Leaked exploits "test-driven" in the wild. Huawei may be affected by Shadow Brokers' leaks. Russian intelligence hacks New York Times, other news outlets. Clinton-era State Department emails investigated. Gaming sites under attack. France, Germany say "boo" to encryption.
Cisco (whose Product Security Incident Response Team chief told FedScoop "as you can imagine, we have all hands on deck for this") and FireEye report that Shadow Brokers' leaked exploits being "test-driven" in the wild.
Comae says Huawei should be added to the short list of companies affected by the published vulnerabilities, joining Cisco, Fortinet, and Juniper Networks.
Speculation (not crazy, but a little overheated) about the source of the leaks turns again to chatter about a GRU mole at Fort Meade.
The New York Times acknowledges that it's been the subject of successful Russian hacking. The paper's Moscow Bureau seems most directly affected, and other news organizations are said to have received similar ministrations. The FBI is investigating.
Fallout from Russian penetration of Democratic Party networks turns up in Republican attack ads.
Investigation of Democratic Presidential nominee Clinton's State Department era emails continues; the focus is on interaction with the Clinton Foundation.
Wikileaks draws more unfavorable attention for indiscriminately dumping personal information about people who aren't remotely public figures.
The Goznym banking Trojan moves west, from Polish to German banks.
Gaming sites are under attack: first Epic, now Blizzard Entertainment and Grand Theft Auto.
Ransomware has been troubling British universities and enterprises in the Netherlands. There's now a decryptor for Wildfire, the strain active in the Netherlands, courtesy Intel Security and Kaspersky Labs.
In industry start-up news, ThreatQuotient raises $12.5 million; Logikcull and Auth0 raise $10 million and $15 million respectively.
France and Germany want Europe-wide restrictions on encryption.
Notes.
Today's issue includes events affecting Australia, Austria, Canada, China, Denmark, European Union, France, Germany, India, Iran, Iraq, New Zealand, Norway, Poland, Russia, Sweden, Syria, United Kingdom, and United States.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we talk about fog computing with Malek Ben Salem from our partners at Accenture Technology Labs. (If you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Random hackers are taking NSA-linked cyber weapons for a test drive (FedScoop) “Most of these exploits, I mean, just about anyone with a college computer science degree can run them, honestly,” said one expert
NSA Targeted Chinese Firewall Maker Huawei, Leaked Documents Suggest (Motherboard) When the mysterious Shadow Brokers dumped a cache of hacking tools used by an NSA-linked group last week, researchers quickly identified a number of the spy agencies’ targets, including American security companies like Cisco, Juniper, and Fortinet
NSA-linked Cisco exploit poses bigger threat than previously thought (Ars Technica) With only a small amount of work, ExtraBacon will commandeer new versions of ASA
Cisco Exploit Leaked in NSA Hack Modifies to Target Latest Version of Firewalls (Hacker News) Recently released NSA exploit from "The Shadow Brokers" leak that affects older versions of Cisco System firewalls can work against newer models as well
Hacking the hackers: everything you need to know about Shadow Brokers' attack on the NSA (Wired) A mystery group claims to be selling malware and tools used by America's National Security Agency
The Real Russian Mole Inside NSA (Observer) The media has finally noticed that the National Security Agency has a problem with Kremlin penetration
Report: Russian Hackers Target New York Times (Foreign Policy) Every day, the scope of alleged Russian hacking against U.S. organizations widens. On Tuesday, CNN reported that the FBI is investigating hackers believed to be working for Moscow who “carried out a series of cyber breaches targeting reporters at the New York Times and other U.S. news organizations"
Journalists are easy targets for hackers, and that shouldn't surprise anyone (CSO) Each email or meeting is a potential compromise waiting to happen
Democrats cry foul as internal memo leaked by hacker cited in GOP attack ad (Washington Times) The official fundraising wing of House Democrats accused its Republican counterpart of aiding the Russian government Tuesday after the GOP used a leaked Democratic Party document as ammo in a new ad
Private lives are exposed as WikiLeaks spills its secrets (AP) Its scoops have rattled the Saudi foreign ministry, the National Security Agency and the U.S. Democratic Party. But WikiLeaks' spectacular mass-disclosures have also hit hundreds of average people — including sick children, rape victims and mental patients — who just happened to find their personal information included in the group's giant data dumps, The Associated Press has found
Chinese cyber spies may be watching you, experts warn (CNN) About a year ago, China and the United States formally agreed not to conduct or knowingly support the cyber theft of each other's intellectual property
Are hi-tech spies stealing all your firm's secrets? (BBC) Last weekend's reports about the New Zealand rugby team's discovery of a listening device sewn in to a hotel meeting room chair, have illustrated just how much spying technology has advanced in recent years
Android: Neuer Infektionsweg (Das Sicherheitsmagazin) "Mobile Malware Report":Neue Ransomware bedroht Android-Geräte Durch Drive-by-Infektion: Malware gelangt auf das Mobilgerät
GozNym Banking Trojan Targeting German Banks (Threatpost) GozNym’s Euro trip rolls on. Fresh from targeting banks in Poland, the banking Trojan has reportedly begun taking aim at banks in Germany
Dridex Resurfaces to Make New Smaller Spam Outbreaks (Spamfighter News) The Dridex gangsters or those cyber criminals responsible for the banker Trojan Dridex have been somewhat silent starting middle of June 2016 approximately when Necurs another botnet the Dridex cyber criminals run was terminated only to re-emerge following a 3-week period
CryptXXX Ransomware Emerges For a Slice of the Pie (Fortinet) Recently, a new variant of the ransomware family named CryptXXX has begun circulating around the web. Fortiguard Research Lab has discovered several new variants during the life of this family of attacks. In this blog we will discuss a particular variant, which arrived in the form of an executable (.exe), as opposed to previous variants that were based around dynamic-link library (.dll) files
UK universities hit repeatedly with ransomware, one over 21 times! (Help Net Security) 63 percent of UK universities have been hit by ransomware – most of them multiple times, and Bournemouth University a total of 21 times in the last year, SentinelOne has found
Hit-And-Run Tactics Fuel Growth In DDoS Attacks (Dark Reading) A majority of organizations in Imperva DDoS study suffer multiple consecutive attacks
The New Frontier in Terror Fundraising: Bitcoin (Cipher Brief) When I worked as a counterterrorism analyst for the CIA, I always looked out for signs of terrorist groups adapting their methods. Now, as someone outside of government who analyzes how nefarious groups fund themselves, I am concerned about terrorists using innovative technologies to bolster their finances. And I recently came across a troubling case of terrorist financial innovation
Hackers can easily take over cellphone towers, researchers found (Help Net Security) Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations (BTS), i.e. the equipment that makes cellphone towers work
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption (Threatpost) RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish
US Ports Targeted with Zero-Day SQL Injection Flaw (Softpedia) Flaw in Navis WebAccess exposes port authorities to hacking
DNSSEC Servers Not So Secure (Industrial Safety and Security Source) Attackers can hijack improperly configured DNSSEC servers to carry out reflection DDoS attacks, researchers said
Blizzard Suffers Yet Another DDoS Attack (HackRead) Another day another victim of DDoS attack — this time, it’s the Blizzard Entertainment, Inc. is an American video game developer
Gamers Warned After Grand Theft Auto Forum is Hacked (Infosecurity Magazine) Grand Theft Auto fans have become the latest to be targeted by hackers after the personal details of an estimated 200,000 gamers were discovered being traded online
Epic Games Forums Hacked, SQL Injection Vulnerability Blamed (Threatpost) Epic Games is warning users of a breach that impacts 800,000 user accounts tied to the company’s online forums. On Monday, the game developer temporarily shut down many of its forums and advised users to change passwords on any accounts that shared the same credentials for some of its forums
Epic Games forum hack underscores the need to install security patches (CSO) The hack stole emails and hashed passwords from 808,000 users
Has your internet provider been compromised? Malicious insiders are helping cybercriminals hack telecoms firms (ZDNet) Hackers are using both willing and blackmailed staff at internet and phone providers to help them breach networks and steal data
Threat intelligence report for the telecommunications industry (SecureList) The telecommunications industry keeps the world connected. Telecoms providers build, operate and manage the complex network infrastructures used for voice and data transmission – and they communicate and store vast amounts of sensitive data. This makes them a top target for cyber-attack
Cyber criminals target holiday-related P2P media platforms (ComputerWeekly) Cyber criminals capitalise on the popularity of holiday-related media sites to spread malware
Security Patches, Mitigations, and Software Updates
VMSA-2016-0013 (VMware Security Advisories) VMware Identity Manager and vRealize Automation updates address multiple security issues
Cyber Trends
Proactive Defense: Understanding the 4 Main Threat Actor Types (Recorded Future) Understanding the four main threat actor types is essential to proactive defense
Ransomware and Business Email Compromise (BEC) Lead Year of Online Extortion (Trend Labs Security Intelligence Blog) Emails have become the battleground for the first half of the year in terms of security
How do you measure success when it comes to stopping Phishing attacks? (CSO) Experts offer their thoughts on measuring success when it comes to Phishing
Saving money on security software by improving cyber posture, report (SC Magazine) Spending big bucks is not always necessary for corporations to put a decent cybersecurity program in place
Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021. (Cybersecurity Ventures) This special report on cybercrime is sponsored by Herjavec Group, a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across Canada, the United States, United Kingdom and Australia
Forcepoint™ and Ponemon Institute Survey Finds Organizations Challenged when Monitoring Privileged Users, Preventing Insider Threats (PRNewswire) Survey reveals majority of IT operations and security managers believe access often extends beyond the needs of privileged users
The 2016 Study on the Insecurity of Privileged Users (Forecepoint) Did you know that privileged users often are your riskiest employees? What are they doing to put your data at risk?
The Australian blindspot to mobile security (ARN) New research shows business and consumers do not take app security seriously
Marketplace
Stand out from the crowd: What prospects look for when selecting a MSSP (Data Center News) An increasing number of enterprises have by and large accepted the concept of a Managed Security Service Provider (MSSP). And why not?
Unsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a Hot Market (FireEye Threat Intelligence) Risks posed by sensitive corporate communications, broadened attack surface
Cybersecurity Diligence Issues in Verizon-Yahoo Merger (Bloomberg BNA) The $4.83 billion deal for Verizon Communications Inc. to acquire Yahoo! Inc. will create one of the largest technology companies in the world. But the new mega-brand and other merging tech companies may come crumbling down if they aren't diligent in finding and patching cybersecurity deficiencies before and after the deal, mergers and acquisitions analysts told Bloomberg BNA
Accenture to acquire Australian cyber defence firm (IHS Jane's Defence Industry) US consultancy firm Accenture is set to acquire privately owned Australian company Redcore as part of its efforts to expand its presence in the Asia-Pacific cyber-defence market
Symantec Exec: Partners Are Critical To Our Success After Blue Coat Acquisition (CRN) Fresh off the closing of its blockbuster acquisition of Blue Coat Systems, Symantec channel leadership said the company is more committed than ever to its partners
Frost & Sullivan Applauds the Breadth of Symantec's Security Solutions As Well As Collaborations with Customers and Peers to Provide Customized Tools (PRNewswire) Symantec focuses on developing security solutions that are designed horizontally, but can be applied vertically
5 Reasons to Buy Cisco Systems Now (Motley Fool) The networking hardware giant is a great company at a bargain price
These 2 Stocks Prove The Future Is Bright For Cybersecurity Investors (Investing) Last February, a hospital was held hostage
Logikcull Closes $10 Million Series A Round from OpenView and Storm Ventures (BusinessWire) Legal intelligence platform automates costly and complex eDiscovery and legal search processes
Authentication startup Auth0 raises $15M as it beefs up security features (TechCrunch) “Identity-as-a-service” startup Auth0 (pronounced “auth zero”) has raised $15 million in Series B funding
Cybersecurity firm led by former Sourcefire execs raises $12 million (Baltimore Sun) ThreatQuotient, a cyber security firm led by former executives of Columbia-based Sourcefire, raised $12 million to boost product development and expand international sales
RiskIQ Accelerates Momentum Across Entire External Threat Management Solution Set in First Half of 2016 (BusinessWire) Triples bookings for RiskIQ PassiveTotal compared to the prior six months (2H 2015)
US hails Samsung-Darktrace IoT cyber security move (Business Weekly) Cambridge UK cyber security specialist Darktrace and new investor Samsung SDS in Korea are to jointly develop cyber security solutions for the Internet of Things
U.S. Air Force CIO: San Antonio has big opportunity with cybersecurity jobs (San Antonio Business Journal) A San Antonio native who helps lead the U.S. Air Force's worldwide cyber operations highlighted the first day of CyberTexas, a two-day conference that brings together private industry and government agencies to discuss the state of cybersecurity
San Diego Selects Tenable Network Security to Protect its Complex Network of Smart City and Legacy Technology (BusinessWire) City gains continuous visibility and actionable context for network threats through enterprise-wide vulnerability management from Tenable
CrowdStrike Names Brian Brouillette Vice President of Customer Success (BusinessWire) CrowdStrike, the leader in cloud-delivered next-generation endpoint protection, today announced that Brian Brouillette has joined CrowdStrike as vice president of Customer Success
Rapid7 Recognized for Outstanding Culture and Commitment to Employee Satisfaction by TMCnet (GlobeNewswire) Rapid7 receives 2016 Tech Culture Award for dedication to core values, innovation, and scaling with soul
Products, Services, and Solutions
Amped Wireless Introduces ALLY Wi-Fi System, available for Pre-Order Aug. 23 (PRWeb) The first seamless roaming solution with blazing-fast Wi-Fi speeds, whole-home coverage with award winning, high power technology and security against malware provided by AVG
Zimperium: Acting as the Intel-Inside of Smartphone Security (Silicon India) The wider smartphone adoption has triggered the spread of mobile malware. In light of this rapid growth, there is a pressing need to develop effective solutions. But due to the lack of understanding about emerging mobile malware, our defense capability is largely limited
Kaspersky launches self-titled OS to protect ICS (SC Magazine) Kaspersky Lab has reportedly finished its self-titled OS which has been built from the ground up with the aim of protecting industrial control systems
Sophos looks to enhance leading email providers' security (Channelnomics) Executive talks implications new Sophos Email offering has for channel
CloudPassage Halo Now in Solution-Specific Packages (Yahoo! Finance) CloudPassage today announced new packaged offerings for CloudPassage Halo to more cost-effectively address enterprises' need for workload security
Technologies, Techniques, and Standards
Researchers Douse Wildfire Ransomware with Decryption Tool (Infosecurity Magazine) Intel Security and Kaspersky Lab have announced the release of a decryption tool to stifle the Wildfire ransomware that has beset users across Belgium and the Netherlands
Cryptography and cyber-security at NTNU and the mathematics of electronic elections (European Consortium for Mathematics in Industry) Cryptography as a practice is very old, dating back at least 2000 years
Technology Foraging for Cybersecurity Solutions (AlienVault Blogs) Technology foraging, or searching for smart ideas and technologies, is a key element of research and development both in the public and private sectors
Unleashing the Immune System: How to Boost Your Security Hygiene (IBM Security Intelligence) Over the years, companies have responded to threats by backing up the security tool truck and unloading it onto their IT environments. An expanding security arsenal of fragmented, disconnected point products and perimeter solutions can add complexity without vastly improving the organization’s overall security posture
How APIs are Changing the Face of Enterprise Cybersecurity (Data Informed) Cyber threats today are more sophisticated than ever. They are specifically engineered to avoid traditional detection methods while silently siphoning data and assets from an organization or, even worse, disrupting the business
CISO Security ‘Portfolios’ Vs. Reporting Structures (Dark Reading) Organizational structure is a tool for driving action. Worrying about your boss's title won't help you as much as a better communication framework
What you need to do to stop data from leaving with exiting employees (CSO) Having policies in place can help keep employees from walking out the door with company information
Research and Development
Researchers design a chip that checks for sabotage (Help Net Security) With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips. These Trojan horses look harmless but can allow attackers to sabotage healthcare devices; public infrastructure; and financial, military, or government electronics
Verizon Patent Pertains To Blockchain Technology (Android Headlines) Blockchain technology is present in cryptocurrencies like Bitcoin and Dogecoin, and has been hailed as a “game changer”. The technology powers the currencies through a network-based approach
Academia
4th grader’s project on cyber security proves people will click on anything (KXAN) Evan Robertson is kind of a big deal
Deloitte Runs University Cyber Contest as Recruiting Tool (Campus Technology) In just a couple of weeks students from universities across the country will vie for scholarships (and attention from a potential employer) in the latest Deloitte Foundation Cyber Threat Competition. The program is designed to give people exposure to both the technology and business aspects of cyber risk
UTSA professors inducted into San Antonio Cyber Hall of Honor (UTSA Today) Two professors from The University of Texas at San Antonio (UTSA) are are set to be inducted into the Inaugural San Antonio Cyber Hall of Honor on Tuesday, August 23. Gregory White, professor of computer science and director of the UTSA Center for Infrastructure Assurance and Security (CIAS), and Glenn Dietrich, professor of Information Systems and Cyber Security, will be part of the first class of leaders and pioneers in the cybersecurity industry in San Antonio
Legislation, Policy, and Regulation
Encryption under fire in Europe as France and Germany call for decrypt law (TechCrunch) A fresh chapter of the crypto wars looks to be opening up in Europe, after the French and German interior ministers took to a podium yesterday to lobby for a law change that would enable courts to demand that Internet companies decrypt data to help further criminal investigations
Cyber attacks: Hindsight is 20/20, GDPR is even better (Help Net Security) The dust is beginning to settle on the EU referendum result. But, while the UK’s departure from the union is set to shake things up for many businesses nationwide, there’s at least one EU ruling that UK businesses will still have to comply with: the General Data Protection Regulation
IP Bill Approved – Spies Allowed to Harvest Data (Information Security) The Investigatory Powers (IP) bill has been given approval by David Anderson in a report. Britain’s spies should be allowed to continue harvesting large amounts of data from emails, the government’s reviewer of terror legislation said. IT security experts from AlienVault, MIRACL and Lieberman Software commented below
Iran looking to enhance cyber capabilities (C4ISRNET) While China and Russia have built up a robust profile in cyberspace, many are warning against Iran’s growing capabilities and behavior
Mind the air-gap: Singapore's web cut-off balances security, inconvenience (Reuters via Yahoo! Finance) Singapore is working on how to implement a policy to cut off web access for public servants as a defence against potential cyber attack - a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation"
After NSA leaks, a renewed interest in vulnerability disclosure (SC Magazine) The code leaked by the Shadow Brokers group last week has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy
Litigation, Investigation, and Law Enforcement
Iran's Revolutionary Guard targets 450 social media users (AP) The cyber-arm of Iran's powerful Revolutionary Guard says it has summoned, detained and warned some 450 administrators of social media groups in recent weeks
French submarine builder DCNS loses critical secret docs: India investigates (Register) The French are said to be going ballistic
Judge Orders Immediate Review of 14,900 Hillary Clinton Emails (Wall Street Journal) Federal request says review must be complete by Sept. 22 and comes as new correspondence shows Clinton Foundation sought access to State Department on donors’ behalf
Many Donors to Clinton Foundation Met with her at State (AP) More than half the people outside the government who met with Hillary Clinton while she was secretary of state gave money - either personally or through companies or groups - to the Clinton Foundation. It's an extraordinary proportion indicating her possible ethics challenges if elected president
Jill Stein: Clinton emails reveal security risks, ‘special deals’ for donors (Washington Post) The Green Party's nominee for president rejoined the debate about Hillary Clinton's use of email at the State Department on Tuesday, telling reporters that Clinton clearly "attempted to cover up" shady behavior by using a private server
A Life or Death Case of Identity Theft? (KrebsOnSecurity) On Feb. 20, 2016, James William Schwartz, 84, was going about his daily routine, which mainly consisted of caring for his wife, MaryLou. Mrs. Schwartz was suffering from the end stages of endometrial cancer and wasn’t physically mobile without assistance. When Mr. Schwartz began having a heart attack that day, MaryLou went to use her phone to call for help and discovered it was completely shut off
Ashley Madison misled users with a fake security award (CSO) The site showed the award before getting hit by a massive breach last year, watchdogs say
Some ISPs in India are blocking access to ThePirateBay.org (HackRead) ThePirateBay.org domain has been blocked by some ISPs in India and users are not happy about it
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Alaska 2016 (Anchorage, Alaska, USA, Aug 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.
Chicago Cyber Security Summit (Chicago, Illinois, USA, Aug 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, Aug 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.
CISO Toronto (Toronto, Ontario, Canada, Aug 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.
ISAO SO Public Forum (Tysons, Virginia, USA, Aug 31 - Sep 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.
cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers