DNC hack detected as early as last year--FBI has "high confidence" the Russian government's behind it. More point-of-sale compromises. Data exfiltration from air-gapped systems. Criminal market developments.
Sources close to the investigation of the Democratic National Committee hack and related intrusions into the US political party's networks say the FBI has "high confidence" that the Russian government is behind the incidents. The investigation has been going on for longer than the DNC's been aware it was hacked. Reuters reports that US intelligence officials told the Congressional "Gang of Eight" about the espionage last year. (They said back then it was a spearphishing attack.)
Forbes reports that the (allegedly) Russian cybergang who hit Oracle's MICROS point-of-sale system has also compromised five other cash register vendors: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell.
Researchers at Ben-Gurion University continue their interest in air-gapped systems, demonstrating a proof-of-concept they call "DiskFiltration" that can extract and transmit data to nearby devices even when the victim machine isn't connected to the Internet.
Several developments in the criminal economy are worth noting. Bleeping Computer and Malwarbytes are tracking an evolution of the tech support scam that emulates a Windows activation screen, then persistently nags you to call and pay for your "activation key." Rebooting usually gets rid of them (so far). Heimdal Security reports on a crook-to-crook vendor going by "Others" who's selling the "Scylex" financial crime kit for $7500. "Others" say (says?) it will be bigger than Gamover Zeus. And Kaspersky describes a new version of Shade ransomware that comes bundled with a RAT—the RAT's there to help the criminals identify solvent businesses to extort. There's no margin in blackmailing bankrupts.
Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, Estonia, France, European Union, Germany, India, Ireland, Italy, Japan, Kenya, Republic of Korea, Mexico, Netherlands, New Zealand, Nigeria, Norway, Pakistan, Philippines, Romania, Russia, Saudi Arabia, Singapore, South Africa, Turkey, United Arab Emirates, United Kingdom, United States, Vietnam, and and Zambia.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast our partner John Leiseboer from Quintessence Labs will talk about redundancy and replication. We'll also have as our guest Robert M. Lee, CEO of Dragos Security, who will offer his thoughts on the security of ICS and SCADA systems. (If you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Why Anonymous Should Spy on ISIS Forums Rather than DDoSing Them (Hack Read) Anonymous and other hacking groups should start adding their profiles inside the dark web platforms of ISIS and keep an eye on their activities — agreed? What do you think?
Inside The Islamic State's Movement To Spread Terror 'All Over The World' (NPR) New York Times reporter Rukmini Callimachi is known for her in-depth reporting on terrorism and the Islamic State. Her recent jailhouse interview with Harry Sarfo, a German citizen who joined ISIS and trained in Syria before disavowing the group, revealed the organization's particular interest in recruits from Europe
The Salvation of Sinners and the Suicide Bomb (Foreign Policy) How the call to religion turns petty criminals into Islamic State terrorists
This is how the Islamic State was founded (VICE News) Republican presidential nominee Donald Trump repeated on Thursday his claim that President Barack Obama founded ISIS, and that Hillary Clinton co-founded the radical Islamist group best known for keeping sex slaves and cutting off its prisoners' heads
Democratic, GOP leaders got a secret briefing on DNC hack last year (Ars Technica) Reuters: intelligence officials told "Gang of 8" it was a spearphishing attack
FBI Said to Have High Confidence Russia Hacked Democrats (Bloomberg Politics) The FBI has high confidence the Russian government hacked U.S. Democratic Party groups and the personal e-mails of political operatives, according to a person familiar with the findings, a development sure to heighten tensions between Moscow and Washington
Security Community: Cybercriminals Are Affecting US Election (Infosecurity Magazine) A large percentage of information security professionals believe that cybercriminals are influencing the outcome of the US presidential election
Swimming Australia website 'under cyber attack' after Mack Horton-Sun Yang feud (Sydney Morning Herald) Swimming Australia's website has come under a suspected cyber attack, days after a similar problem shut down the Australian census
Swimming Australia’s website comes under suspected cyber attack (Guardian) Denial of service attack follows Mack Horton allegations at Rio Olympics. Australia swimmer accused China rival Sun Yang of being drug cheat
Cyber Attack Hits Australian Swimming Website Following China Olympic Dispute (Time) An Australian swimmer had accused his Chinese competitor of being a "drug cheat"
Brazil Superhackers Stalk Olympic Tourists (NBC News) As athletes from around the globe arrived in Rio last week to compete for Olympic gold, Brazil's notorious hacker underground was lurking just out of sight, competing to rip off as many of the hundreds of thousands of sports fans as possible during the games
Oracle MICROS Hackers Breach Five More Cash Register Companies (Forbes) Hackers have breached at least five cash-register providers that supply hundreds of thousands of businesses in the United States, FORBES has been told. After investigative reporter Brian Krebs reported a compromise of Oracle's ORCL -0.35% MICROS unit earlier this week, it now appears the same allegedly Russian cybercrime gang has hit five others in the last month: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell. Together, they supply as many as, if not more than, 1 million point-of-sale systems globally
Researchers expose multiple security flaws in SAP CAR platform tool (ZDNet) The vulnerabilities can lead to privilege escalation or denial of service attacks
Microsoft Secure Boot key debacle causes security panic (ZDNet) Security failures have created "golden keys" which unlock Windows devices protected by Secure Boot. [Updated]
Researchers announce Linux kernel “network snooping” bug (Naked Security) Researchers at the University of California in Riverside have uncovered an intriguing Linux networking bug
New air-gap jumper covertly transmits data in hard-drive sounds (Ars Technica) "DiskFiltration" siphons data even when computers are disconnected from the Internet
Beware of browser hijacker that comes bundled with legitimate software (Help Net Security) Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc
Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon (Motherboard) As well as a great opportunity to spy on some of the most talented security researchers, hacking conferences are naturally a hotbed for those looking to get up to a bit of mischief. Newly published data suggests a load of fake cell phone towers, or IMSI-catchers, popped up around the Las Vegas strip during the Defcon conference earlier this month, likely set up by attendees
Banking Trojan Evolves Into Dangerous Account Hijacker (Credit Union Times) Banking Trojans with account commandeering capabilities are dangerous enough on their own, but two major changes made to one Trojan’s code makeup have increased its persistence and risk to potential victims
CyberX Reveals the First IoT Worm Aimed at CCTVs (PRNewswire) CyberX, the leading provider of cybersecurity solutions for the Industrial IoT (IIoT), announced it has revealed the first Internet of Things (IoT) worm which is aimed at Closed-Circuit Television devices. The malware marks a new level of IoT attacks, only days after another advanced attack on IoT devices was declared as "no longer a hypothetical attack" at DEF CON 2016. These discoveries come at a time when Internet-connected devices are growing at an exponential rate due to the proliferation of IoT platforms such as PTC's ThingWorx and General Electric's Predix, and the corresponding consequences of attacks are estimated to be hundreds of millions of dollars
Security Alert: New Scylex Financial Crime Kit Aims to Provide Zeus-grade Capabilities (Heimdal Security) “Do you want to make money, do you want multiply your net-worth?” This probably sounds like a question asked by someone looking to recruit you into a multi-level marketing scheme. But the authors are actually cyber criminals
This Windows Activation Scam Talks to You So You Won't Forget to Call & Pay (Softpedia) New Windows Activation Screen scam discovered
Ransomware/RAT combo searches for solvent businesses (Help Net Security) The latest version of the Shade ransomware comes with a stealthy remote access Trojan, likely used to better gauge the amount of money the criminals can demand from the victims
Extortion Transitions from B2C to B2B (InfoRisk Today) Trend Micro's Pilao on the Asian threat landscape
Pindrop Gathers Insight Into the Robocall Scourge (eWeek) Over a five-month period, Pindrop Security collects and analyzes 100,000 fraudulent calls to a robocall honeypot called phoneypot
Prediction: the Next Generation of Cyber Attacks as Shaped by the Top 3 Evolutionary Trends (Heimdal Security) In the first half of 2016, we have seen the cybercrime marketplace move in the direction of making malware and exploit kits more easily available to those interested in carrying out cyber attacks
Pentagon bans Pokemon Go over spying fears (Washington Times) A Pentagon source tells Inside the Ring that the Defense Department has banned the playing of the mobile video game Pokemon Go within Defense Department facilities, over concerns the popular application could facilitate foreign spying
Security Patches, Mitigations, and Software Updates
SAP blasts critical software problems in patch update (ZDNet) The security fixes deal with a range of problems including cross-site scripting flaws and SQL injection vulnerabilities
SAP issues 26 patches to fix denial of service and SQL injection flaws (Computing) Critical patch update fixes a total of 30 flaws in SAP’s ERP software
Symantec Mail Security for Microsoft Exchange Unsupported Version Detection (Tenable) A mail anti-virus application installed on the remote host is no longer supported
The economic impact of security incidents on critical information infrastructures (Help Net Security) Cyber security incidents affecting CIIs (Critical Information Infrastructures) are considered nowadays global risks that can have significant negative impact for several countries or industries within the next 10 years. But the job of identifying the real impact produced proves to be quite a challenge
Financial malware attacks increase as malware creators join forces (Help Net Security) Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware
CISOs adopt a portfolio management approach for cybersecurity (Network World) With a long to-do list and perpetual skills shortage, CISOs are managing requirements, allocating resources and outsourcing
Video: So you want to be a hacker? Advice from the kids of DEF CON (Christian Science Monitor Passcode) Passcode caught up with some of the kids at r00tz Asylum to get their advice: What's the first step other kids – or anyone, really – should take if they want to be a hacker?
After a decade of R&D, MaidSafe’s decentralized network opens for alpha testing (TechCrunch) Not many startups have spent a decade fine-tuning their tech platform prior to launch. But not many startups are trying to radically rethink the structure of the Internet
CyberArk Topples On $10 Million Billings Lag, Smallest-Ever Beat (Investor's Business Daily) CyberArk Software (CYBR) stock toppled Wednesday after the company reported Q2 billings that missed expectations by $10 million
Here's What Jim Cramer Thinks About CyberArk Shares (The Street) Jim Cramer said many investors are worried that the peak of cyber security has been reached
Symantec’s Fiscal 1Q17 Results Beat Analysts’ Expectations (Market Realist) Symantec failed to report growth. Symantec (SYMC) recently reported its fiscal 1Q17 earnings. Its reported revenues and non-GAAP1 EPS (earnings per share) of $884 million and $0.29, respectively, beat analysts’ expectations by ~$7.0 million and $0.04, respectively
A Closer Look At FireEye's Profitability Potential (Seeking Alpha) The cyber security industry is becoming more competitive. Revenue growth for FireEye has been on a steady decline. Management plans to cut cost to accelerate profitability
Forget Palo Alto Networks Inc.: These 3 Stocks Are Better Buys (Motley Fool) The data security upstart has its share of fans, but others in the space are better buys
Cisco Acquiring Imperva Would Be A 'Huge Hit' In Filling Out Security Portfolio, Partners Say (CRN) Partners are urging Cisco to acquire security technology vendor Imperva, which is currently seeking suitors, as its technology strengths would fill gaps inside Cisco’s "security everywhere" strategy
Freshly Funded Startup Grades Fortune 500 on Cyber Risk 'Credit Scores' (Fortune) The company just raised millions
ManTech Awarded $110M Cybersecurity Task Orders (Homeland Security Today) Over the past several years, the federal government has experienced an onslaught of significant cybersecurity threats. To combat these increasingly complex and damaging threats, the General Services Administration has awarded ManTech International Corporation a $110 million for two task orders to provide cloud and cybersecurity services to the Department of Homeland Security
FDIC joins DHS' Einstein, hires Booz Allen to raise cyber bar (Fedscoop) The banking agency has a new webpage touting its cybersecurity efforts but isn't releasing details of its contract with Booz Allen
How Palantir wired Washington (Politico) Our colleague Ellen Mitchell dives into the Silicon Valley start-up’s fight against the defense industry — and how the company learned to play the Washington game
Fortinet Signs Cyber Information Sharing Partnership With Korea Internet And Security Agency (Defense Daily) Fortinet [FTNT] has signed an agreement with the Korea Internet & Security Agency (KISA) to conduct two-way information sharing on cyber threat intelligence, the company said Tuesday
Government influence at hacker conferences grows (FCW) Las Vegas plays host to three of the most prominent forums in the hacker and information security communities: DEF CON, Black Hat and BSides
At cybersecurity gatherings, a thaw between feds and hackers (+video) (Christian Science Monitor Passcode) At an Atlantic Council event this week, cybersecurity researchers and experts said last week's Black Hat and DEF CON conferences showed that Washington is working harder to build better relations with the hacker community
Thycotic Leaps Past CyberArk and Other Competitors in Cybersecurity 500 Rankings (Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today announced it was ranked No. 18, ahead of companies such as CyberArk [ranked No. 20, a privileged account management (PAM) provider] and ManageEngine [ranked No. 61, a privileged account management (PAM) provider] on Cybersecurity Ventures' Cybersecurity 500 list. This marks Thycotic's third consecutive time moving up in the rankings. Cybersecurity Ventures is a market intelligence and research firm covering the cybersecurity market, focusing on emerging and startup cybersecurity companies
Juniper Networks celebrates 20 years (ITWire) Juniper Networks has celebrated 20 years in the network industry. It has come a long way since its original intention to was to build the fastest router
Greg Clark, CEO of Symantec, Recognized on CRN’s List of Top 100 Executives (BusinessWire) Symantec’s John Thompson named a Top 25 Channel Sales Leader by CRN
Lastline Names Key Industry Veterans to Senior Management Positions to Implement Its Global Expansion Strategy (Yahoo! Finance) Lastline, Inc, the leader in advanced malware detection and protection today announced the appointment of Bert Rankin as Chief Marketing Officer (CMO) and Mark Strutner as Vice President of Sales. The announcement caps a significant period of market momentum, growth and recognition for the cyber security leader
Industry veteran Vishak Raman joins security services company FireEye (Voice and Data) Vishak Raman has joined FireEye as Senior Regional Director for India and SAARC. Vishak is a security industry veteran and he joins FireEye from Tata Communications where he was Vice President for Global Product Management for Managed Security Services and Content Delivery Networks
Products, Services, and Solutions
SecuLore Solutions Debuts Paladin(TM) Cybersecurity Appliance at APCO 2016 (PRWeb) Paladin is a network appliance that attaches directly to external data feeds
LightEdge Announces Launch of Flex Cloud (LightEdge) New solution offers a bridge to the Cloud with flexible path to data center migration
Terbium Labs Helps Organizations Reduce Data Theft and Fraud With Dark Web Intelligence Integrations (Marketwired) Terbium Labs, the company behind Matchlight, the world's first fully private, fully automated, data intelligence system, today announced that its dark web insights are available in the IBM i2 Intelligence Analysis portfolio. Designed to bring clarity to complex investigations, IBM i2 users will now be able to access Terbium Labs' Matchlight data intelligence system alerts of potential leaks of sensitive information to help mitigate data theft. These unique insights and analytics support IBM's Safer Planet initiative -- a global effort to help government and commercial business leaders detect, disrupt, and prevent physical and cyber threats through the use of analytics
Rackspace expands its managed security services to Microsoft’s Azure cloud (TechCrunch) Rumor has it that Rackspace is about to get acquired, but that isn’t stopping the company from hosting a major customer event in San Francisco today
YouMail Launches the World's Simplest Free Conference Calling Service (PRNewswire) Solution for busy mobile professionals fed up with complicated passwords and PINs
RiskIQ Joins IBM Security App Exchange Community (BusinessWire) RiskIQ PassiveTotal App For IBM QRadar part of collaborative development to stay ahead of evolving threats
ViaSat's New Network Encryptors to Boost Secure Networking (Zacks Equity Research) Global broadband services and technology company, ViaSat Inc. (VSAT - Analyst Report) pushed the limits of secure networking with two new secure network encryptors, ViaSat KG-250XS and IPS-250X, which are National Security Agency (“NSA”)-certified
Easy Solutions Unveils “Swordphish” Predictive Risk Technology (BusinessWire) Major email and search providers testing new machine learning technology to score phishing and malware risk on domains and URLs
ForeScout simplifies IoT security (Network World) ForeScout can now secure IoT endpoints that were historically unmanageable
Elcomsoft iOS Forensic Toolkit Adds Logical Acquisition, Supports Physical Acquisition of iOS 9.2-9.3.3 (PRNewswire) ElcomSoft Co. Ltd. updates iOS Forensic Toolkit, adding physical acquisition support to most modern devices with iOS 9.2-9.3.3; logical acquisition as a new option (passcode may not be needed)
