Election-related hacking reported on at least three continents. Shadow Brokers seem more interested in influence than profit or intelligence. US, Russia, exchange tough talk over cyberwar. Compromised databases. FBI releases details of Clinton email investigation.
FireEye found APT3, a Chinese cyber espionage group, in the networks of at least two unnamed Hong Kong agencies in the week prior to Sunday's elections in that city. There are also allegations of election hacking in Mexico.
ThreatConnect finds the same IP address implicated in intrusions into US state voter databases was also found in incursions into German, Turkish, and Ukrainian political networks. Russia's President Putin denies any involvement in US political hacking, but adds that whoever hacked the DNC performed a public service.
Not much bidding for Equation Group code at the Shadow Brokers' auction (apparently stalled at just 1.8 Bitcoin, a little more than $1000, with some rickrolling). Some observers ask why an intelligence service would have revealed its stolen goods, but sometimes attacks are deliberately noisy, particularly if they aim at deterrence or influence as opposed to intelligence. Presidents Obama and Putin exchange starchy words over cyberwar at the G20 summit. Obama suggests Russia might have to slap leather if it wants to turn cyberspace into the Wild West. Putin says he's got better things to do than fool with American electoral theater.
User compromises are reported at Lifeboat and Brazzers. LeakedSource adds 98 million accounts from a 2012 breach at Rambler.ru to its database.
The FBI released emails from its investigation of former Secretary of State Clinton's handling of classified information. It appears there was spearphishing; also that in 2013 an "unknown user" wandered through one of her husband's staffer's accounts on her private system.
Today's issue includes events affecting Argentina, Australia, Brazil, Colombia, Cuba, India, Indonesia, Iraq, Malaysia, Mexico, Netherlands, Nigeria, Russia, Syria, Turkey, Ukraine, United Arab Emirates, United Kingdom, and United States.
A note to our readers: tomorrow and Thursday we'll be in Washington, DC, covering the 2016 Intelligence & National Security Summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). Follow @thecyberwire for live tweets. We'll also have special coverage in the CyberWire later this week.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Malek Ben Salem from our partners at Accenture Technology Labs will talk about the industrial IoT. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Cuba government filtering mobile text messages, dissidents say (Reuters) Cuba's Communist government is filtering mobile phone text messages for key words such as "democracy" and "human rights" and then blocking them, dissidents said on Monday
Indonesian militant in Syria luring M'sian IS sympathisers to launch attacks in country (Sun Daily) The Counter-Terrorism Division of the Special Branch has revealed that an Indonesian militant in Syria has been luring Malaysian Islamic State (IS) sympathisers to launch attacks here
Mexico Refuses to Probe Hacker's Claims of Electoral Fraud (Telesur) Colombian hacker Andres Sepulveda claimed that he hacked, spied, and manipulated social media for President Enrique Peña Nieto’s 2012 presidential campaign
New clues link election hacks in U.S. to Russian intelligence (Yahoo! News) A top cybersecurity firm said Friday it has found “significant” links between the hacks of two U.S. state election databases this summer and suspected Russian state-sponsored attacks against the ruling political party in Turkey and members of the Ukrainian Parliament
Illinois voter registry breach smaller than first thought (Christian Science Monitor) State election officials suspect hackers stole the personal information of 86,000 voters, not 200,000 it first suspected
Why Dems and the media always blame hacks on Moscow (Washington Examiner) Democratic leaders have blamed Russian hackers for this year's spate of cyberattacks, arguing that they prove Kremlin opposition to Hillary Clinton's presidential candidacy. And many in the media have been quick to accept that conclusion
Vladimir Putin: Whoever Hacked the D.N.C. did a Public Service (Vanity Fair) The Russian president denied any involvement in the hack, but he also didn’t condemn it
U.S. investigating potential covert Russian plan to disrupt November elections (Washington Post) U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said
The threat posed by sore losers: Our election legitimacy is at risk — even without a cyber attack (Raw Story) We’ve heard a lot in recent weeks about the potential for Russian meddling in the presidential election
No Homeland Security can't step in to protect the election (USA Today) Any federal plan to intervene at this late date will backfire
How Spy Tech Firms Let Governments See Everything on a Smartphone (New York Times) Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group
Pokémon-inspired rootkit attacks Linux systems (IT News) Provides backdoor and traffic-hiding capabilities
Mirai DDoS Trojan Is the Next Big Threat to IoT Devices and Linux Servers (Full Circle) A new trojan named Mirai has surfaced, and it’s targeting Linux servers and IoT devices, mainly DVRs, running Linux-based firmware, for the purpose of enslaving these systems as part of a large botnet used to launch DDoS attacks
