Election hacking from Hong Kong to Texas. Apple patches OS X against Trident zero-days. Surprisingly bellicose statements about cyber policy in North America. Ransomware updates, more leaked credentials, and an M&A rumor.
US elections aren't the only ones being targeted in advance of voting: FireEye says that APT 3, the Chinese cyber espionage group, has spearphished its way into at least two Hong Kong agencies involved with Sunday's elections.
Apple patched iOS against Trident vulnerabilities last week. Yesterday it pushed out similar patches for OS X. Users are urged to apply them at their earliest opportunity. The Trident zero-days are those Lookout and Citizen Lab found on a UAE activist's phone early in August.
Motherboard says it's obtained a window into the government hacking market through a catalogue from Indian firm Aglaya offering "weaponized information." Some of the services on offer (manipulation of search results, for example) have an information-operational dimension. Aglaya says the brochure was an offer to one specific customer.
Some bellicose talk about cyberwarfare comes from North America late this week. A former head of Canada's Communications Security Establishment says Ottawa would be "negligent" were it to forego development of offensive cyber capabilities. US Presidential candidate Clinton promised that, if elected, she would respond militarily to cyberattacks.
Concerns about cybercrime continue to focus on ransomware—familiar variants and vectors continue to work damage.
LeakedSources is circulating cracked passwords from a Last.fm breach disclosed back in 2012. (They promise more "megabreaches" soon.) This, along with the Dropbox breach, prompt many to repent of password reuse.
In an industry rumor, Hewlett Packard Enterprise is said to be hawking its software business to Thoma Bravo for between eight and ten billion dollars.
Notes.
Today's issue includes events affecting Australia, China, Denmark, France, Gambia, Germany, Iran, Iraq, Democratic Peoples Republic of Korea, Russia, Syria, United Arab Emirates, United Kingdom, and United States.
A note to our readers: we'll be observing Labor Day this coming Monday, and so taking a day off from publishing. We'll be back as usual on Tuesday, September 6, 2016. A happy Labor Day to all of you. (We'll need the break to recover from following Youngstown State's 45-10 win over Duquesne last night.)
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Dale Drew from our partners at Level 3 will share some creative ways of handling staffing challenges (a preview: they hire musicians). Our guest is Gene Stevens, CTO and co-founder of ProtectWise, who explains how innovative user interface design is good for the user and good for sales, too. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Hong Kong Government Hacked by Chinese Cyberspies, FireEye Says (BloombergMarkets) Two government agencies targeted ahead of legislative election. Motive ‘certainly’ political, based on the targets, group says
Are Harris County's voting machines vulnerable to hackers? (KHOU) Just days after the FBI issued warnings to state election officials about cyberattacks, a Rice University professor is raising serious concerns about the security of computerized voting systems in Harris County and around the country
This Leaked Catalog Offers ‘Weaponized Information’ That Can Flood the Web (Motherboard) In the summer of 2014, a little known boutique contractor from New Delhi, India, was trying to crack into the lucrative $5 billion a year market of outsourced government surveillance and hacking services
BAE Systems' Danish Subsidiary Sells Spyware To UAE (Defense World) BAE Systems' Danish subsidiary has sold surveillance equipment to United Arab Emirates, a country which recently tried hacking smartphone belonging to activist Amed Mansoor
TorrentLocker: Crypto-ransomware still active, using same tactics (We Live Security) In December 2014, ESET released a white paper about TorrentLocker, a crypto-ransomware family spreading, via spam, email messages that impersonated local postal service, energy or telecom companies. The paper described its distribution scheme, its core functionalities, its network protocol and exposed some similarities with the Hesperbot banking trojan
New Elknot/Billgates Variant with XOR like C2 Configuration Encryption Scheme (NetLab 360 (h/t Recorded Future)) Elknot is a notorious DDoS botnet family which runs on both Linux and Windows platforms [1] [2] [3] [4]. Multiple variants have been found since its first appearance, while the most infamous variant is called BillGates by many researchers because of its characteristic use of Bill and Gates modules [5]
Betabot steals passwords, downloads ransomware (Help Net Security) The infamous and ever-changing Betabot information-stealing Trojan is back again, and has been observed downloading another well-known threat – the Cerber ransomware
