A final farewell to Black Hat. Australian census still on hold. China muscles Vietnam in cyberspace. Russia makes ugly noises at Ukraine. Democratic Party hack got bigger. An object lesson in the dangers of backdoors.
news from Black Hat USA 2016
In today's issue, we take a final look back at Black Hat USA 2016. You'll find links to our discussions with the thought leaders we ran into in Las Vegas below. You'll find part one of our Black Hat podcast here. And Part Two is also up—check them both out. And our comprehensive coverage of the week's events can be found here.
Australia's Bureau of Statistics remains convinced its online census platform was taken down by distributed denial-of-service attacks. No attribution, and the motive is thought to be the obvious one: disrupting the census.
Vietnam continues to sustain a wave of spyware infestations originating, apparently, with China. Other Chinese actors (deniable patriotic hacktivists) defaced Vietnamese airport sites in July; there are similarities between their code and that used by the spyware actors.
In the US, the FBI is expanding its investigation into the hack of the Democratic Party. It's now believed more than a hundred groups and party officials were compromised. Investigators speaking on background to the media no longer bother to be coy about attribution—they call the actors "the Russians."
Microsoft has inadvertently leaked its Secure Boot "golden key," effectively a backdoor that bypasses protections and enables the possessor to unlock any device protected by Secure Boot. Observers see this as a cautionary tale for policymakers.
A Linux TCP flaw, apparently in place since 2012, exposes Internet users to off-path exploitation. Researchers from the University of California at Riverside and the US Army Research Laboratory demonstrated a proof-of-concept exploit yesterday at USENIX.
Another car hack demo shows how criminals can gain access to several Volkswagen models.
Samsung acknowledges there's a token skimming issue in Samsung Pay, but says exploitation is too far-fetched to worry about.
Tripwire reports on R980 ransomware—a lot of familiar functionality, but which abuses Mailinator the better to coerce its victims.
Twitter's cleared of supporting ISIS.
Notes.
Today's issue includes events affecting Australia, Brazil, Bulgaria, Canada, China, France, Germany, Iran, Iraq, Russia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States, and and Vietnam.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Ben Yelin (from our partners at the University of Maryland's Center for Health and Homeland Security) will discuss the FBI’s efforts to expand the reach of National Security Letters. We'll also hear from our guest Rick Lipsey, Deputy Director of the ISAO Standards Organization, who'll talk about emerging cyber security standards. (And of course, if you like the podcast, please consider giving it an iTunes review.)
Las Vegas: the latest from Black Hat (with the occasional glance over at DefCon, and a side look at BSides...)
Black Hat USA 2016 (The CyberWire) The retrospectives on Black Hat and its associated conferences agree on one thing—there’s reason for great concern about the security of the Internet and those who use it. Now, at a security industry conference, this is hardly what the lawyers would call “an admission against interest.” It’s in the nature of the sector to be unusually aware of and sensitive to threats, and a high level of fear-uncertainty-and-dread has long provided the community with its background noise as well as much of its signal. Bear this in mind as you consider reports from Las Vegas
Keynote: The Hidden Architecture of Our Time (The CyberWire) The opening keynote speaker was Dan Kaminsky, co-founder and Chief Scientist of White Ops, also famous as one of the seven “key shareholders” of the Internet’s Domain Name System, charged with responsibility for restoring it in the event of disruption. His keynote had the informative subtitle “Why this Internet Worked, How We Could Lose it, and the Role Hackers Play”
Observations on the evolution of the threat (nice supply chain you got; shame if it got broke…) (The CyberWire) On the threat side, we asked experts how the danger to businesses and other organizations has changed over the last few years. Steven Grossman, Bay Dynamics’ Vice President of Program Management, told us we’re seeing more credential-based threats
A role for threat intelligence (The CyberWire) How does a cyber intelligence company see the threat landscape changing? In keeping with Black Hat’s announced theme of “speed,” A.J. Shipley, vice president of product management at LookingGlass Cyber Solutions, told us that they’re seeing a striking increase in the rate at which the adversary changes tactics. They’ve also seen a marked increase in the sheer number and size of the breach packages they’re finding
Cyber security as an exercise in risk management (The CyberWIre) It’s worth beginning with some perspective we received from Ntrepid's Chief Scientist Lance Cottrell, especially given the attention paid at the conference to flashy demonstrations of vulnerabilities, like car hacking
Venture capital and early stage security start-ups (The CyberWIre) Jeff Moss, Black Hat’s founder, characterized this year's conference as being about speed (last year's was about complexity). Speed plays into the sector in many ways: speed to market, speed to produce products, and speed to counter threats. Speed, Moss noted, matters to boards and C-suites, and speed should matter to companies as they try to sell into the current market
What industry sees in industry trends (The CyberWIre) Ntrepid’s Lance Cottrell thought, “A lot of the problems are taking place in the basic blocking and tackling. Companies bring us in to help with the browser, but we also see them having a lot of problems with keeping track of other systems, where's the perimeter, having that perimeter dissolve on them"
Transitioning technology from the laboratory to the market (The CyberWIre) Start-ups often begin in an effort to transition a technology or a service into the market by way of a new business. We talked with Champion Technology, who’s had the experience of taking their Darklight product from its development inside a US Department of Energy National Laboratory and moving it to market
Building software for resilience (and why security teams need a good bedside manner) (The CyberWIre) The difficulty of building security into the application development process has become notorious in the industry. We spoke with the Denim Group’s John Dickson (Principal) and Dan Cornell (Chief Technology Officer) about how their company addresses this challenge
Want secure code? Give devs the right tools (CSO) With the appropriate tools and environments, developers can take the first step forward in safeguarding app security
Securing the architecture as the perimeter vanishes (The CyberWIre) It’s become a commonplace in the industry that the perimeter is vanishing (if indeed it hasn’t already done so, with the possible exception of a few tightly controlled and secured enclaves). Bring-your-own-device (BYOD), pervasive mobile computing on increasingly powerful devices, and the swift movement of data and services to the cloud have all contributed to this trend. How does an enterprise approach security in this new world?
Mobile security (where FUD may not be as fake as we’d like to believe) (The CyberWIre) With more enterprises buying fully into mobile computing, security for mobile devices bulks increasingly large in the concerns CISOs face. (And don’t even get them started on the Pokémon GO issues.) We spoke with OptioLabs’ Chief Technology Officer Brian Glancy and Hamilton Turner, Senior Director of Research and Engineering, about their approach to securing mobile devices
A role for testing (The CyberWIre) NSS Labs started in Europe, and then came to US as a security research and testing company. “Our mission is to provide transparency to the buyers so they know what they're getting,” Chief Executive Officer Vikram Phatak told us. “Think of it as Consumer Reports for enterprise cyber security"
Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable (Threatpost) Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks
The Future Of ATM Hacking (Dark Reading) Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why
An ATM hack and a PIN-pad hack show chip cards aren’t impervious to fraud (Ars Technica) The good news? Hacks are limited for now. The bad news? Hackers will get better
Booz Allen Hamilton’s Kaizen (and their hacker’s Dojo) (The CyberWIre) This year's Kaizen, a capture-the-flag event sponsored by Booz Allen Hamilton, has a winner: congratulations to Aaron Lint, Vice President of Research, Arxan, who placed first. He told us he learns something new every time he plays
Security advice for security conferences (and for other events with a bullseye on them). (The CyberWIre) Finally, it’s worth considering some of the security advice peoples offered at Black Hat. It will serve as a good starting point for next year’s event, or indeed for any other event likely to attract the ministrations of hackers (Olympics, World Cups, other Black Hats, etc.)
Special Edition: Black Hat — Cyber Security Trends and Investment (The CyberWIre) The 2016 Black Hat conference is underway in Las Vegas this week, and in this special report from the show floor we'll hear from industry leaders about industry trends, and from venture capital funders about what they need to see before saying yes, and why it's harder to get startup funding than it used to be
Special Edition: Black Hat, Part 2 — Trends and Insights from Industry Leaders (The CyberWIre) The 2016 Black Hat conference is in the books, and we wrap up our coverage with more insights from industry leaders
Lessons from a digital mercenary: Beware the ‘October Surprise' (Christian Science Monitor Passcode) Cybersecurity expert Chris Rock researched ways to overthrow a government using only his computer for a talk at the DEF CON hacker conference in Las Vegas – and he says there are some lessons for the US elections
Cyber Attacks, Threats, and Vulnerabilities
Hack of Democrats’ Accounts Was Wider Than Believed, Officials Say (New York Times) A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday
Australia Stops Online Collection of Census Data After Cyberattacks (New York Times) Australia has halted online collection of national census data after a website where citizens could upload information was subjected to repeated cyberattacks
Spyware Deluge Hits Vietnam Sites Amid South China Sea Spat (Bloomberg Markets) The spyware used in cyber attacks on Vietnam’s major airports and national carrier last month is now suspected of having bombarded many more official sites, amid tensions with China over territory in the disputed South China Sea
China 1937CN Team hackers attack airports in Vietnam (Cyber Defense Magazine) The group of hackers known as China 1937CN Team compromised the announcement screen systems at many major airports in Vietnam
How Researchers Exposed Iranian Cyberattacks Against Hundreds of Activists (Motherboard) Late last year, a group of hackers likely linked to the Iranian government reorganized the infrastructure supporting their cyberattacks. The hackers built it so their malware, which was infecting Iranian human rights activists and dissidents at home and abroad, would contact different servers under their control
Senior former Taliban leader reconciles with jihadist group (Threat Matrix) The Taliban continues to attempt to mend the rifts with a faction that broke away after the controversy surrounding the death of Mullah Omar and the naming of his successor. On Aug. 8, the Taliban announced that Mullah Baz Mohammad, who served as a deputy to Mullah Mohammad Rasul, and his followers have rejoined the Taliban
Why So Many Foreign Fighters Flock to ISIS (Defense One) A look at the factors that motivate people to leave home and join faraway wars
Mental Illness and Terrorism (Small Wars Journal) The recent attack at an Orlando night club has provoked both intrigue and confusion. Given the lack of an obvious operational connection to the Islamic State and the shooter’s rather rudimentary religious knowledge and history of mental instability, some voices have rightfully questioned the appropriateness of the label ‘terrorism’ to something that rather resembles mass school shootings
Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open (Ars Technica) Microsoft quiet as researchers spot debug mode flaw that bypasses OS checks
Microsoft Mistakenly Leaks Secure Boot Key (Threatpost) Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea
Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks (Ars Technica) "Off-path" attack means hackers can be anywhere with no man-in-the-middle needed
Use the internet? This Linux flaw could open you up to attack (CSO) A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly
A New Wireless Hack Can Unlock 100 Million Volkswagens (Wired) In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995
Samsung both denies and admits mobile payment vulnerability (CSO) Samsung said that reports of a vulnerability in Samsung Pay mobile payments were "simply not true" -- but also admitted that token skimming was, in fact, possible but difficult enough that the potential risk was acceptable
Road Warriors: Beware of ‘Video Jacking’ (KrebsOnSecurity) A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping
Instagram Accounts Hacked to Promote Adult Dating Spam (Infosecurity Magazine) Cybersecurity firm Symantec has unearthed a new scam campaign targeting Instagram users
Ransomware Copycats Predecessors, Adds Disposable Emails to the Mix (Tripwire) A new ransomware mimics many its predecessors but then shakes things up by incorporating disposable emails into its decryption process
Researchers Hide Malware Inside Digitally Signed Files Without Breaking Hashes (Softpedia) New technique makes malware detection almost impossible
Over 300 new cyber threats pop up on underground markets each week (Help Net Security) Approximately 305 new cyber threats are added each week on cybercrime markets and forums, mostly located on dark nets and the deep web
Government Data Woes: 2016 Compromised Records Surpass Total for Last Three Years Combined (IBM Security Intelligence) We are only a little over halfway through 2016, and yet according to the latest IBM X-Force data, 200 million government records worldwide were already compromised by July 31 of this year. That’s nearly 60 million more than all the records compromised from 2013 through 2015 — combined
Rio Games Escalating Cyber Risk To Mobile Users (Dark Reading) Intensified social media activities during sporting events increase threats from cybercriminals to 55%, new report from Allot finds
Facebook’s favorite hacker is back – with an ironic security hole (Naked Security) Laxman Muthiyah is a serial Facebook bounty hunter who has featured on Naked Security before
Are online travel sites providing biased information? (CBS News) A cyber war has erupted in recent weeks between major online travel agencies such as Expedia (EXPE) and Priceline.com (PCLN) and hotel chains over how some discounts are being offered to consumers
Dangers of 'Pokemon Go': Motorways, cliffs, snakes and land mines (CNN) If you're looking to catch Pokemon in Thailand, don't get your hopes up
No Pokémon for British Spies, as Pokéstops Vanish From MI5 and MI6 Buildings (Motherboard) British spies hoping to apply their skills to pokémon training may be out of luck: Players report that pokéstops and pokémon gyms have vanished from London’s MI5 and MI6 headquarters
Security Patches, Mitigations, and Software Updates
Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability (Threatpost) Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service (DoS) attack. The hotfixes come more than two months after the vulnerabilities were publicly disclosed
vBulletin Patches Serious Flaw in Forum Software (Threatpost) A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code
Vulnerability Spotlight: MS Edge/Windows PDF Library Arbitrary Code Execution Vulnerability Identified and Patched (Talos) Vulnerability discovered by Aleksandar Nikolic of Cisco Talos
Microsoft rushes to fix issue that unlocks devices protected by Secure Boot (Graham Cluley) Two security advisories released but still no fix
Google To Roll Out New Security Alerts On Gmail (Dark Reading) Gmail users to get alerts for suspicious email senders as well as sketchy links in messages
Chrome starts retiring Flash in favor of HTML5 (Ars Technica) Non-visible Flash content blocked in September; Flash fully deprecated by December
Cyber Trends
6 shocking gaps in your data security strategy (CSO) Despite billions of dollars invested in cybersecurity, businesses lose critical data daily. We’ve secured our organizations like fortresses, building layers of walls around networks, applications, storage containers, identity, and devices. But when an unhappy employee moves high-value designs onto a USB drive or sends important email attachment outside the “secure” network, those walls crumble the moment we need them the most
Marketplace
Copperhead OS: The startup that wants to solve Android’s woeful security (Ars Technica) A multi-billion-dollar megacorp, Google, apparently needs help to secure its OS
Google isn’t safe from Yahoo’s fate (TechCrunch) Yahoo has been beaten up in the press for so long that it’s hard to remember how untouchable the company once appeared
Found an iOS zero-day? This firm will pay you $300,000 more than Apple (Tripwire: the State of Security) It’s just a week since Apple announced its first-ever bug bounty for researchers who find vulnerabilities in its widely-used software and hardware, in the hope that it can provide better security and privacy to its millions of customers
Security startup confessions: How to tackle outsourcing (Help Net Security) My name is Kai Roer and I am a co-founder of a European security startup, and these are my confessions. I hope you will learn from my struggles, and appreciate the choices startups make when security matters. I will share experiences from my own startups (my first was in 1994), and things I have learned by watching and advising numerous other startups around the world
Products, Services, and Solutions
Just What the Doctor Ordered: Trend Micro Takes the Hassle Out of Security for New CyberAid Program (Trend Micro: Simply Security) When it comes to healthcare security, media attention is usually focused on the mega breaches – think Anthem, Premera and, most recently, Banner Health. But there is a long tail of smaller organizations who also need help. That’s where the Health Information Trust Alliance (HITRUST) has expanded its focus. Its latest initiative, CyberAid, is designed specifically to help smaller healthcare organizations protect themselves from ransomware, data breaches and other major threats
No One Can Stop Ad Blocking. Not Even Facebook (Wired) Facebook has a new way of getting your eyes on its ads.
FlockFlock: File access enforcement for macOS (Help Net Security) The more serious you are about information security, the more you realize it’s difficult to be sure a system isn’t compromised. While malware authors don’t target the Mac platform as much as Windows, it doesn’t mean you should be complacent about its security
Technologies, Techniques, and Standards
Here's The Business Side Of Thwarting A Cyberattack (Dark Reading) Ponemon Group study data illustrates the balancing act of running a business while trying to stay secure
Got Ransomware? Negotiate (F-Secure) ICYMI: we recently published a customer service study of various crypto-ransomware families. Communication being a crucial element of ransomware schemes, we decided to put it to a comparative test
Design and Innovation
What The TSA Teaches Us About IP Protection (Dark Reading) Data loss prevention solutions are no longer effective. Today's security teams have to keep context and human data in mind, as the TSA does
How the EFF was pushed to rethink its Secure Messaging Scorecard (Help Net Security) As good as the idea behind Electronic Frontier Foundation’s Secure Messaging Scorecard is, its initial version left much to be desired
Facebook feed change that predicts what’s informative could reprioritize news (TechCrunch) News outlets may get back some of their mojo stolen by a June Facebook feed algorithm change that preferred friends over publishers. Today Facebook will start predicting stories that are informative and highlighting them to people if they’re “related to their interests, if they engage people in broader discussions, and if they contain news”
Academia
Blog: Giving Back, One Cyber Scholarship at a Time (SIGNAL) Cyber firm CEO creates award to honor his parents, aid students
Governor McAuliffe Announces $1 Million in Cybersecurity Scholarships (Virginia.gov) The Cybersecurity Public Service Scholarship Program is now accepting applications from students in Virginia
Legislation, Policy, and Regulation
Putin discusses Crimea security after alleged Ukrainian incursions (Reuters) Russian President Vladimir Putin has held a meeting with his Security Council to discuss additional security measures for Crimea after the clashes on the contested peninsula, the Kremlin said on Thursday
Is Ukraine Just About to Blow? (Daily Beast) Countless omens signal a new war on its way, from troop movements to Russia’s ‘August Curse.’ But this time they may be more smoke than fire
Pentagon Releases New Procedures for Intelligence Collection (Lawfare) Today, the Department of Defense released revised procedures—along with an accompanying fact sheet—governing the conduct of its intelligence activities. DoD Manual 5240.01, ensures that Defense Department policy complies with DoD Directive 5240.01 and Executive Order 12333, which authorize Defense components to collect, retain, and disseminate information concerning U.S. persons and conduct other activities “in accordance with the Constitution and laws of the United States”
How the Government Is Waging Crypto War 2.0 (Motherboard) On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik entered the Inland Regional Center in San Bernardino, California and opened fire on the attendees of a holiday party underway inside. After four minutes of shooting, the married couple fled the scene and left 19 dead in their wake. At the time, it was the deadliest act of terrorism in the United States since 9/11
U.S. Intelligence to Help Companies Avert Supply-Chain Hacking (Bloomberg Technology) U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy
Army wants more remote capabilities for defensive cyber (C4ISRNET) When it comes to the Army’s defensive cyber operations, getting to a more global remote capability is important. Russell Fenton, an Army training and doctrine command capability manager in the defensive cyberspace operations branch, said at the TechNet Augusta conference that “to provide the quick reaction security enhancement reinforcement at the time of need, global cyberspace defenders must have the ability to maneuver remotely or on site"
Is COIN driving atrophy in Army network operations? (C4ISRNET) A key theme at TechNet Augusta, held Aug. 2-4 in Georgia, was that the Department of Defense Information Networks are an integral warfighting platform for all DoD operations. With that, adversaries have taken notice and tried to exploit vulnerabilities within the DoDIN to disrupt operations. But after 15 years of a counterinsurgency fight against technologically inferior actors, network defense and operational security now faces atrophy
Litigation, Investigation, and Law Enforcement
Erdogan says informing on Gulen supporters 'patriotic duty' (Fox News) Turkey's president has called on a group of businessmen to inform authorities about anyone they suspect of being a follower of a U.S.-based Muslim cleric accused of orchestrating Turkey's failed July 15 coup
Did a U.S. think tank sponsor a military coup? Turkey thinks so. (Los Angeles Times) Bespectacled and slightly balding, Washington academic Henri J. Barkey hardly appears the type to mastermind political revolt and foreign intrigue
An ICS cyber incident results in criminal convictions (Control: Unfettered) August 8, 2016, a federal jury found Pacific Gas and Electric (PG&E) guilty on five felony counts of failing to adequately inspect its gas pipelines before the blast that incinerated a neighborhood in San Bruno, CA. in September 2010. The utility was also found guilty of one count of misleading federal investigators about the standard it used to identify high-risk pipelines
Judge dismisses suit accusing Twitter of supporting ISIS group (New York Daily News) A federal judge in San Francisco has dismissed a lawsuit accusing Twitter of supporting the Islamic State group
Canada Attack Suspect Dead After Police Operation in Ontario (ABC News) A Canadian man previously banned from associating with Islamic State extremists has been killed as Canada's national police force thwarted what they believed was a suicide bomb plot, a senior police official said
Germany: 2nd arrest in connection with attack plan suspect (AP) German authorities on Wednesday arrested a man suspected of involvement in violence in Syria, a move triggered by the detention last week of a Syrian asylum-seeker who was suspected of planning an attack
French terror suspect tells court he's a victim of injustice (AP via Fox News) A French citizen with ties to the Charlie Hebdo attack in Paris has told a court in Bulgaria he is a victim of injustice
New Hillary Clinton Emails Raise Questions About State Department, Foundation Overlap (Time) Emails show her interacting with lobbyists and donors
Did Hillary’s Top Aide Help Cover Up Her Private Server? (Daily Beast) Hillary Clinton’s State Department claimed they knew nothing about her personal email system. Newly released records show a very different picture
Press Releases Finally Get a Devoted Readership: Hackers (Wired) No one ever wants to read press releases, not even journalists, and especially not when the documents are dense corporate financial updates trying to make things sound rosy to investors no matter what. You can imagine, though, that these perfunctory releases might take on a whole other significance and value to someone interested in, say, insider trading
UK prisons can now get cellphones remotely blocked over suspected illicit use (TechCrunch) It shouldn’t come as a surprise, really, that mobile phones are becoming an increasing concern among those tasked with policing prison populations. Smuggled in cellulars are being linked to all sorts of decidedly less benign contraband, including drugs, guns and the like
ISPs and FCC Republicans celebrate FCC’s court loss on muni broadband (Ars Technica) FCC critics glad that commission can't preempt state laws
Bleeping Computer countersues maker of SpyHunter (Ars Technica) Upset over domain name registrations that "libel" Bleeping Computer
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, Aug 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.