The Central Security Treatment Organization Ransomware Uses the Cry Extension and Communicates via UDP (Information Security Newspaper) A new ransomware that pretends to be from a fake organization called the Central Security Treatment Organization has been discovered by security researcher MalwareHunterTeam. When the Central Security Treatment Organization, or Cry, Ransomware infects a computer it will encrypt a victim’s files and then append the .cry extension to encrypted files. It will then demand approximately 1.1 bitcoins, or $625 USD, in order to get the decryption key
Fantom ransomware pretends to be a Windows critical update (Naked Security) We’ve had a few questions from readers asking about a new ransomware strain known as Fantom, blocked by Sophos products as Troj/Fantom-B
TorrentLocker Ransomware Still Around, Uses Tor to Hide Backup C&C Servers (Softpedia) Two years later, TorrentLocker is still going strong
Can't Stop the Ransomware (BankInfo Security) Bitcoin-hungry attackers target enterprises
Understanding and defeating ransomware (CSO) "Ransomware is a reposing issue," says Eric Skinner, the VP for Market Strategy for Trend Micro
Point-of-sale data breaches have now reached the cloud (CSO) Lightspeed's cloud-based point-of-sale system, with 38,000 clients, has suffered a break-in
'Ripper' ATM Malware: Where Will Cybercriminals Strike Next? (InfoRisk Today) Asian banks get stung; expert predicts more attacks
‘Flash Hijacks’ Add New Twist to Muggings (KrebsOnSecurity) A frequent crime in Brazil is a scheme in which thieves kidnap people as they’re leaving a bank, and free them only after visiting a number of ATMs to withdraw cash
Cyber Attacks On SWIFT’s Banks (Information Security Buzz) SWIFT, the global financial messaging system, disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank. IT security experts from Tripwire, Lieberman Software, MIRACL, Imperva and ESET comments on the attacks
SWIFT kick in the banking (CSO) When SWIFT made headlines back in April of 2016, I could not help but wonder how bad things really were. Many people were blissfully unaware as to what SWIFT (Society for Worldwide Interbank Financial Telecommunication) even was or what it could be used for
98 million Rambler.ru accounts surface after 2012 hack (CSO) Passwords stored in the clear
7 Million LifeBoat Accounts from Jan 2016 Breach Leaked Online (HackRead) Lifeboat has something to worry about — perhaps it should inform users how the stolen 7 million accounts from January 2016 breach have surfaced online now?
Hacked BitcoinTalk.org Forum Database Goes for Sale on Dark Web (HackRead) A hacker is selling hacked database of Bitcointalk.org, a Bitcoin forum that was hacked in May 2015 but its database was leaked a couple of days ago
Nearly 800,000 Brazzers users’ credentials exposed (Help Net Security) Account login credentials of nearly 800,000 Brazzers porn site users have been stolen in 2012, but the breach has only now come to light, after the data dump was obtained by breach monitoring site Vigilante.pw
Sundown is Just a Bunch of Exploits Stolen from Other Exploits Kits (Information Security Newspaper ) Sundown EK fails to improve market share among fellow EKs. The Sundown exploit kit (EK), which has been trying to fill the void left by the death of the Angler and Nuclear EKs, is nothing more than a collection of copy-pasted exploits, according to Trustave’s SpiderLabs team
Bilal Bot: That Time a Malware Developer Asked Me to Correct a Security Blog (IBM Security Intelligence) The user, who claimed to be the author of Bilal Bot, contested that the malware had been updated with more features and was being offered in underground forums at a higher cost that what we reported. The author offered to be interviewed to clarify
Hackers Have Evolved into Sophisticated, Organized Criminals (Infosecurity Magazine) If there’s one thing the last few years have shown us it’s that hackers have evolved into sophisticated, organized criminals, capable of orchestrating well-oiled, imaginative attacks
Hacking mobile login tokens tricky but doable, says reverse-engineer (Register) I think I'm a clone now, there's always two of me just a-hangin' around
Expert Questions Claim That St. Jude Pacemaker Was Hacked (IEEE Spectrum) Last week, a controversial report claimed that pacemakers and other implantable heart devices made by the manufacturer St. Jude Medical have massive security flaws that leave them vulnerable to hacking. Now, medical device security expert Kevin Fu, an associate professor at University of Michigan, is questioning the accuracy of that report
So far, St. Jude Medical weathering cybersecurity scrutiny (Minneapolis Star Tribune) A report saying its devices lacked needed safeguards has so far proved untrue
Retiring Sysadmin Fakes Cyber-Attack to Get Away with Data Theft (Softpedia) He did it because he wanted a house in a seaside town
Sophos false positive detection ruins weekend for some Windows users (CSO) Sophos antivirus products detected winlogon.exe as malicious
Porn Chatbot Tricks Argentinians Into Thinking They’re Chatting With President (Motherboard) Is that person you’re interacting with online a real flesh-and-bones human, or are they actually just made of 1s and 0s?