Web site offline? New server-focused FAIRWARE Ransomware could be why (Trend Micro: Simply Security) In a time of non-stop news stories about ransomware, a new variant called FAIRWARE is attacking Linux-based servers running web sites
Insecure Redis Instances at Core of Attacks Against Linux Servers (Threatpost) A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code
Thousands of security threats happen every five minutes: Trend Micro VP (ZDNet) The pace at which businesses now find themselves operating has allowed for the files on a network to be encrypted and beyond an organisation's reach in just five minutes
Only Half of Firms Say IT Security Rules Are Being Followed (Information Management) At a time when ransomware and other attack methods that exploit insider negligence are becoming rampant, only 39% of end users think they take all appropriate actions to protect corporate data accessed and used in the course of their jobs, according to a new survey by the Ponemon Institute
The Hackable Human – 6 Psychological Biases that Make Us Vulnerable (Heimdal Security) There’s a red thread that you can follow in each story about cyber attacks. If you pay attention, you’ll see how human nature is deeply rooted in the mechanics of successful cyber compromise
Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down (Threatpost) A global malvertising campaign exposing potentially one million users to the risk of being infected with CrypMIC ransomware delivered via the Neutrino Exploit Kit has been shut down, according to researchers
Inteno Router Flaw Could Give Remote Hackers Full Access (Infosecurity Magazine) Security experts are warning of a critical new router vulnerability which could allow remote attackers to replace the firmware on a device to take complete control over it, and monitor all internet traffic flowing in and out
Last.fm breach from 2012 affected 43 million users (CSO) Stolen passwords from old data breaches have recently been circulating on the internet
Dropbox breach shows how impactful password reuse can be (Computerworld) Not a good look for the file sharing powerhouse, and a cautionary tale for us all
Dell exposes Federal Agencies outdated tech (USB Port) Federal Agencies might need to improve their tech to prevent breaches. According to new research from Dell, several government institutions are currently using outdated software and hardware. The computer company revealed this information as a part of its annual ‘State of IT trends’ study in July
Scammers using social media brands to launch phishing, fraud and malware attacks, study says (International Business Times) Proofpoint security researchers say 600 new fraudulent social media accounts crop up every month
Researchers Uncover Car Infotainment Vulnerability (Dark Reading) Should an automobile manufacturer have to release a patch for a feature that they never deployed? A newly discovered vulnerability in MirrorLink's infotainment software may force an answer
Mr. Chow’s website serves up ransomware (Malwarebytes) The website for popular fine Chinese cuisine “Mr Chow” restaurants has been hacked and is redirecting visitors to ransomware. This is not the first high profile culinary personality that has been involved in a security incident. Before Michael Chow, British Chef Jamie Oliver experienced several cases of website compromises himself
Devastating attacks to public infrastructure 'a matter of when' in the US (ZDNet) Cybercriminals are focusing on public infrastructure to disrupt services and cause mayhem as new targets are emerging and expanding throughout the world
Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you (ZDNet) Security threats can come from a variety of different individuals and groups. Here's a field guide to the major players
Security Patches, Mitigations, and Software Updates
Apple Slips out Trident Patches for Mac Users (Infosecurity Magazine) Apple has issued patches for OS X and Safari to fix the three major ‘Trident’ vulnerabilities associated with a recent state-sponsored attempt to spy on a rights activist
Apple Patches OS X and Safari Zero-Days Related to NSO Group Spyware (Softpedia) Apple patches two new zero-days in OS X and Safari
Apple Patches OS X and Safari Zero-Days Related to NSO Group Spyware (Information Security Newspaper) Apple patches two new zero-days in OS X and Safari.Apple released today two security bulletins for OS X and Safari aimed to fix three vulnerabilities related to the now infamous Pegasus surveillance kit (spyware) created and sold by NSO Group
Cyber Trends
Cybersecurity defence costs will exceed $1 trillion over the next five years (PCR) The cost of cybercrime defence will exceed $1 trillion cumulatively from 2017 to 2021
The security ratings game grades third-party vendors (TechTarget) Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?
Tripwire Survey: Security Professionals Lack Confidence in Ransomware Recovery (Yahoo! Finance) Tripwire, Inc., a leading global provider of endpoint detection and response, security and compliance solutions, today announced the results of a survey of over 220 information security professionals who attended Black Hat USA 2016. The conference took place July 30-August 4, 2016, at the Mandalay Bay Convention Center in Las Vegas, Nevada
Tripwire Black Hat 2016 Survey: Ransomware & Phishing (Tripwire) Over 220 information security professionals attending Black Hat USA 2016 participated in Tripwire’s survey
Wombat Security Cyber Security Awareness Report reveals knowledge gaps (Security InfoWatch) Wombat Security Technologies (Wombat), a leading provider of cyber security awareness and training, has announced the release of its Beyond the Phish Report, an analysis of nearly 20 million questions and answers indicating how well end users are able to identify and manage security threats within an enterprise
Top 10 Internet Security Myths Debunked [Updated] (Heimdal Security) What do we know about security?
Marketplace
Cyber Insurance – only if you don’t need it (ITWire) By the time you take out insurance against cyber threats, hacks, data leaks, breaches, etc., you probably have advanced capabilities in security and incident readiness and understand the risk profile
Hewlett Packard Enterprise is in talks to sell its software business to a private equity firm for $8B to $10B (Business Insider) Hewlett Packard Enterprise is in talks with buyout firm Thoma Bravo to sell its software division, hoping it can fetch between $8 billion and $10 billion, according to people familiar with the matter
LMI buys Herndon intelligence contractor (Washington Business Journal) Tysons-based not-for-profit government consultant LMI announced Thursday that it bought Herndon-based FourWinds Limited Co., strengthening its position with intelligence community customers
Distil Networks Takes Aim at Bot Scraping (eWeek) Rami Essaid, co-founder and CEO of Distil Networks, discusses where his company came from and where it is headed
Avast extends its tender offer (BusinessWire) Avast Software B.V. today announced that it has extended its previously announced tender offer to purchase all of the outstanding ordinary shares of AVG Technologies N.V. (NYSE: AVG) for $25.00 in cash to 11:59 p.m., New York City time, on September 15, 2016, unless earlier terminated or further extended. All other terms and conditions of the tender offer remain unchanged
Proofpoint To Grow To $1 Billion In Revenue By 2020: How Realistic? (Seeking Alpha) Management announced a plan to grow revenue to $1B at the last analyst and investor day. Proofpoint’s ability to gain market share from competitors has propelled the stock in 2016. The email security market has been projected to experience a flat growth rate. The low hanging market share will not remain until 2020. Threat from competitors will force management to take on more leverage; this will have a negative effect on FCF
Ignore FireEye, Inc.: Here Are 2 Better Stocks (Motley Fool) The wildly unprofitable cybersecurity company is no longer growing very fast. Investors would be wise to look elsewhere
Why Palo Alto’s Stock Fell after It Posted Its 4Q16 Results (Market Realist) Earlier in the series, we discussed Palo Alto Networks’ (PANW) performance in its recently announced fiscal 4Q16 results. Even though its fiscal 4Q16 revenues and billings exceeded analysts’ expectations, its stock fell 3% on August 30, 2016, in after-hours trading
The Dropbox hack puts cybersecurity ETFs squarely in focus (MarketWatch) ‘Until we don’t see any more breaches, this will be an area that grows’, says Andrew Chanin, CEO PureFunds
To Find Cyber Flaws in Weapon Systems, DoD Will Move Millions (Defense News) Amid a growing focus on the Pentagon’s cyber vulnerabilities, it plans to reprogram $100 million toward uncovering such flaws in major weapon systems, according to budget documents posted this week
By ‘Secure’, We Didn’t Mean... (The Context Blog) During a response to a security incident at a financial institution, I came across a very bad situation: a managed security service provider (MSSP) that had managed to put their sensors in the wrong place, ensuring that the customer got neither security or service. Now, anyone can misplace a box. What was surprising to me was the period of time it took to discover the misplacement
How IT Departments Can Manage The Security Skills Shortage (Dark Reading) A lack of skilled cybersecurity talent is putting organizations at risk. Which skills are in highest demand, and how can IT managers secure the right people to protect their information?
G DATA unterstützt Projekthilfe Gambia e.V. (PresseBox) Gesundheitsstation und Kindergarten erhalten einen Euro von jeder im Online-Shop verkauften G DATA Sicherheitslösung
Kudelski Security Expands Global Advisory Services With Appointments of John Hellickson and Darrell Switzer (PRNewswire) Addition of senior leaders with deep experience in cybersecurity strategy, governance and incident response expands Kudelski Security's global consulting services
FinalCode Opens European Office in London (Yahoo! Finance) FinalCode, Inc., the innovator in persistent file security, today announced the opening of a new regional headquarters to be based in London. Following the continued expansion of FinalCode, the company also announced the appointment of Jo Below to the role of managing director, Europe
Products, Services, and Solutions
Palo Alto Networks CEO: Traps Endpoint Security Offering At 'Inflection' Point With Partners (CRN) The market for endpoint security is booming, particularly in the startup space, and Palo Alto Networks CEO Mark McLaughlin said he is confident the network security vendor will pull ahead of the pack with its Traps endpoint security solution
M1 bolsters cyberattack defenses as it forges alliances with cybersecurity firms (Yahoo! Finance) M1 bolsters cyberattack defenses as it forges alliances with cybersecurity firms
Okta receives rare endorsement from Google cloud chief (CRN) Google has in the past abstained from recognising its cloud technology partners with any preferential designations, but Tuesday, Okta, an identity management vendor, secured an endorsement directly from the internet giant's cloud chief
Raytheon unveils cyber battle management system (C4ISRNET) Raytheon has unveiled its Cyber and Electromagnetic Battle Management (CEMBM) tool
Dispersive Technologies To Reveal SCADA Transmission Improvements At California ISO Symposium (PRNewswire) Dispersive Technologies will unveil significant advances in SCADA data transmission at the California ISO Stakeholder Symposium September 7-8 in Sacramento
Samsung confirms it is recalling the Galaxy Note 7 after reports of explosions (TechCrunch) Samsung has confirmed that it is recalling the Galaxy Note 7, its newest smartphone, following reports that some devices exploded
Technologies, Techniques, and Standards
In wake of voter database hack, U.S. election commission turns to NIST for cybersecurity talk (FedScoop) A cohort of voting municipalities across the U.S. relies on either digital voting systems or online data collection tools that may be susceptible to digital intrusion
Iris scans as ID grow in use (CSO) Smartphones, ATMs and autos envisioned as prime candidates for iris scan tech as ID verification
How a security researcher is tackling IoT security testing (Help Net Security) “A common misconception people in the industry have regarding my work as a security researcher is that I am sharing information that puts businesses at risk. And also, that I spend all day playing,” says Deral Heiland, Research Lead at Rapid7
3 Golden Rules For Managing Third-Party Security Risk (Dark Reading) Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place
What is access governance? A brief deep dive (Help Net Security) Access governance is the evolution, the next great step if you will, in the identity and access management world. Access governance is a more robust, holistic approach to managing user access, network shares, permissions, and allows organizations to peer easily into the entire goings on of an organization. Access governance is like king of the hill, where the view is long and clear and there’s little that can knock it down
Col. Paul Craft: A peek inside DISA’s cyber command center (Federal News Radio) Scott Air Force Base in Illinois is home to a brand new building with 164,000 square feet devoted to cybersecurity. It's the Global Operations Command of the Defense Information Systems Agency. Col. Paul Craft, the commander, described the new center in an interview with Federal News Radio's Jared Serbu on Federal Drive with Tom Temin
Design and Innovation
“Foghorn” takes users out of phish-fighting with DNS “greylisting” (Ars Technica) Prototype security tool stops clicks on bad links, blocking DNS lookup for 24 hours
Research and Development
DHS asks for help designing the cyber testbed of the future (FedScoop) DHS says it wants says it wants input "from industry, academia and other interested stakeholders"
Academia
Dimension Data and Deakin University join forces in Cyber Security Incubator (CSO) New funding from the Victorian Government to spark regional cyber security skills hub
Colorado adds academic spokes to existing cybersecurity hub (Denver Post) Colorado universities considered Centers of Academic Excellence by the National Security Agency
Legislation, Policy, and Regulation
Staunch secularist entrusted to quell France’s row over Islam (Financial Times) Compromise has never been Jean-Pierre Chevènement’s forte: over four decades in French politics he resigned from three different ministerial jobs after disagreeing with the government’s line. Still, president François Hollande has entrusted the 77-year-old politician with a highly delicate mission: to quell France’s unsettling row over Islam, the country’s second-largest religion
How to Stop a Martyr (Foreign Policy) France is rolling out an experimental center to deradicalize homegrown extremists. The problem is no one really knows how to stop a terrorist before he picks up a gun
Going After the ISIS Propaganda Mastermind (Foregin Policy) Killing the Islamic State’s propaganda chief marks a rare success for a U.S.-led campaign that has struggled to counter the group’s far-reaching media jihad
Former electronic spy chief urges Ottawa to prepare for ‘cyber war’ (Toronto Star) As Canada reviews its defence policy, the former chief of Communications Security Establishment says it would be negligent not to develop offensive cyber weapons
Clinton: US should use 'military response' to fight cyberattacks from Russia and China (International Business Times) Clinton said the US should 'lead the world in setting the rules in cyberspace'
Cyber guidelines are 'required reading' for transition teams (FCW) A forthcoming set of guidelines on cyberthreat information sharing between the private sector and the government will be required reading for presidential transition teams, according to a top White House adviser
Cybersecurity 'baked in' as Va. transforms its IT, state tech chief says (StateScoop) Right now, Northrop Grumman manages Virginia's IT. But as that agreement draws to a close in 2019, the state is working to centralize its services, Virginia’s director of technology services told StateScoop TV
Litigation, Investigation, and Law Enforcement
German spy agency systematically broke the law: report (Deutsche Welle) German spies systematically and regularly violated basic civil rights by siphoning up people's telecommunication data for years, according to a secret report by the country's ombudswoman for data protection
Romanian hacker who targeted Bush family and Colin Powell sentenced (Guardian) Marcel Lazar, better known as ‘Guccifer’, given a four-year prison sentence
AT&T’s throttling victory may hinder FTC’s power to protect consumers (Ars Technica) Ruling raises questions about FTC ability to regulate Google, Verizon
Yahoo email privacy lawsuit settled (Naked Security) By this point, we’ve seen plenty of class-action lawsuits over internet giants pawing through our email to either snoop on us or target us with advertising
FBI Denies Making Dark Web Child Porn Site Run Faster (Motherboard) Last week, a defense lawyer argued that the FBI drastically improved the performance of a dark web child pornography site in the process of investigating it. On Thursday, the Department of Justice responded, denying those claims
Programmer arrested for hacking Linux Kernel Organization (Help Net Security) A South Florida-based computer programmer made an appearance in the Southern District of Florida yesterday after being arrested Sunday on charges of hacking into computers operated by the Linux Kernel Organization and the Linux Foundation
Arizona man charged for cyber-attack on city of Madison websites (Wisconsin State Journal) Prosecutors have filed federal charges against an Arizona man they say "crippled" the city of Madison's communication systems and website in the days after the March 2015 shooting of Tony Robinson
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
Innoexcell Annual Symposium 2016 (Singapore, Sep 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers