Shadow Brokers and hybrid warfare. ISIS to run online hacking tutorials. BHU router vulnerabilities. Deception technology market expected to grow. Wassenaar expected to tone down controls on "intrusion software."
The security community continues to follow the Shadow Brokers incident with close attention. Speculation continues to point to Russian intelligence services as the fons et origo of the compromise, which is now generally regarded as genuine. No further leaks have appeared; no one has ponied up the half billion dollars the Shadow Brokers are asking for. There has been some bidding on the unreleased files, but nothing approaching the asking price. ZDNet reports seeing Bitcoin wallets seized from Silk Road in the bidding, which leads some to speculate that the US Government is in on the action.
The compromise prompts discussion of hybrid warfare, cyber deterrence, and retaliation.
The Shadow Brokers incident also continues to stoke concerns about election hacking. Statements from US election officials (state and local, since that's the level at which elections are managed) seek to reassure but seem largely to have failed to assuage fears of compromised voting.
ISIS is attempting to organize online hacking tutorials. Since such tutorials are likely to concentrate on known vulnerabilities and commodity exploits, enterprises are advised to shore up basic digital hygiene.
Some users are calling for a "general strike" against Tor to protest the service's investigation and ouster of a high profile Tor activist.
IOActive identifies multiple vulnerabilities in BHU routers.
Industry analysts see a coming rapid expansion in the deception technology market.
The next round of Wassenaar cyber arms control talks is scheduled for September. It's expected to narrow the scope of "intrusion software" controls industry found objectionable.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Czech Republic, Georgia, Hungary, Russia, Taiwan, Ukraine, United Kingdom, and United States.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today John Leiseboer from our partners at Quintessence will discuss cryptographic and key management standards. Our guest, Michael Marriott from Digital Shadows, will describe the deer.io online malware market. (And if you enjoy the podcast, by all means consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Snowden Docs Support Claim NSA Cyberweapons Stolen, Report Says (ABC News) Documents stolen from the National Security Agency by former contractor Edward Snowden support the claim that the cyberweapons apparently pilfered from the espionage agency and put up for auction online this week are the real deal, according to a report in The Intercept
Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet, and Snowden Docs Confirm (Hacker News) Last week, a group calling itself "The Shadow Brokers" published what it said was a set of NSA "cyber weapons," including some working exploits for the Internet's most crucial network infrastructure, apparently stolen from the agency's Equation Group in 2013.
How the NSA snooped on encrypted Internet traffic for a decade (Ars Technica) Exploit against Cisco's PIX line of firewalls remotely extracted crypto keys
Seized Silk Road wallet payments in Shadow Brokers exploit auction come under scrutiny (ZDNet) UPDATED: Is the US government at play, or are these payments no more than spam?
Hackers say leaked NSA tools came from contractor at RedSeal (CSO) A note published Friday says the group wanted to disclose at DEF CON
Kaspersky’s Analysis of Equation Group’s RC6 is Wrong (Stephen Checkoway) Kaspersky Lab recently published a blog post Rare implementation of RC5/RC6 in ‘ShadowBrokers’ dump connects them to Equation malware in which they analyze the RC6 block cipher implementation used in the recent ShadowBrokers release and compare it to the earlier Equation Group malware they found. They conclude that since all of the implementations they examined contain an RC6 constant in its negated form, it must be from the same authors since that’s so unusual. Their analysis is wrong
Responding to the Shadow Broker Vulnerabilities (RedSeal) The latest revelations about firewall vulnerabilities stolen and leaked by the Shadow Brokers are very scary, but not all that new. We learn about the release of a major infrastructure vulnerability about once every six months or so. Organizations that have learned to focus on resilience — knowing their network and how to operate through a threat — are in the best position to respond
Suspected leak shines spotlight on the NSA's conflicting missions (Baltimore Sun) A top National Security Agency official revealed this month that the agency's staff had rushed to the scene of virtually every major hack of a government computer network in the past two years
NSA-linked hackers hoard malware secrets. What could possibly go wrong? (Los Angeles Times) Emerging out of the blue, a cryptic online group that calls itself the Shadow Brokers claims that it has purloined a cache of cyber burglary tools from a little known but highly skilled hacking operation dubbed the Equation Group. The Shadow Brokers made some of the tools available for free, but announced that it would auction off the rest — with a goal of more than half a billion dollars
Cisco ASA SNMP Remote Code Execution Vulnerability (SANS Internet Storm Center) Looking back through all the vulnerabilities announced this week, one caught my eye. CVE-2016-6366 is a vulnerability in the Cisco ASA products which could allow a remote attacker to remotely execute code. This vulnerability is part of the Equation Group disclosures and was not previously known by Cisco. The vulnerability is in the SNMP code on the ASA and would allow an attacker with knowledge of the SNMP community string to send crafted IPv4 SNMP traffic which could be used to reload the system or possibly exploit the system to gain control
NSA leak rattles cybersecurity industry (Christian Science Monitor Passcode) The National Security Agency stockpiled sophisticated tools designed to penetrate commonly used security software. Now that hackers have revealed some of those techniques, companies are left scrambling to secure their systems
A Cyber-Attack on a U.S. Election is Inevitable (Huffington Post) Since Direct Recording Electronic voting machines first came into vogue in the U.S. in 2002, a team of cyber-academics (known as the Princeton Group) has been busy demonstrating how easy it is to hack these machines, to remind American citizens just how cyber-vulnerable the voting process is
Elections official: Voting system is secure from cyber attack (Jacksonville.com) Clay County as well as the rest of Florida’s voting system is secure from cyber attacks, says Chris Chambless, president of the Florida State Association of Supervisors of Elections and Clay County supervisor of elections
Why Cybersecurity is a Management Problem for Campaigns (Campaigns and Elections) Republicans have made hay out of the Democrats’ recent hacking woes, but the GOP isn’t immune from cybersecurity breaches. Just this past weekend there were reports of Russian hackers dumping emails from Republican campaigns and operatives
Project Sauron has Been Spying on Governments for 5 Years (Infosecurity Magazine) Project Sauron, the sophisticated information exfiltration malware, has been spying on government computers and computers at major organizations for over five years
Isis members share 'how to hack' tutorials encouraging supporters to target western intelligence (International Business Times) The online course is aimed at creating an army of cyber-soldiers to add to the numbers of Isis-affiliated hacker groups
How ISIS noobs are trying to become hackers (Daily Dot) An online course on Kali Linux is being promoted by the main ISIS forum, but there is no reason for immediate concern
Darknet: Where Your Stolen Identity Goes to Live (Dark Reading) Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves
Bitcoin.org Suspects State Sponsored Attacks on Bitcoin Core Release (News BTC) Bitcoin.org has posted a notice on the website warning the Bitcoin community about a potential attack by state-sponsored hackers targeting Bitcoin Core release
A 'Tor General Strike' Wants to Shut Down the Tor Network for a Day (Motherboard) Last month, the Tor Project announced that an internal investigation had confirmed allegations of sexual misconduct against high profile activist Jacob Appelbaum. Now, a few members of the community are calling for a “Tor general strike,” in part to protest how that investigation was handled
Taiwan’s defence university computers hacked (The Star) The National Defence University (NDU) in Taiwan confirmed that its computer system had been hacked in July but said that no classified information had been stolen
Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers (Threatpost) Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS commands with root privileges via a hardcoded root password
Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?) (Wired) Facial recognition makes sense as a method for your computer to recognize you
New Brazilian Banking Trojan Uses Windows PowerShell Utility (Threatpost) Microsoft’s PowerShell utility is being used as part of a new banking Trojan targeting Brazilians. Researchers made the discovery earlier this week and say the high quality of the Trojan is indicative of Brazilian malware that is growing more sophisticated
New Trojan Turns Linux Devices into Botnet (HackRead) New Linux Trojan turns infected Linux devices and websites into P2P botnets and threatens users with DDoS and ransom
Symantec Paws at ZeroAccess Botnet (Technology) Symantec has removed more than 500,000 infected PCs from the botnet created by the ZeroAccess Trojan
7 Cases When Victims Paid Ransom to stop cyber attacks (HackRead) These cases include ransomware infection and DDoS attacks
Why The Windows Secure Boot Hack Is a Good Thing (Bitcoinist) If you even casually follow security news, you’re aware that the key governing Microsoft Secure Boot has been found, exploited, and Secure Boot as a “feature” has been rendered meaningless. I’m here to tell you that this is a good thing
The ABC of Cybersecurity: R is for Rootkit (Hot for Security) Rootkits are some of the most sophisticated breeds of malware that currently exist on the market. For years, security solutions have struggled with detection and removal, mostly because rootkits compromise the operating system at such a low level, that they can hide their presence from both anti-malware solutions and the operating system itself
Colleges and universities see an uptick in denial-of-service attacks (EdScoop) The good news: Higher education is not high on the list of targets by criminal actors
Twitter account of WikiPedia Founder Jimmy Wales Hacked by OurMine (HackRead) OurMine hackers have found their new target and this time it’s Wikipedia co-founder Jimmy Wales
Eddie Bauer Reports Intrusion Into Point Of Sale Network (Dark Reading) Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised
Man hacks Android app to get free beer (Naked Security) Here’s a great one for a Friday afternoon: FREE BEER!
Five Cybersecurity Dangers To Worry About This Week (Forbes) Cyberattacks have become so common that they tend to fade from view. But for head-in-the-sand executives who believe they have better ways of spending their time and money, here’s a wake-up call
Attackers don't need vulnerabilities when the basics work just as well (CSO) Weak passwords and network access controls do more harm than malware
The Blurring Line Between Cyber and Physical Threats (Cipher Brief) Every day, the line between cyber-threats and physical threats grows thinner – blurring the crucial distinction between attacks on networks and attacks on materials objects
A closer look at IT risk management and measurement (Help Net Security) IT risk managementIn this podcast recorded at Black Hat USA 2016, Casey Corcoran, Partner, FourV Systems, talks about the most significant trends cyber security and risk management
Cybersecurity Is Broken And The Hacks Are Going To Just Keep Coming (BuzzFeed) “No one in the industry is incentivized to actually fix it”
Verizon 2016 DBIR: Known Attack Methods Remain Security’s Achilles' Heel (CIO) Companies must begin addressing security proactively, not as an afterthought
Traditional Security No Longer Adequate to Protect Industrial Environments from Cyber Threats (ARC) At the recently concluded ARC India Forum, Industry in Transition: Navigating the New Age of Innovation in Bangalore, silver sponsor, Kaspersky Lab explained about cyberattacks and threats, and challenges in industrial control system (ICS) environments
Opinion: Cracking the cybersecurity gender code (Christian Science Monitor Passcode) Attracting more women into the male-dominated cybersecurity field means ditching the bro pipeline of computer science, military, and intelligence recruits and drawing from disciplines such as law and public policy
The deception technology market is exploding (Help Net Security) The global deception technology market is expected to generate a revenue of USD 1.33 billion by 2020, according to Technavio
Cyber Security Market to Grow at CAGR 8.3% Till 2021 Says TechSci Research Report (PRNewswire) Increasing cyber-attacks on the critical infrastructure has rendered worldwide security at risk. The prime motive behind these attacks is to gain access to financial information and retrieve sensitive information related to an organizations' operational strategies, government defense moves, etc
5 Channel Ops: Cisco Layoffs Overstated, Verizon Launches One Talk, Imperva Revamps Partner Program (Channel Partners) Reports of Cisco laying off 14,000 employees greatly overstated the impact of the company’s decision to invest more in – according to CEO Chuck Robbins – security, IoT, collaboration, next-generation data center and cloud. On Cisco’s Q4 analyst call this week, EVP and CFO Kelly Kramer said that the restructuring action “will impact up to 5,500 employees, representing approximately 7 percent of our global workforce"
Cisco System’s Security Segment: Its Performance in Fiscal 4Q16 (Market Realist) In fiscal 4Q16, Cisco (CSCO) continued to maintain significant YoY (year-over-year) growth of 16% in its network security business segment. Deferred revenue rose 29% YoY driven by Cisco’s ongoing shift from hardware to more software and subscription services. Revenues rose from $466 million in fiscal 4Q15 to $540 million in fiscal 4Q16
Cisco Systems Earnings Show a Company in Transition (Madison.com) Cisco Systems (NASDAQ: CSCO) is best-known for providing the IT hardware (switches and routers) that drive the internet, but investors may need to rethink that view in the future. The company's fourth-quarter results, which were reported Aug. 17, reveal a company generating growth from its non-core product offerings while continuing its transition toward more software and subscription revenue. Let's take a look at trends investors should watch
CyberArk Software Ltd. Delivers 39% Revenue Growth (Motley Fool) The company continues to enjoy strong demand for its "privileged account" security solutions, which help to protect against the most advanced cyberthreats -- those that use insider privileges to penetrate network perimeters and attack the most vital aspects of an enterprise's IT infrastructure
How Risky is FireEye Inc Stock? (Motley Fool) Breaking down the two biggest concerns for investors right now
Symantec (SYMC) Stock Advancing, Upgraded at Citi (The Street) Symantec's (SYMC) stock rating was boosted to 'buy' from 'neutral' at Citi on Friday
Chinese approval clears the way for Dell's huge EMC buy (PCWorld) Regulators in China reportedly have approved the estimated $67 billion acquisition
Dell Exec: SonicWall Will Be 'All About The Channel' After Sale To Private Equity (CRN) Dell SonicWall's sale to private equity will allow the network security division to be more channel-friendly than ever before, said a company executive Sunday to solution providers attending 2016 XChange University IT Security
Virtru Closes $29 Million Series A Round Led by Bessemer Venture Partners (MarketWired) Business privacy leader to launch new product lines, scale operations worldwide, and extend its data security platform
Gold Coast Commonwealth Games could swap sponsorship for cyber protection (IT News) Security supplier sought for high-profile event
Products, Services, and Solutions
Huawei Guarantees Two Years Of Software And Security Updates For Honor Smartphones (Hot Hardware) If you have been eyeing the recently-introduced Honor 8 smartphone, you are in luck. Huawei is now guaranteeing two years of software and security updates for Honor devices. Huawei is the third largest telecommunications manufacturer in the world
Technologies, Techniques, and Standards
Dell: Machine learning security hard to explain, harder to beat (Tech Target) Dell's Brett Hansen explains why machine learning security is better than signature-based detection and how it can stop emerging threats
The Right Way to Present a Business Case for Cybersecurity (Healthcare Informatics) There’s an ever-increasing number of threats to healthcare information. Healthcare information is more valuable and visible than ever; and, at the same time, more vulnerable than ever. You feel responsible and, as the CISO, you are responsible for its security
Internet Voting Leaves Out a Cornerstone of Democracy: The Secret Ballot (Technology Review) Maintaining the secrecy of ballots returned via the Internet is “technologically impossible,” according to a new report
Bitcoin Exchanges Should Consider Integrating Microsoft Authenticator (News BTC) Keeping in mind how this solution is available on iOS as well, it would make sense for Bitcoin exchanges to integrate it
Why smart companies don’t sweat the SSL stuff in DDoS defense (Networks Asia) The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks
Passwords, biometrics and multi-factor verification: What businesses need to know (Help Net Security) Verifying identity is a double headache for small businesses
Your Security Team is Outgunned: Where's the Help? (Government Technology) Most experts believe the good guys continue to fall further behind in our global hacker wars. So how did we get to this point in cyberspace? Most important, where can you go for help in this new Wild West online?
Improving Cybersecurity Through Human Systems Integration (Small Wars Journal) Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges we face as a nation. --2010 National Security Strategy
Design and Innovation
Why people ignore security alerts up to 87% of the time (Naked Security) Developers, your security warnings are messing with people’s brains, and not in a good way
Research and Development
WiFi Signals Can ID Individuals by Body Shape (Motherboard) With the Internet of Things slated to have tens of billions of connected devices by 2020, one of the most crucial design considerations for internet-connected products is figuring out how to seamlessly integrate these devices into everyday life
Open sourced: Cyber reasoning system that won third place in DARPA’s Cyber Grand Challenge (Help Net Security) Earlier this month, the DARPA-backed Cyber Grand Challenge (CGC) has shown that a future in which computer systems will (wholly or partially) replace bug hunters and patchers looms near
Wanted: Students to enter cybersecurity field (UPI) The number of universities offering cybersecurity education has soared to more than 200 with support from both the federal government and private industry. But getting students interested in the field and retaining faculty tempted by higher-paying jobs stand in the way of filling the country's cybersecurity talent shortage
For Security Pros, Time to Head Back to School (CIO Insight) Continuing education is a requirement in many fields, but programs to sharpen IT security skills are severely lacking within the cyber-security field
Legislation, Policy, and Regulation
Russia Is Winning the War Before the War (Real Clear Defense) Most Americans don’t know we’re at war; we are, and Russia is winning. Americans think war starts with a formal declaration of war, though this hasn’t happened since December 1941
Tit-for-Tat: Cyber Retaliation (Infosecurity Magazine) Many will be well-versed with the biblical adage: an eye for an eye, a tooth for a tooth
Upcoming Wassenaar meeting (Inside Defense) As a September technical meeting of Wassenaar export control group countries draws closer, sources believe members of the arms control organization will coalesce around language narrowing the scope of a specific technology control stemming from the 2013 definition of "intrusion software" that has drawn the ire of the U.S. cybersecurity industry, Inside U.S. Trade reports
A Cyber Agency for Cyber Terror (Institute for Defence Studies and Analyses) Cyber espionage in India is not a new concept but has been in existence for the last decade. It may be carried out by an insider or an outsider by exploiting the vulnerabilities in the cyber security of an organisation
Police chiefs: we need the right to decrypt your stuff (Naked Security) The maple leaf. Hockey. Tim Horton’s donuts. Forced decryption?
White House cyber response plan raises further questions (Federal News Radio) The Obama administration wants federal agencies to have an organized response plan in place before a major cyber attack hits, but cyber officials wonder how soon that strategy will take effect
U.S. Can't Afford to 'Wait for a Cyber Catastrophe,’ Says U.S. Representative (GovTech) Rep. David McKinley will take messages from a West Virginia forum to Washington, D.C., in hopes of creating funding to support cybersecurity
After Shadow Brokers, should the NSA still be hoarding vulnerabilities? (Verge) Companies had to scramble to patch bugs from the latest leak
Why The NSA's Vulnerability Equities Process Is A Joke (And Why It's Unlikely To Ever Get Better) (TechDirt) Two contributors to Lawfare -- offensive security expert Dave Aitel and former GCHQ information security expert Matt Tait -- take on the government's Vulnerability Equities Process (VEP), which is back in the news thanks to a group of hackers absconding with some NSA zero-days
Everything You Know About the Vulnerability Equities Process Is Wrong (Lawfare) The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities
NSA seeks to reassure on merging cyber defense, offense (FedScoop) Officials at the huge spy agency say, despite concerns, a coming reorganization will not impact their work to defend U.S. computer networks from hackers and cyberspies
Litigation, Investigation, and Law Enforcement
Belgium Called In The NSA To Help Catch Paris Attacker (BuzzFeed) A breakthrough in the four-month-long manhunt for key suspect in the Paris attacks only came when Belgian officials asked the NSA for assistance
The Jihadi Joker, Anjem Choudary, Was a Terror Mastermind (Daily Beast) For 20 years, long before ISIS, he abetted terror plots in the U.K. and around the world. Now that he’s in jail, will he continue his work there?
Kid who DDoSed Aussie bank, cyber crime unit walks free (HackRead) An Australia teen who was behind a series of powerful DDoS attacks on banking, government, and school servers will not face any charges whatsoever
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
Disrupt London (London, England, UK, Dec 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
CISO New Jersey (Hoboken, New Jersey, USA, Aug 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
Cyber Jobs Fair (San Antonio, Texas, USA, Aug 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.
CyberTexas (San Antonio, Texas, USA, Aug 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.
ISAO SO Public Forum (Tysons, Virginia, USA, Aug 31 - Sep 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.
cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers