Shadow Brokers seem to have Equation Group goods (but their broken English really looks like a put-on). Speculation about attribution of NSA compromise. Unwanted emails to dot-gov addresses amount to denial-of-service?
Consensus at week's end is that NSA was indeed compromised. Cisco and Fortinet are already patching zero-days included in the code released by the Shadow Brokers, and Juniper Networks is investigating apparently exploitable flaws in its own software. Fugitive leaker Edward Snowden is among many who believe Russian intelligence services are behind the compromise—Immunity's CTO David Aitel, for one, told Passcode he thinks the Shadow Brokers' release is a cyberdeterrent move aimed at dissuading US retaliation for Russian hacks of US political organizations.
What does not, however, point to Russian involvement is the bizarrely fractured English the Shadow Brokers use in their auction communiqués. No observers have found any plausible non-native English syntax that matches the Brokers' prose. Rather, it reads like something thrown together by a screenwriter.
Other speculation continues to center on the possibility that disgruntled or compromised insiders were responsible for the leak. Those adhering to this theory point to aspects of the leaked files they think would be inaccessible to anyone lacking physical access to NSA facilities.
Malicious insiders have been problematic elsewhere. Studies show companies uneasy about their ability to detect and manage insider threats, and the arrest of a Sage employee at Heathrow Airport on charges of stealing customer data gives point to such concerns.
Brian Krebs reports that unwanted emails are flooding the in-boxes of users with dot-gov addresses. The emails, mostly newsletters, amount, some are saying, to a denial-of-service operation. The problem is beginning to manifest itself outside the dot-gov domain.
Notes.
Today's issue includes events affecting Canada, China, Germany, Iran, Russia, Turkey, Ukraine, United Kingdom, and United States.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Jonathan Katz, representing our partners at the University of Maryland. He'll talk about reverse engineering encryption. Our guest is Delta Risk's Chris Fogle, who'll share perspective on board responsibility for cyber security. (As always, if you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Security Experts Agree: The NSA Was Hacked (Technology Review) Analysis of the software tools made available by the Shadow Brokers suggests that they’re the real deal
The NSA Hack: Who Did It and Why? (Bloomberg via Yahoo! Finance) When Edward Snowden disclosed surveillance secrets from the U.S. National Security Agency in 2013, it was a clear case of whodunit, a mystery that was solved when the former NSA contractor gave an interview to The Guardian newspaper from his Hong Kong hotel room. This week’s leak of high-tech hacking tools, however, is less straight forward
Russia emerges as prime suspect in apparent NSA hack (Christian Science Monitor Passcode) A previously unknown group dumped a cache of hacking tools on the web that appear to be from the National Security Agency. Now, cybersecurity experts say Moscow is once again behind a cyberattack on the US
Snowden Claims Russia is Behind NSA Hack (Infosecurity Magazine) Former NSA contractor Edward Snowden has claimed that the Kremlin is most likely behind the recent cyber-attack on what is thought to be an NSA C&C server, and is using the data as leverage against a possible retaliation for the state-sponsored campaign against the Democrat party
Here's why the NSA won't release a 'smoking gun' implicating Russia in these major hacks (Business Insider) Was Russia behind the massive hack of the Democratic National Committee, or the latest breach of what appears to be the NSA's elite hacking unit?
The NSA Data Leakers Might Be Faking Their Awful English To Deceive Us (Motherboard) Nobody knows who’s hiding behind the moniker of The Shadow Brokers, the mysterious group who earlier this week dumped a slew of hacking tools belonging to the NSA. Is it the Russian government? Is it actually a disgruntled rogue NSA insider?
Those Hacked NSA Malware Names Are Funny, But Don't Laugh Too Hard (Fortune) This isn’t some new Bond film—this is actually happening
Cisco, Juniper and Fortinet Investigate Zero-Day Claims (Infosecurity Magazine) Cisco, Fortinet and Juniper Networks have confirmed that they are investigating reports of zero-days in their products
Opinion: NSA hack reveals flaws in White House zero-day process (Christian Science Monitor Passcode) A potentially damaging hacking tool revealed in the apparent National Security Agency breach includes a zero-day vulnerability – or previously unknown security hole – in Cisco software. The government should have already disclosed that flaw
The NSA Has a New Disclosure Policy: Getting Hacked (Foreign Policy) Software vulnerabilities are the NSA’s best weapons, Silicon Valley’s worst nightmare, and a new target for hackers
How intelligence agencies undermine our computer security (Crikey) Our intelligence agencies are supposed to keep us safe -- so why do they deliberately keep IT security flaws secret from users?
The Clinton Foundation fear donation data stolen after suspected hack (International Business Times) Officials spotted 'indications' it was compromised by 'spearphishing' tactics
Utah congressman sees possible Russian cyberattack on U.S. elections (Deseret News) A Utah congressman sees the possibility for Russian computer hackers to disrupt the U.S. presidential election in November
WikiLeaks postings of Turkish emails included active links to malware (SC Magazine) WikiLeaks' practice of delivering unfiltered information to its readers backfired after a researcher discovered that its collection of leaked Turkish government emails contained over 300 active links to malware files hosted on the controversial site
Massive Email Bombs Target .Gov Addresses (KrebsOnSecurity) Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists. According to experts, the attack — designed to render the targeted inboxes useless for a period of time — was successful largely thanks to the staggering number of email newsletters that don’t take the basic step of validating new signup request
Retooled Locky Ransomware Pummels Healthcare Sector (BankInfo Security) Attackers increasingly favor ransomware over banking Trojans, FireEye says
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks (Threatpost) A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents
A Mysterious Message Is Warning Bitcoiners About a ‘State Sponsored’ Attack (Motherboard) The next version of Bitcoin Core, one of the most popular bitcoin wallets in existence, might be replaced with a malicious version courtesy of government-backed hackers, a warning on Bitcoin.org, the site that hosts downloads for Core, states
Compromising Linux virtual machines via FFS Rowhammer attack (Help Net Security) A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers
Malware Infected All Eddie Bauer Stores in U.S., Canada (KrebsOnSecurity) Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide
Former CEO Claims Swift Was Slow to Address Threats (Infosecurity Magazine) The under fire Swift banking messaging network took its eye off the ball in failing to prioritize cybersecurity over the past decade, especially when it came to its smaller members, according to a former CEO
SWIFT banking execs admit to ignoring security before hacks (Tech Target) The SWIFT banking system had a number of high profile hacks earlier this year and execs are now admitting that they ignored security issues until it was too late
3 Takeaways From The HEI Hotels And Oracle MICROS Breaches (Dark Reading) Attacks another reminder of the fragility of the US payment system
Microsoft is secretly stealing your data, says security expert (What Mobile) Top security expert for Plixer has discovered that Microsoft is secretly stealing data from its Windows 10 users
EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics (Threatpost) The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10
Dating Sites Hit By Luring Attacks from TOR (Infosecurity Magazine) An increase in luring attacks targeting dating sites via the TOR network has been uncovered
IPhone hackers pick wrong target — a UW expert (Waterloo Region Record) On-screen taunt gives encryption specialist time to thwart attack
Beware; Hackers targeting Pokemon Go Users with Smishing Scam (HackRead) Pokemon GO game inspiring one scam after another — after malware and RAT infected apps here comes Pokemon GO smishing (SMS phishing) scam
Security Patches, Mitigations, and Software Updates
GPG Patches 18-Year-Old Libgcrypt RNG Bug (Threatpost) New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator
Cyber Trends
The state of security? No one cares about a breach (Help Net Security) In an election year, everyone asks the question about whether or not you are better off than you were four years ago. There are many ways to answer such a question, and various people make arguments from various angles and data points
Check Point Research Shows Drop in Traditional Malware, Rise in Mobile Malware (Yahoo! Finance) Check Point® Software Technologies Ltd. ( NASDAQ : CHKP ) today revealed the number of active malware families decreased by 5 percent, as the company disclosed the most prevalent malware families attacking organizations' networks in the month
Banking customers hesitant to use mobile features due to security concerns (Help Net Security) Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding
Report: Mid-market companies grow more comfortable with cloud security risks (ZDNet) A Deloitte survey shows that security risks are no longer the leading concern influencing cloud adoption
Legacy security hinders productivity, Okta says (IT Pro Portal) Most organisations genuinely believe offering the best technology results in better business productivity. However, the ‘traditional on-premise security mindsets’ are in the way
Is security enabling or compromising productivity? (Help Net Security) While most organizations fundamentally believe connecting people to the best technology is vital to business productivity, many struggle to achieve agility due to traditional on-premise security mindsets, according to an Okta survey of 300 IT and security professionals
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware (Dark Reading) Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software
As Industry 4.0 Marches on, the Manufacturing Sector Must be Better Prepared for Cyber-Attacks (Infosecurity Magazine) The idea of factories full of driverless forklifts and collaborating robot workers was once the stuff of pure science fiction, but has now become the common reality for smart factories around the world. The futuristic new order of things was demonstrated at this years’ Hannover Messe, the leading international trade fair for industrial technology
Marketplace
Should Enterprise Security Software Be under Warranty? (eSecurity Planet) Should enterprise security software offer warranties, much as consumer products and services do?
Cloud security market in the retail sector expected to grow (Help Net Security) The global cloud security market in the retail sector is expected to grow at a CAGR of close to 21% until 2020, according to Technavio
NEC Acquires Brazil-Based IT Security Business Arcon (ACN Newswire) NEC Corporation (NEC; TSE: 6701) today announced that NEC Latin America concluded an acquisition agreement for Brazil-based IT Security business Arcon Informatica S.A. (Arcon) as part of reinforcing IT Services in the region
Wipro invests $1.5 mn in Israeli cybersecurity company (The Hindu) India’s third largest software services provider Wipro has invested $1.5 million to acquire minority stake in Tel Aviv based cyber security platform provider Insights Cyber Intelligence Limited
Rakuten buys struggling bitcoin startup Bitnet to create a ‘blockchain research lab’ (TechCrunch) Rakuten has confirmed that it has acquired the assets of Bitnet, a bitcoin wallet startup it invested in, which will be used to create a ‘bitcoin lab’ for the Japanese retail giant
U.S. Grants ZTE Another Extension of Trade-Sanctions Relief (Wall Street Journal) Company allegedly violated rules restricting exports of U.S. tech goods to Iran
Government of Canada Selects Fortinet to Secure Its Information Technology Infrastructure (Yahoo! Finance) Andy Travers, senior vice president, sales USA and Canada, Fortinet: "Fortinet has a long-standing history of working with the Canadian market"
US bike giant Trek selects Darktrace (Business Weekly) US company Trek Bicycle Corporation has opted to defend its critical information with innovative, self-learning technology from cyber security specialist Darktrace in Cambridge
Products, Services, and Solutions
Forcepoint to help Singapore companies prevent insider threats (MIS Asia) Forcepoint - a global cybersecurity provider - has launched SureView Insider Threat to help Singapore companies accelerate their efforts to prevent insider threats
Twitter’s Anti-Abuse Filter Is Finally Available to All (Motherboard) In my seven years on Twitter, about four of them active, I have been subjected to sexism, racism, threatening language, and cyberstalking. And I’m hardly an exception to what millions of users experience while trying to have an otherwise delightful and informative day. But for almost a decade, Twitter has refused to get involved in any sort of meaningful way
Technologies, Techniques, and Standards
Voting Machines Are a Mess—But the Feds Have a (Kinda) Plan (Wired) America's voting machines are a patchwork of systems spread across thousands of districts, with widely varying degrees of accountability. It’s a mess. One that the Department of Homeland Security has finally committed to helping clean up
Security Against Election Hacking - Part 1: Software Independence (CircleID) There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election?
Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense! (CircleID) State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked
Researchers pinpoint best times for delivering security messages (Help Net Security) When is the best time to deliver a security message?
Deutsche Cyber-Sicherheitsorganisation unterstützt Unternehmen bei Abwehr von Gefahren aus dem Netz (Presseportal) Am Mittwoch haben sechzehn namhafte deutsche Unternehmen den wachsenden Bedrohungen für die Cybersicherheit der Wirtschaft den Kampf angesagt
The Case for Managed Security Monitoring (IBM Security Intelligence) Given all the challenges facing security professionals, as well as ever-present compliance mandates, security monitoring is a must. It certainly starts with log aggregation and security information and event management (SIEM), although many organizations are looking to leverage advanced security analytics, either built into their SIEM or using third-party technology, for better and faster detection
China's Quantum Satellite Might Be a Step Back for Communication Security (Caixin Online) Quantum communication makes it easier for hackers to prevent effective information sharing because they can destroy a message by simply eavesdropping on it
Access governance holds the security line (Help Net Security) We must continue to hold the line, and we are, in this war on information security. We must continue to find our stride and take steps forward in regard to technology advancement especially as related to identity and access governance solutions
Data Classification For the Masses (SANS Internet Storm Center) Data classification isn’t a brand new topic. For a long time, international organizations or military are doing "data classification". It can be defined as: "A set of processes and tools to help the organization to know what data are used, how they are protected and what access levels are implemented"
Design and Innovation
Using Cybernetics to Tell the Security Story (InfoRisk Today) CISO Sam Lodhi explains how new models can get board's attention
Research and Development
Netskope nabs another patent for CASB technology (TechTarget) Netskope recently obtained a second cloud security patent for its CASB platform, one that could prove extremely beneficial in an increasingly competitive cloud security market that puts a premium on intellectual property
Academia
Massachusetts Invests Millions in Cybersecurity (Infosecurity Magazine) Massachusetts has announced a $5 million grant for cybersecurity that will be used to bolster cyber-research and the computing technology used by the University of Massachusetts
Legislation, Policy, and Regulation
Turkey fury over Islamism claims in leaked German report (BBC) The Turkish government has reacted angrily to a leaked German government document that suggested Turkey has become a platform for Islamist groups
Cardin: Cybersecurity still top priority, needs more attention (FCW) The ranking member of the Senate Foreign Relations Committee said cybersecurity remains one of the top priorities for his state
DOD Unveils Bold Road Map to Modify IT and Cybersecurity Approaches (SIGNAL) New document lays out plans for department-wide operating system, use of CACs, data center consolidation and migration to cloud services
Army acquisition official: Cyber, EW pose enterprise challenges (C4ISRNET) The ability to work through cyber or electronic warfare attacks is dependent upon two factors: understanding systems and categorizing what’s most critical
Litigation, Investigation, and Law Enforcement
Twitter says it shuttered 235k accounts linked to terrorism in 6 months (Ars Technica) There is no "magic algorithm" for identifying extremist content, company says
Twitter Says It Suspended 360,000 Suspected Terrorist Accounts in a Year (Wired) Twitter is still actively combating terrorism on its platform, and it wants you to know so. Really and truly, the company says, it is making progress
Public Summary Report: Wireless Penetration Test of Centers for Medicare & Medicaid Services' Data Centers (Office of Inspector General US Department of Health and Human Services) We performed a wireless penetration test of select Centers for Medicare & Medicaid Services' Data Centers and facilities to determine whether CMS's security controls over its wireless networks were effective
OIG Report Finds Vulnerabilities in Medicaid Services Agency (Threatpost) Vulnerabilities exist in systems that belong to the Centers for Medicare & Medicaid Services, a federal agency that’s part of the United States’ Department of Health and Human Services. If exploited the bugs could result in the disclosure of personally identifiable information and the “disruption of critical operations,” a government watchdog warned this week
Hillary Clinton Told F.B.I. Colin Powell Advised Her to Use Private Email (New York Times) Pressed by the F.B.I. about her email practices at the State Department, Hillary Clinton told investigators that former Secretary of State Colin L. Powell had advised her to use a personal email account
Emails show Trump advisers waged covert influence campaign on behalf of Ukrainian leaders (Chicago Tribune) A firm run by Donald Trump's campaign chairman directly orchestrated a covert Washington lobbying operation on behalf of Ukraine's ruling political party, attempting to sway American public opinion in favor of the country's pro-Russian government, emails obtained by The Associated Press show. Paul Manafort and his deputy, Rick Gates, never disclosed their work as foreign agents as required under federal law.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
Upcoming Events
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.
ISAO SO Public Forum (Tysons, Virginia, USA, Aug 31 - Sep 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.
cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers