Shadow Brokers had inside help? Operation Ghoul industrial espionage campaign hits targets in 30 countries. DPRK again suspected in Bangladesh Bank caper. Industry notes.

Cyber Attacks, Threats, and Vulnerabilities

US National Security Agency Hacking Tools Posted Online (Voice of America) A collection of powerful computer hacking tools developed by the U.S. National Security Agency has mysteriously appeared online, a development that could compromise operations at the spy agency and put government and corporate computers at risk

Security Experts Say NSA-Linked Hacking Effort Was Itself Compromised (Wall Street Journal) Files use unusual mathematical operation tied to a group that appears to support U.S. interests in cyberspace

Alleged NSA data dump contain hacking tools rarely seen (CSO) Cisco said that the sample files reveal an undetected software flaw in its products

Leaked hacking tools can be tied to NSA’s Equation Group (Help Net Security) The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group

'Shadow Brokers' Claim To Have Hacked The NSA's Hackers (NPR) The "Shadow Brokers" are in the spotlight

No One Wants to Buy Those Stolen NSA-Linked ‘Cyberweapons’ (Wired) When an anonymous group calling itself Shadow Brokers put up for auction a collection of data it said it stole from the NSA, the group wrote that it would make the information public if it received the truly absurd “Dr. Evil” sum of one million bitcoins—at current exchange rates, about $576 million. So far, however, it’s achieved a more modest payday: $937.15

Someone Rickrolled the Bitcoin Auction for NSA Exploits (Motherboard) All this week, the security community has been abuzz with the public dump of NSA-linked exploits. The hacker or hackers who released them, The Shadow Brokers, have indicated they will give more material to the winner of an ongoing bitcoin auction, and at least a few people are trying to get their hands on the promised goods

Analyzing the NSA code breach in the context of recent cybersecurity events (PBS Newshour) On Saturday, programming code for National Security Agency hacking tools was shared online. The content appears to be legitimate, but it is not clear if it was intentionally hacked or accidentally leaked. Hari Sreenivasan speaks with The Washington Post’s Ellen Nakashima and Paul Vixie of Farsight Security about where this development fits in the context of other recent cybersecurity breaches

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days (Wired) When the NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence. Now a case of data apparently stolen from an NSA hacking team seems to show the risks that result when the agency chooses offense over defense: Its secret hacking tools can fall into unknown hands

'Auction' of NSA tools sends security companies scrambling (AP via Yahoo! Tech) The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter — and sent major companies rushing to update their defenses

Cisco, Fortinet validate exploits leaked by the Shadow Brokers (Help Net Security) Cisco and Fortinet have released security advisories confirming that some of the exploits leaked by the Shadow Brokers work as intended

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers (Threatpost) Cisco has quickly provided a workaround for one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers

Cisco confirms NSA-linked zeroday targeted its firewalls for years (Ars Technica) Company advisories further corroborate authenticity of mysterious Shadow Brokers leak

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump (Motherboard) There are a lot of unanswered questions surrounding the shocking dump of a slew of hacking tools used by an NSA-linked group earlier this week. But perhaps the biggest one is: who’s behind the leak? Who is behind the mysterious moniker “The Shadow Brokers”?

Why EQGRP Leak is Russia (CyberSecPolitics) First off, it's not a "hack" of a command and control box that resulted in this leak. Assuming it's real (I cannot confirm or deny anything here - largely because I don't know), it's almost certainly human intelligence - someone walked out of a secure area with a USB key. So let's go down the list of factors that make it "Almost Certainly Russia"

Russia emerges as prime suspect in apparent NSA hack (Christian Science Monitor Passcode) A previously unknown group dumped a cache of hacking tools on the web that appear to be from the National Security Agency. Now, cybersecurity experts say Moscow is once again behind a cyberattack on the US

NSA ‘Shadow Brokers’ Hack Shows SpyWar With Kremlin Is Turning Hot (Observer) This won’t be the last time Putin and his spies have us over a barrel

Clinton Foundation hired cyber firm after suspected hacking: sources (Reuters) Bill and Hillary Clinton's charitable foundation hired the security firm FireEye to examine its data systems after seeing indications they might have been hacked, according to two sources familiar with the matter

North Korean malware linked to Bangladesh bank hack (Fedscoop) If North Korea turns out to be behind the $81 million Bangladesh cyber heist, it will be only the latest example of engaging in criminal activity to generate hard currency for its hereditary regime

New wave of targeted attacks focus on industrial organizations (Help Net Security) Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation Ghoul, these cybercriminals use spear-phishing emails and malware based on a commercial spyware kit to hunt for valuable business-related data stored in their victims’ networks

Kaspersky: U.S. Caught Up in Advanced Cyberattacks Largely Affecting Middle East (Morning Consult) A new wave of cyberattacks largely hitting the Middle East and Europe is also affecting pharmaceutical and engineering industrial organizations in the United States, according to a post from Mohamad Amin Hasbini, a senior security researcher at Kaspersky Labs

Browser Address Bar Spoofing Vulnerability Disclosed (Threatpost) Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar

Spammers modify sites’ core WordPress files for long-lasting compromise (Help Net Security) In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying core WordPress files

Critical Windows flaw allows hackers to attack without trace, but Microsoft not keen on a fix (International Business Times) A loophole in the Event Viewer feature enables attackers to hack into any Windows OS without a trace

1 compromised site - 2 campaigns (SANS Internet Storm Center) Earlier today, I ran across a compromised website with injected script from both the pseudo-Darkleech campaign and the EITest campaign. This is similar to another compromised site I reported back in June 2016, shortly after Angler exploit kit (EK) disappeared from the EK scene [1]. At that time, the pseudo-Darkleech and EITest campaigns had switched to Neutrino EK

Marcher steps up game: Malware poses as security update, imitates popular apps (SC Magazine) Looking to capitalize on mobile device owners' growing security fears, a new variant of the Android malware Marcher is infecting victims by fraudulently posing as a firmware security update

Nearly a Third of Users Fall for Phishing (eWeek) A month ago, Duo Security publicly released its free Duo Insight tool, enabling organizations to test responses to phishing attacks. The results of the first six weeks of user testing are now in, and the numbers are not inspiring

Using a Neural Network to Improve Social Spear Phishing (eSecurity Planet) Researchers from ZeroFox build a tool that employs neural networks to trick unsuspecting Twitter users

August Locky Blitz Hits Healthcare Organizations (Infosecurity Magazine) August has seen a major new wave of Locky ransomware attacks targeting healthcare organizations in the US, Japan and elsewhere, according to FireEye

Ransomware as a Service is Bringing In Some Serious Money (Bitcoinist) Ransomware is now becoming standardized to create a lucrative business model, ransomware as a service for amateur hackers

Cerber ransomware service lets cybercriminals reap over $2m per year, study finds (International Business Times) According to the report, Cerber is likely a Russia-based service

Bitcoin website suspects it will be targeted by state-sponsored hackers, warns users (Hot for Security) Hopefully we are all aware that we should exercise caution when downloading programs from the internet

VeraCrypt disk encryption team claims “emails intercepted” (Naked Security) Remember TrueCrypt?

Student Loans Company in Phishing Warning (Infosecurity Magazine) The UK’s Student Loans Company has been forced to issue a fraud alert after phishers launched a new campaign targeting students starting this autumn

Here’s a Hillary Clinton exposé that’s strictly for suckers (Sun Herald) If you encounter an email in the next few days that seems too good to be true, one that, oh, promises a video of Hillary Clinton accepting money from the the leader of ISIS, don’t click it

WikiLeaks Turkish AKP Email Dumps Contain Malware; Researcher (HackRead) Last month Wikileaks published emails stolen from Turkish ruling party AKP — now, a researcher has presented a report showing the AKP emails contain malware attachments

Turkish group hacks Killeen website for the second time (Killeen Daily Herald) For the second time this year, the Killeen official website was hacked by someone claiming to be part of a Turkish hacker group

A new low! SMS scammers prey on parents' fears to make a few bucks (Greham Cluley) These alarming text messages couldn’t be worse… or more fake

Security Patches, Mitigations, and Software Updates

Cisco, Fortinet issue patches against NSA malware (Network World) Versions of Cisco PIX, ASA and Fortinet’s Fortigate firmware are affected

Microsoft To Bring The Cumulative Security Updates To Windows 7 And 8.1 Versions (MustTech News) Microsoft is going to draw an end to its years old pick-a-patch practice in the most popular platform Windows 7 and will introduce the cumulative security and performance updates instead. Pick a patch option was more flexible that allowed users to choose the updates they want. But according to Nathan Mercer, a senior product marketing engineer at Microsoft, the individual patches were creating multiple potential problems and this is why they chose to shift to the cumulative patches

Verizon has a plan to make the Android bloatware problem worse (Ars Technica) Verizon sought $1 to $2 per device, would install apps on Android phones

Cyber Trends

List 10 leading causes of IT security gaps (Health Data Management) Organizations are failing at security, as data loss is increasingly common

Okta research says slow tech upgrades puts companies at risk (SC Magazine) Research from security company Okta is claiming that companies which aren't agile on technology upgrades are putting themselves at risk of cyber-attacks

Organizations still unprepared for malicious insiders (Help Net Security) Organizations globally believe they are their own worst enemy when it comes to cybersecurity, with 45 percent saying they are ill-equipped to cope with the threat of malicious insiders and twice as many, 90 percent, calling malicious insiders a major threat to the organizations’ security, according to Mimecast

8 Surprising Statistics About Insider Threats (Dark Reading) Insider theft and negligence is real--and so are the practices that amplify the risks

Cloud adopters still struggling to see what shadow-IT users are doing (CSO Australia) More than half of companies adopting cloud services have experienced security incidents related to those cloud services, according to new research that also identified poor enforcement of policies around shadow IT, user logins and audit controls

Security is not a product but a culture: Palo Alto Networks' Anil Bhasin (Economic Times) Anil Bhasin, MD – India & SAARC, Palo Alto Networks sheds light on various aspects of cloud security, the current threat landscape and their acquisitions from across the world

Lack of process, security culture leaving firms open to cyber-attack (SC Magazine) A new white paper from QinetiQ has claimed that a lack of understanding of how to mitigate employee negligence is leaving firms wide open to cyber-attacks

Hacking smart cities: Dangerous connections (Help Net Security) Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets

Impacts of cyberattacks can be more than meets the eye (The Nation (Thailand)) Thailand's cyber-landscape has been changing more rapidly than ever before. The government’s ambitious goal to become Asean’s digital-infrastructure hub by 2020, the plan for a national e-payment programme, global financial-technology trends, or newly invented Internet start-ups - these are the key accelerators for the need for more rigorous cybersecurity programme

Marketplace

4 Questions the Board Must Ask Its CISO (BankInfo Security) Drilling down on cybersecurity plans

Cyber attack recovery 300% dearer due to skills shortage (ComputerWeekly) The improvement of specialist security expertise is one of the top three drivers for an additional investment in IT security, but many struggle to find people with the skills they need, a report reveals

Lack of security talent is a threat to corporate safety (Help Net Security) Large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise, according to Kaspersky Lab

Cisco to cut 5,500 jobs in shift away from switches, routers (Reuters) Cisco Systems Inc said it would lay off up to 5,500 employees, or nearly 7 percent of its workforce, as the world's largest networking gear maker shifts focus to areas such as security, Internet of Things and cloud

Cisco will remain “highly acquisitive” in cyber security market, says UK cyber chief (Computer Business Review) C-level briefing: Cisco's Terry Greer-King talks cyber security and the need for unified architecture

Intel Seems to Have a Stronger Hand Than Cisco Systems (New York Times) Intel and Cisco Systems are facing divergent futures. Intel is swallowing its pride and licensing intellectual property from its chip-making rival ARM. Cisco is planning to cut 7 percent of its workers. Intel may have the strong hand

Palo Alto Networks Stole a Key Customer from FireEye Last Quarter (Motley Fool) FireEye's problems may be driven by increasing competition

Security Startup LookingGlass Turning To Partners For Next Phase Of Growth (CRN) Security startup LookingGlass is planning a channel expansion in a big way, new channel chief Laurie Potratz told CRN

Avecto 'didn't need' US investment - but it helped (Business Cloud) A cyber security CEO has revealed how funding from across the Atlantic saw him rip up his business plan

Time is tight to attend American cyber security conference (Worcester News) Time is running out for cyber security companies to apply for the Midlands Engine mission to Baltimore, America in October

AhnLab to provide security programs for PyeongChang Olympics (Korea Times) AhnLab will provide security programs for the 2018 PyeongChang Winter Olympic Games, the cybersecurity firm said Wednesday

Meet the inaugural cybersecurity ‘Hall of Honor’ inductees in SA (San Antonio Business Journal) A new Hall of Honor, a similar concept to Hall of Fame, meant to recognize leaders in the cybersecurity industry in San Antonio is set to induct its inaugural members

Salient CRGT Achieves CMMI Maturity Level 3 Appraisal (PRNewswire) Achievement highlights continuous commitment to quality, process improvement, and effective delivery of system and software engineering services

Products, Services, and Solutions

G DATA Passwortmanager bringt Ordnung in den Kennwörter-Dschungel (PresseBox) G DATA Total Protection mit neuem Passwortmanager sorgt für mehr Sicherheit im Internet

Sn1per: Automated pentest recon scanner (Help Net Security) Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities

HyTrust Unveils Enhanced Workload Security Solutions for the New Multi-Cloud World (BusinessWire) Updates to HyTrust DataControl and HyTrust CloudControl provide comprehensive end-to-end multi-cloud encryption and automated compliance for software-defined data centers and hyper converged infrastructures

Pillsbury, FireEye Start Cyber Risk Service For M&A (Law360) Pillsbury Winthrop Shaw Pittman LLP has launched a service to help deal makers assess merger targets’ cybersecurity risks, in partnership with cybersecurity company FireEye and unit Mandiant

Technologies, Techniques, and Standards

If not managed properly, BYOD could turn into ‘Bring Your Own Disaster’: Raimund Genes, CTO, Trend Micro (Economic Times) In an interview with ETCIO.COM, Raimund Genes, Chief Technology Officer, Trend Micro talks about the ways in which an enterprise can work with its employees to prop up the security posture

User Ed: Patching People Vs Vulns (Dark Reading) How infosec can combine and adapt security education and security defenses to the way users actually do their jobs

Five tips to help execute an employee training program (Help Net Security) One of the best ways to reduce the risk of data breaches is employee training. This is particularly important during the fall “back to business” season when many employees are returning to the office after a well-deserved summer break, according to Shred-it

Cybersecurity: This Is Not a Drill (IBM Security Intelligence) They say hindsight is 20/20, but often that’s not good enough — particularly when it comes to protecting your data. Cybersecurity can mean the difference between the success and failure of your organization. Whether it is a small family business or a large corporation, your focus needs to shift to security foresight to protect your business and customer interests

SSA: Ixnay on txt msg reqmnt 4 e-acct, sry (KrebsOnSecurity) AUG 16 The U.S. Social Security Administration says it is reversing a newly enacted policy that required a cell phone number from all Americans who wished to manage their retirement benefits at ssa.gov. The move comes after a policy rollout marred by technical difficulties and criticism that the new requirement did little to prevent identity thieves from siphoning benefits from Americans who hadn’t yet created accounts at ssa.gov for themselves

Opinion: Why political campaigns need chief information security officers (Christian Science Monitor Passcode) The Democratic and Republican parties – and their presidential candidates – should immediately put someone in charge of safeguarding their data. It's for the good of voter privacy and American democracy

Design and Innovation

Facebook’s unblockable-ads push is a “big bluff” (Naked Security) Facebook, the adblocker ball’s back in your court, but researchers seem to have punched some holes in your racket

Research and Development

U.S. Department of Homeland Security funds four blockchain companies developing new cyber security technology (Brave New Coin) The U.S. Department of Homeland Security, Science and Technology Directorate, recently unveiled a list of 13 small businesses working towards “the development of new cyber security technology.” The companies are part of the 2016 Small Business Innovation Research program. Each was awarded approximately $100,000 in funding, for a total of $1.3 million, and four are using blockchains in their product

Legislation, Policy, and Regulation

Vietnam to develop strategic plan on cyber security (Vietnam Net Bridge) The Ministry of Information and Communications (MIC) will develop and submit a strategic plan on cyber information security to the government, according to Minister Truong Minh Tuan

Blog: A Three-pronged Approach for Fighting Foreign Cyber Attacks (SIGNAL) When we think of cyber attacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Take a moment to scan the headlines and you’ll see that articles about cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia

The Situation Report: The Driving Forces Behind NSA’s Reorganization (Meritalk) The National Security Agency has operated for decades under a well-defined mission: conduct foreign signals intelligence, support military operations, and defend national security systems from attacks. But major changes in the cyber threat landscape during the last few years have forced the agency to embrace a new reorganization strategy that officials argue is urgently needed to defend the nation from an onslaught of state-sponsored hacking attacks

5 federal agencies with a role in ensuring enterprise cybersecurity (CIO Dive) As hackers hone their skills, businesses deal with cybersecurity concerns on a daily basis. Most major hacks to date have focused on a specific company or agency. But what if a large cyberattack were to occur on a national scale? Who would enforce cybersecurity measures and provide guidance to businesses on what to do and how to react?

Litigation, Investigation, and Law Enforcement

Sage Employee Arrested in Connection with Data Breach (Infosecurity Magazine) As the fallout from the recent Sage breach continues to rumble on, City of London police have arrested a Sage Group employee on suspicion of fraud

Google loses appeal against Russia’s Android antitrust ruling (Ars Technica) Strike three against Google as it's ordered to comply with Russia's antitrust rules

Google faces legal action over data-mining emails (Naked Security) For Google, the long-running dispute over its data-mining of email just won’t go away

Enigma Software Countersued For Waging A 'Smear Campaign' Against Site It Claimed Defamed It (TechDirt) Enigma Software -- creator of the SpyHunter suite of malware/adware removal tools -- recently sued BleepingComputer for forum posts by a third-party volunteer moderator that it claimed were defamatory. In addition, it brought Lanham Act trademark infringement claims against the site -- all in response to a couple of posts that portrayed it in a negative light

Stealing bitcoins with badges: How Silk Road’s dirty cops got caught (Ars Technica) Ross Ulbricht's screwup led to DEA agent's arrest, who revealed another rogue agent

“Hunted” schoolgirls’ nude images and personal info published online (Naked Security) More than 2,000 sexual images of underage girls and women have been shared by teen boys and young men, on an Australian website. The site allows users to barter the illegal images, announce the “wins” of their hunting sprees and identify the subjects by attaching full names, faces, schools, home addresses, and phone numbers

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

Upcoming Events

2016 Information Assurance Symposium (Washington, DC, USA, Aug 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

ISAO SO Public Forum (Tysons, Virginia, USA, Aug 31 - Sep 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.

2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers