from SilkRoad.
Notes.
Today's issue includes events affecting Australia, Belgium, Brazil, China, European Union, Iran, Ireland, Italy, Poland, Russia, Rwanda, Sweden, Turkey, United Kingdom, United States, and and Vietnam.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Charles Clancy, from our partners at the Virginia Tech's Hume Center, will describe 5G cellular technology. (If you enjoy the podcast, please consider giving it an iTunes review.)
Las Vegas: the latest from Black Hat (with the occasional glance over at DefCon, and a side look at BSides...)
The state of cyber security: we’re all screwed (Guardian) Sophisticated cybercrime, privacy fears and ongoing confusion about security have soured the internet for many, and doing something about it won’t be easy
Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons (eWeek) Amid the latest technology and research discussed at Black Hat USA, enterprises still aren't implementing common sense cyber-security practices
Black Hat: What Are the Tools of Car Hacking? (eSecurity Planet) Time, energy and money, not a lack of tools, are keeping researchers from investigating automobile security, say Charlie Miller and Chris Valasek
Bringing security into IT and application infrastructures (Help Net Security) In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security
Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges (Wired) As the head of Poland’s Computer Emergency Response Team, Przemek Jaroszewski flies 50 to 80 times a year, and so has become something of a connoisseur of airlines’ premium status lounges. (He’s a particular fan of the Turkish Airlines lounge in Istanbul, complete with a cinema, putting green, Turkish bakery and free massages.) So when his gold status was mistakenly rejected last year by an automated boarding pass reader at a lounge in his home airport in Warsaw, he applied his hacker skills to make sure he’d never be locked out of an airline lounge again
Tesla Model S’s autopilot can be blinded with off-the-shelf hardware (Naked Security) Researchers have used off-the-shelf tools to trick the autopilot sensors on a Tesla Model S, demonstrating that it’s simple to blind the car so it doesn’t see obstacles in its path
Hackers Make the First-Ever Ransomware for Smart Thermostats (Motherboard) One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollar
Carnegie Mellon sweeps DefCon as team wins third 'World Series of Hacking' title in four years (PRNewswire) Carnegie Mellon's competitive computer security team, The Plaid Parliament of Pwning, just won its third title in four years at the DefCon Capture the Flag competition. The win comes on the heels of CMU-spinoff ForAllSecure's win at the DARPA Cyber Grand Challenge just days earlier
Cyber Attacks, Threats, and Vulnerabilities
Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk (Threatpost) Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t expected to be available to most users until September
QuadRooter vulnerability: 5 things to know about this Android security scare (Android Central) New Qualcomm-targeted Android security bug is reported to put '900 million' devices at risk. Here's what you need to know
Researchers discover advanced cyber-espionage malware (Engadget) It eluded detection for at least five years
Strider hackers in highly-targeted 'espionage' malware campaign (SC Magazine) Previously unknown bad actor used Remsec to infect just 36 machines in what appears to be a quiet cyber-espionage operation
Symantec Spots State-Sponsored ‘Strider’ Attacks (Infosecurity Magazine) Security experts have discovered a highly targeted cyber espionage campaign aimed at just seven organizations over the past five years
ProjectSauron APT On Par With Equation, Flame, Duqu (Threatpost) A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries
Strider: Cyberespionage group turns eye of Sauron on targets (Symantec) Low-profile group uses Remsec malware to spy on targets in Russia, China, and Europe
The ProjectSauron APT (Kaspersky Labs) In September 2015, Kaspersky Lab’s Anti-Targeted Attack Platform discovered anomalous network traffic in a government organization network. Analysis of this incident led to the discovery of a strange executable program library loaded into the memory of the domain controller server. The library was registered as a Windows password filter and had access to sensitive data such as administrative passwords in cleartext. Additional research revealed signs of activity of a previously unknown threat actor, responsible for largescale attacks against key governmental entities
Adware turns a tidy profit for those who sneak it into downloads (CSO) Perpetrators are deliberately evading protections, say researchers from Google and NYU
Even Solar Panels Can Be Hacked (Hack Read) Believe it or not, your solar panel can be hacked as well — just like this man who hacked his own solar panel
Malware hidden in Vietnam’s computer system, Bkav warns (Vietnam Net) Vietnam’s technology group Bkav warned on August 8 that the malware that recently attacked the national flag carrier Vietnam Airlines is also hidden in the websites of government agencies, corporations, banks, research institutes and universities
Hackers take Rio Olympics through the back-door (TechEye) Mobile security outfit Skycure claims that visitors to the former capital of Brazil are being targeted by hackers who have set up fake Wi-Fi hotspots designed to steal information from connected devices
Data Breach At Oracle’s MICROS Point-of-Sale Division (KrebsOnSecurity) A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems
Breach Forces Password Change on Oracle MICROS PoS Customers (Threatpost) Oracle is alerting customers it found malicious code in some of its MICROS point-of-sale systems and is requiring they change account passwords. The security measures come on the heels of reports the world’s No. 3 PoS service succumbed to a security breach perpetrated by the Carbanak gang
Are Unsecure Medical Devices Opening the Backdoor for Hackers? (Infosecurity Magazine) The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed
Malware Infected PokémonGo Apps Found on GooglePlay Store (Hack Read) Researchers have discovered more fake Pokémon GO apps on Google Play Store putting security and privacy of android users in danger
'Pokémon Go' Stats Tracker PokeAdvisor Is Blocked, Fans Are Mad As Hell (Again) (Motherboard) There’s a new casualty in the clampdown on third party Pokémon Go-tapping services: stats tracking site PokeAdvisor
Security Firm Hired To Rid Pokémon From The Map (PYMNTS) Not everyone is being swept up in the Pokémon GO craze. Cybersecurity firm LookingGlass has been hired by power utility companies in Florida to get Pokémon off the map
Cyber Trends
Security still the biggest challenge in cloud management (Help Net Security) CIOs are the C-suite executives most intensively advocating and driving migration of their organizations’ IT resources to the cloud. A new Unisys study indicates that reducing costs and gaining faster access to computing capacity are the CIOs’ primary motivations. In addition, securing the cloud is the respondents’ primary management concern
Passwords Protect Your Business, but Who’s Protecting Them? (AVG Now) When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t
Password Hacks Push Big Changes On Big Tech (PYMNTS) It has been a rough few months for high profile social media accounts – Mark Zuckerberg has been hacked, as has Google CEO Sundar Pichai and Twitter CEO Jack Dorsey. All through the magic of password hacking – and the fact that even tech CEOs don’t follow the advice we’ve all been given about varying our passwords
UK Users Getting Better at Patching … Microsoft (Infosecurity Magazine) UK PC users are getting better at patching their Microsoft systems but appear to be ignoring security warnings on other software, according to the latest stats from Secunia Research
1 in 3 Americans report financial losses due to being defrauded (Help Net Security) With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance
Defense CIO: Cybersecurity Improving But Innovation Lags (National Defense) Cyber attacks are workaday events at the Defense Department. “We get attacked millions of times a day,” says the Pentagon’s chief information officer Terry Halvorsen. How many of those attempted intrusions are actually successful? Very few, he says. Only about 0.001 percent
Marketplace
Imperva Stock Still Has 9% Upside (Barron's) The cyber-security company could see a steeper decline in product sales but likely will be bought by a larger vendor
FireEye to Lay Off Hundreds, Blames Ransomware (eWeek) The security firm sees growth continue to slow as clients fall prey to simpler, easier-to-clean-up attacks, but analysts point to competition
FEYE Stock: FireEye Inc Gets Unfairly Crushed After Second-Quarter Earnings (Profit Confidential) FireEye Inc (NASDAQ:FEYE) delivered quarterly earnings on Thursday and the market reception was…frosty, to say the least. Within hours, investors carved out 12.5% of FEYE stock
7 Signs You Should Sell FireEye Inc Stock (Madison) Cybersecurity firm FireEye (NASDAQ: FEYE) has lost almost 70% of its market value over the past 12 months and currently trades at a 25% discount to its IPO price of $20. Some contrarian investors might think that FireEye could rebound from these depressed levels, but I believe that the stock could crash and burn for seven simple reasons
Symantec purchase of Blue Coat grows federal market footprint (Bloomberg Government) Cybersecurity powerhouse Symantec Corp. announced Aug. 1 that it had completed its $4.65 billion acquisition of cyber-defense company Blue Coat Systems Inc. According to Bloomberg Government proprietary contract data, the acquisition will increase Symantec’s federal cybersecurity market footprint by an estimated 56 percent
Can Blue Coat save struggling Symantec? (ARN) Over the past three years, Symantec has endured many cost-cutting measures, including layoffs and infrastructure consolidation
SailPoint Delivers Strongest First Half in the Company’s History, Adding 100 New Enterprise Customers (BusinessWire) Company posts nearly 30% revenue growth and its 11th consecutive quarter of profitability
In Cybersecurity Hiring, Aptitude Trumps Experience and Skills (Infosecurity Magazine) As a hiring manager, you may be presented with a choice: hire the candidate with the most experience or a natural ability to get things done. While tenure is the indicator of expertise in many careers, the case can be made for hiring based on aptitude versus experience in cybersecurity
19-year-old wins one million airmiles after finding United Airlines bugs (Graham Cluley) Vulnerability researcher Olivier Beg from Amsterdam has been handsomely rewarded with one million airmiles by United Airlines, after finding some 20 security holes in the company's software
Okta brings on first CIO in effort to unify internal tech strategy (ZDNet) Like other relatively young cloud companies, Okta realizes it needs to optimize its own IT stack so it's in a better position for growth
Swivel Secure Strengthens Its Senior Leadership Team (Swivel Secure ) New Non-Executive Director to advise multi-factor authentication specialist on global strategy
Products, Services, and Solutions
Ayehu Extends Everbridge’s IT Alerting and Targeted Notification Solution with Remediation Workflow Automation and Orchestration Integration (WebWIre) Customers benefit from new level of automation functionality to improve incident resolution for maximum system uptime
Digital prediction software is featured in international market (Synaption) Synaption platform is able to analyze large data to anticipate important scenarios
Now Available: ThreatConnect Powered by SAP HANA™ (ThreatConnect) ThreatConnect + SAP HANA: intelligence-driven defense supercharged with in-memory computing
Threat Stack Cloud Security Platform Now Integrates with VictorOps for Real-Time Security Alerting (BusinessWire) Integration with real-time incident notification platform further extends Threat Stack’s capabilities for fast-moving development and operations teams
LogRhythm's 'Freemium' - a free network monitoring solution (Security Brief) Network Monitor Freemium is a free version of LogRhythm’s Network Monitor
Untangle delivers ScoutIQ threat intelligence platform (Financial News) Untangle Inc. has released its new threat intelligence platform, ScoutIQTM, aimed at bringing enterprise-grade, cloud-based malware detection to the small-to-medium business market, the company said
Technologies, Techniques, and Standards
New Internet Security Domains Debut (Dark Reading) Meet the new .security and .protection domains
Cyber checklist is dead, long-live the new A-130 (Federal News Radio) One of the last vestiges of the old way of thinking about cybersecurity is dead
Threat Modeling in the Enterprise, Part 1: Understanding the Basics (IBM Security Intelligence) Have you ever been in a position where you are expected to secure a complex system long after it has been designed and fully functional for a few good years? Or maybe you have been tasked to secure an organization that has never before taken cybersecurity seriously? If so, you are probably familiar with the initial frustration and the nagging question, “Where do we start?”
Not All Next-Generation Firewalls Are Created Equal (Palo Alto Networks) As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology
Building A Detection Strategy With The Right Metrics (Dark Reading) The tools used in detecting intrusions can lead to an overwhelming number of alerts, but they're a vital part of security
Using File Entropy to Identify "Ransomwared" Files (SANS Internet Storm Center) Any engineer or physisist will tell you that Entropy is like Gravity - there's no fighting it, it's the law! However, they can both be used to advantage in lots of situations
Design and Innovation
Blog: Have Developers Become Overly Dependent on Dependencies? (SIGNAL) One often-overlooked aspect of software development is how much programmers rely on open source libraries and packages for prewritten functions. Instead of writing code from scratch, or even copying and pasting code from one program into a new one, programmers often rely on what is called a dependency, the technical term for a shortcut to code maintained by a cloud service provider. Using the method makes a new program dependent on the existence and availability of that particular module. If that dependency is not available or the code functionality is broken, the entire program fails
Why privacy is the killer app (TechCrunch) Our world looks very different from when Steve Jobs held aloft the first iPhone in 2007. There were 1.2 billion people online globally. Gmail had fewer users than Yahoo’s mail service — the same Yahoo that was just acquired at a fraction of its highest valuation at the turn of the century. Marketers didn’t use technology beyond their website analytics, email marketing and display ads. The martech/adtech industry didn’t exist
Research and Development
'Faceless Recognition System' Can Identify You Even When You Hide Your Face (Motherboard) With widespread adoption among law enforcement, advertisers, and even churches, face recognition has undoubtedly become one of the biggest threats to privacy out there
DARPA awards contract to restore power grid after cyberattack (C4ISRNET) SRI International has been awarded a $7.3 million DARPA contract to restore the U.S. power grid after a cyberattack
Air Force awards cybersecurity contract (C4ISRNET) Charles River Analytics has been awarded a $500,000 Air Force contract to develop a cyber defense toolkit
Legislation, Policy, and Regulation
The political iconoclast at the center of Europe's tech policy debate (Christian Science Monitor Passcode) The sole member of the Pirate Party in the European Union Parliament, Julia Reda has emerged as influential voice as digital issues take center stage
What Does Expanding the Definition of War Mean for the U.S. Military? (Foreign Policy) Increasingly, America’s armed forces are tasked with protecting new battlefronts around the world — from cyberwarfare to post-conflict peacekeeping. And that could be very bad for the United States
Misuse of Language: ‘Cyber’; When War is Not a War, and a Weapon is Not a Weapon (Threatpost) The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber weapon” relate these terms to “attack,” framing the conversation in terms of acceptable responses to “attack” (namely, “strike-back,” “hack-back,” or an extreme interpretation of the vague term “active defense”)
Is US Cyber Command preparing to become the 6th branch of the military? (Tech Republic) The Obama administration is considering elevating the status of US Cyber Command and separating it from the NSA, as cyberattacks and defense become a more integral part of modern warfare
Spies-for-Hire Now at War in Syria (Daily Beast) It’s not just U.S. troops battling ISIS. Now the Army is sinking millions of dollars into private intelligence contractors for the fight
Homeland Security shares initiatives for securing government services from emerging cyber threats (CSO) Gregory J. Touhill is a retired Brigadier General from the US Air Force and is currently the Deputy Assistant Secretary in the Office of Cybersecurity and Communications for the U.S. Department of Homeland Security. He spoke at the recent Technology in Government conference held in Canberra, via video-link
Garda introducing heightened security after cyber attack (Belfast Telegraph) Irish police are implementing "heightened security measures" after a cyber attack on their computer systems
Litigation, Investigation, and Law Enforcement
Australia sets up specialist cyber unit to trace terrorism payments (Reuters via Yahoo! Tech) Australia has set up a cyber-intelligence unit to identify terrorism financing, money laundering and financial fraud online, the government said on Tuesday, because of "unprecedented" threats to national security
French Teenage Girl Charged Over Suspected Attack Plot (AP via ABC News) A judge has handed a 16-year-old French girl preliminary terrorism charges for allegedly supporting the Islamic State group and trying to perpetrate an attack, prosecutors said Monday. The girl was using a social media app to spread calls by IS to commit violent acts, the Paris prosecutor's office said
Turkey: US shouldn't 'sacrifice' alliance over Muslim cleric (AP via Quincy Herald-Whig) Turkey's justice minister said Tuesday the United States would be sacrificing its alliance with Turkey to "a terrorist" if it were to refuse to extradite a U.S.-based Muslim cleric who the government says is behind the July 15 failed coup
Elizabeth Warren criticizes DNC on emails (Boston Herald) Calls scandal an ‘embarrassment’
Benghazi victims’ families file suit against Clinton (San Diego Union-Tribune) Lawsuit blames former secretary of state for release of information
Court: Feds must get warrant to search e-mail, even if cops find child porn (Ars Technica) AOL flagged message with suspected child porn image, further search found 3 more
Tor can be cracked “like eggshells”, warns US judge (Naked Security) A US judge has put into the public record, during a hearing in Tacoma, Washington, an interesting pair of comments about Tor
Bitcoins Forfeited In Silk Road Cases To Be Auctioned (Dark Reading) US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
Upcoming Events
Secure Bermuda 2016 (Bermuda, Aug 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.