Multi-layered phishing mitigation (Help Net Security) In this podcast recorded at Black Hat USA 2016, Eyal Benishti, CEO at IRONSCALES, talks about their multi-layered phishing mitigation solution, which brings together human intelligence and machine learning in a way that allows automated phishing incident response
Synchronized security: a simple concept that’s challenging ‘ransomware’ at every front (InterAksyon) Ransomware has become one of the most widespread and damaging threats that Internet users face. It has also grown into a lucrative “business” valued at an estimated $325 million that it’s among the top computer security concerns for 2016
Avast Releases New Cleanup Solution to Remove Unwanted Clutter from PCs (Yahoo! Finance) Avast Software, maker of the most trusted security in the world, today announced a fully redesigned version of Avast Cleanup, a powerful tool that expertly cleans and optimizes a user’s PC in minutes
Technologies, Techniques, and Standards
Estonian network operator joins European Network for Cyber Security (Power Technology) Estonian-based network operator Elektrilevi has joined the European Network for Cyber Security (ENCS) to focus on improving cyber resilience
Army spearheading cyber persistent training environment (C4ISRNET) As the military continues to build its cyber forces and institutionalize a professional cyber corps, top officials are calling for a cyber persistent training environment. While Cyber Command conducts large-scale exercises every year such as Cyber Guard and Cyber Flag, more is needed
Hackers Do Not Discriminate: Why you should follow these Security Tips (HtML Goodies) Many small businesses bless the day when the Internet gained popularity because leveled the playing field for them. They could now compete in terms of promotion and marketing to the big players, and potentially sell their products and services just as effectively as a big company sells. For that to happen, however, they need a website, and the most popular platform for creating one is WordPress
Looking for the insider: Forensic Artifacts on iOS Messaging App (SANS Internet Storm Center) Most of the times we care about and focus on external threats, looking for actors that may attack us via phishing emails, vulnerable web services, misconfigured network devices, etc
Design and Innovation
Microsoft's 'Secure Multiparty Computation' Targets Cloud Privacy (Redmond Channel Partner) Microsoft has detailed a new development in its efforts to protect data privacy in the cloud, one focused on the exchange of encrypted data between users
United frequent flier program's security questions move beyond your mother's maiden name (Chicago Tribune) United Airlines' latest hacker-thwarting tool involves getting to know its passengers' favorite artists and pizza toppings
Research and Development
DARPA's Machine Challenge Solves CrackAddr Puzzle (eSecurity Planet) Mike Walker, the DARPA program manager responsible for the Cyber Grand Challenge, details how autonomous systems solved a decade-old security challenge
Future Cybersecurity Experts Go Through Boot Camp In Cookeville (News Channel 5) Some of the country's best and brightest from federally-sanctioned cybersecurity programs were in Cookeville for a cybersecurity boot camp
Legislation, Policy, and Regulation
Russia’s Plausible Deniability Practice May Spread (SIGNAL) The former communist country’s electronic warfare and cyber capabilities pose challenges
Treasurer Scott Morrison blocks sale of Ausgrid to foreign bidders (Sydney Morning Herald) Federal Treasurer Scott Morrison has blocked the NSW government's planned sale of electricity distributor Ausgrid to foreign companies, citing national security issues, in a preliminary decision that could have broader implications for foreign investment in Australia
Pakistan passes controversial cyber-crime law (Reuters) Pakistan has adopted a much-criticized cyber security law that grants sweeping powers to regulators to block private information they deem illegal
Singapore contempt of court bill seen suppressing freedom of speech (Reuters) A proposed law in Singapore spelling out contempt of court and setting out tough penalties has drawn criticism from rights groups and raised questions among foreign diplomats over the implications for freedom of speech in the wealthy city-state
UAE Cracks Down on Fraudulent VPN (InfoRisk Today) Federal law amended to combat cyber crime
Here’s how the South China Sea ruling affects U.S. interests (Washington Post) On July 12, an International Tribunal for the Law of the Sea (ITLOS) ruling dismissed much of China’s claim to the South China Sea. Since then, there has been a great deal of discussion on the legal ramifications, China’s response and public opinion.
In limiting open source efforts, the government takes a costly gamble (Help Net Security) The vast majority of companies are now realizing the value of open sourcing their software and almost all have done so for at least certain projects. These days Google, Facebook, Microsoft, Apple and almost every major company is releasing code to the open source community at a constant rate
Interior falls short in logical access control standards — report (Fedscoop) However, the report, required by the Cybersecurity Act of 2015, noted the strides Interior has made in multifactor authentication
EPA releases limited summary of cybersecurity report (Fedscoop) The inspector general said the report itself wouldn’t be publicly released “due to the sensitive nature of the information identified”
New agency at Scott Air Force Base will help keep cyber criminals at bay (Belleville News-Democrat) Illinois Gov. Bruce Rauner joined federal, state and local officials in cutting the ribbon to open the Defense Information System Agency (DISA) Global Operations Command Facility Thursday morning at Scott Air Force Base
Release of 2015 Section 702 Minimization Procedures (IC on the Record) Today the ODNI, in consultation with the Department of Justice, is releasing in redacted form the current Section 702 Minimization Procedures, as updated in 2015, in keeping with the Principles of Intelligence Transparency for the Intelligence Community. These procedures are intended to protect the privacy and civil liberties of U.S. persons, as required by the Fourth Amendment and the Foreign Intelligence Surveillance Act, in connection with the foreign intelligence activities undertaken by the CIA, FBI, NSA and the National Counterterrorism Center
Litigation, Investigation, and Law Enforcement
SMS Privacy Given Final Nail in the Coffin by Canadian Court Ruling (Hack Read) Stop trusting SMS messaging and stop sending it- warns ontario court ruling
Exclusive: Joint FBI-US Attorney Probe of Clinton Foundation is Underway (Daily Caller) Multiple FBI investigations are underway involving potential corruption charges against the Clinton Foundation, according to a former senior law enforcement official
Report: State Dept. aide assisted Clinton Foundation in hiring (USA Today) One of Hillary Clinton’s top State Department aides participated in high-level recruiting for the Clinton Foundation while she worked for the government, according to CNN. The report raises further questions about interactions between people who worked for the two organizations while Clinton was secretary of State
State Department: Clinton Foundation didn't influence us (Politico) The State Department does not believe that any of its acts under Secretary of State Hillary Clinton were impacted by the Clinton Foundation, a State spokeswoman said Thursday
House GOP Probe: Central Command Skewed ISIS-Fight Intel (Defense News) US military leaders altered intelligence reports to paint a rosier picture of the US fight against the Islamic State than intelligence analysts believed and facts warranted, a House Republican task force has concluded
GOP rep: Obama responsible for manipulated intel about ISIS (The Hill) President Obama and other senior administration officials created a political climate that led intelligence officials to create warped reports about the United States’s fight against Islamic extremists, a leader of a Republican task force studying the matter said on Thursday
Outgoing ACLU Director Reviews Tenure Fighting National Security Battles (NPR) Drones, surveillance, torture, rendition, Guantanamo Bay, Cuba. These are just some of the subjects over which Jameel Jaffer has fought the U.S. government
Russia fines Google $6.75 million for Android antitrust violations (Ars Technica) Google ordered to loosen restrictions on Android device makers after Yandex complaint
Bleeping Computer Lawsuit Turns Ugly and Interesting at the Same Time (Softpedia) Bleeping Computer says Enigma Software tried to sabotage its brand because of a bad SpyHunter review
Court Rules to Extradite Suspected Silk Road Admin From Ireland to the US (Motherboard) After several delays, a judge has finally ruled on the extradition of a suspected Silk Road staff member from Ireland. On Friday, Justice Paul McDermott ordered that Gary Davis, alleged to be behind the Silk Road moniker “Libertas,” is to surrender to the United States, the Irish Times reports
Feds move to stop social media mockery of nursing home residents (Naked Security) You’ve probably seen the stories: A nurse aide takes a photo of a long-term care resident covered in feces and shares it on Snapchat
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
ISAO SO Public Forum (Tysons, Virginia, USA, Aug 31 - Sep 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.
RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, Oct 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, Aug 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches
2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.