Security Patches, Mitigations, and Software Updates
Google Chrome fixes serious vulnerabilities, thanks to bug fighters (Naked Security) The latest Google Chrome browser update comes with 33 vulnerability patches, including 13 that are high-severity. It’s all thanks to community contributors and bug fighters who submitted fixes for Chrome’s bug bounty program
Android device updates: Verizon Galaxy S7, S7 Edge get key updates, AT&T phones add Wi-Fi calling (Green Bot) The AT&T S7 and S7 Edge get the monthly security update, while the Galaxy S5 and S5 Active finally get Marshmallow along with Wi-Fi calling capabilities
Hacking away at your phone (Sunday Times) Cyber-criminals are switching from PCs and laptops to mobiles containing swathes of our private information. Experts are urging us to be more on our guard
25 Years Of DDoS (Qube) It has been 25 years since the first DDoS attack, and since then the world has witnessed many variants which all share the same result: disrupting the availability of the target host and its services
Big data analytics is key to stronger cybersecurity (ITWire) Big data analytics is fast becoming the defence to a cyber security offence
Your Kitchen Appliances Are Watching You, Security Expert Warns (Bloomberg Technology) More connected household objects collect personal data. Vendors should be more transparent on data use, Kaspersky says
Mac Malware Part of Worsening Security Picture (eSecurity Planet) While Mac malware is not as big of a problem as attacks meant for Windows, hackers are targeting Apple operating systems more than ever before
Public yawns at threat of cyber crime (San Diego Union-Tribune) The seemingly inpenetrable National Security Agency was hacked recently. So was the Democratial National Committee, and voter registration offices in Illinois and Arizona
Why Asia-Pacific Lags in Data Breach Detection (InfoRi Today) FireEye's Rob van der Ende identifies shortcomings
Kaspersky 'terminates' deal with security reseller Quadsys (Register) Hack a rival? We're not cool with that, says Russian AV titan
Assured Information Security acquires Maryland firm (Central New York Business Journal) Assured Information Security, Inc. (AIS) announced it has acquired Ross Technologies, Inc. (RTGX) of Maryland
Palo Alto Networks Slashes Growth Forecast (PANW) (Investopedia) While demand for corporate security services still outpaces broader IT spending increases, the industry is facing slower growth in 2016. In 2015, the global economy saw major hacking incidents involving security breaches at companies such as Sony Corp. (SNE) and Anthem Inc. (ANTM)
Why FireEye Is A Sell (Seeking Alpha) FEYE’s billings growth has also slowed down remarkably of late, which is bad news for investors as it is hurting the financial performance and forced a lower guidance
BAE sets sights on bigger slice of the cyber defence market (Telegraph) BAE SYSTEMS has teamed up with Germany’s top insurer Allianz as it aims to grab a bigger slice of the burgeoning cyber defence market
VMworld: My Cybersecurity-Centric Impressions (Network World) NSX security is gaining traction in the VMware installed based but the story remains confusing to cybersecurity professionals. VMware needs to bolster its NSX security go-to-market initiatives to scale to the next level
Microsoft bug bounty program adds .Net Core and ASP.Net Core (InfoWorld) The company will pay researchers up to $15,000 for critical vulnerabilities found in these software development platforms
Movers and Shakers: DigiCert Promotes COO John Merrill to CEO (IoT Evolution) DigiCert, a global trusted identity and authentication services provider for enterprise web applications and the IoT, has named John Merrill its new CEO
Products, Services, and Solutions
Hexadite Announces Strategic Reseller Agreement with HPE (BusinessWire) Partnership to strengthen HPE Security Intelligent Security Operations Portfolio with Security Orchestration and Automated Incident Response Platform
Take Advantage of Security Cheat Codes With Behavioral Intelligence (IBM Security Intelligence) It's not quite God Mode, but an effective behavioral intelligence solution, paired with a security intelligence solution, can help analysts understand behavior patters to sniff out insider threats. The E8 Security App for QRadar provides this
Hillary Clinton adopts start-up's encryption app (Financial Times) Hillary Clinton last week joined the billions of people who now have their messages secured by a tiny, three-person non-profit based in the Mission district of San Francisco
What this expensive ‘secure’ phone tells us about mobile hacking (CSO) Will a $12,000 phone protect you from mobile malware?
'Ultra secure' Turing Phone plagued by shaky security claims (ZDNet) Questions remain over claims that this 'secure' phone can keep data safe
Kaspersky releases security cloud for SMB (Enterprise Times) Security vendor Kaspersky has released a new Software as a Service solution for Small to Medium Businesses (SMB)
Project Argus Is an Outlook Plugin for Reporting Phishing Attacks (Softpedia) You can now report suspicious emails by pushing one button
Technologies, Techniques, and Standards
Threat Hunting: More than a Marketing Buzzword (Delta Risk) In early August we presented a comprehensive webinar on threat hunting. In this post, we expand on that presentation to explore the use of the term “hunt,” and why threat hunting is more than just a buzzword
Balancing Compliance, Business Risk Security Strategies (InfoRisk Today) Security head at credit-rating bureau shares insights on setting security priorities
People, Please Don’t Store Private Data in Your Address Book (Wired) There's been some controversy over the data that Donald Trump’s campaign app collects. Though the America First app asks before accessing anything on both Android and iOS, it gathers and stores the data from smartphone address books as soon as it is granted permission
Design and Innovation
Can biometrics and the FIDO Alliance save us from password overload? (Help Net Security) FIDO AllianceAll the available evidence indicates our password-based security system is broken
Microsoft Launches Smart Contracts Security Working Group (Coin Desk) Microsoft has revealed it is organizing a working group dedicated to improving smart contracts security
Research and Development
University of Illinois awarded cyber research contract (C4ISRNET) The University of Illinois Urbana-Champaign has been awarded an $18.7 million Air Force contract to develop a cybersecurity research system
Pixellation popped: AI can ID you, even after PhotoShop phuzzing (Register) Like humans, machines can ID obfuscated faces - only faster
Morgan Designated as Center of Academic Excellence by the NSA and Department of Homeland Security (Morgan State University) University recognized for advancements in cyber defense education, certified through 2021
UK’s Cyber Amateurs Battle Shadowy Hackers (Infosecurity Magazine) Some of the UK’s top cyber amateurs battled each other in exercises over the weekend for the right to reach the Masterclass final of the Cyber Security Challenge UK in November
Legislation, Policy, and Regulation
State Governments' War Against Cybercrime (InfoRisk Today) Cyber labs, CERTs will play critical roles
Australia still has a way to go to become an infosec world leader (IT News) Taking lessons from Israel
Brazil Must Rebalance Its Approach to Cybersecurity (Council on Foreign Relations) When Brazil attends the Group of 20 Summit in Hangzhou next week, cybersecurity will be on the top of everyone’s mind
Obama Tells Putin Hackers Shouldn't Create Cyber 'Wild Wild West' (ABC News) President Obama addressed his tense, 90-minute-long meeting with Russian President Vladimir Putin on the sidelines of the G20 in a press conference on Monday
Obama Threatens Cyber War on Russia Turning G20 Summit Into a Political Event (Sputnik) President Barack Obama took a hardline during discussions with his Russian counterpart Vladimir Putin on the sidelines of the G20 Summit parroting the theory of Hillary and the Democrats that Moscow has nothing better to do than intervene in America’s election
Obama warns of cyber 'arms race' with Russia (Politico) President Barack Obama issued a subtle warning to Russia on Monday, noting that the United States has “more capacity than anybody, both offensively and defensively” when it comes to cyber weapons
The Shadow Brokers Publish NSA Spy Tools, Demonstrating Possible Flaws in the NSA’s Approach to Security Vulnerabilities (EFF) The vulnerabilities equities process is unaccountable, secretive, and nonbinding
The NSA’s stash of digital holes is a threat to everyone online (Guardian) The revelation by hackers of the internet vulnerabilities stockpiled by US intelligence shows that in the fight against cybercrime public safety is ignored
Halvorsen: Cybersecurity must be a risk assessment in context of mission (C4ISRNET) When it comes to cybersecurity, the criticality of cyber in the functionality of systems creates difficulties in a traditional sense of security. The Defense Department's chief information officer, Terry Halvorsen, is approaching this issue from a risk standpoint as opposed to security
Counter voting hacking threat (Post and Courier) News that foreign hackers, probably from Russia, accessed computerized voter rolls in Illinois and tried to break into the Arizona state electoral system earlier this year should grab the attention of election officials across the nation
Litigation, Investigation, and Law Enforcement
FBI Releases Documents in Hillary Clinton E-Mail Investigation (Federal Bureau of Investigation) Today the FBI is releasing a summary of former Secretary of State Hillary Clinton’s July 2, 2016 interview with the FBI concerning allegations that classified information was improperly stored or transmitted on a personal e-mail server she used during her tenure
A mystery user breached an email account on Clinton's server (CSO) The unknown user browsed email folders and attachments, the FBI says in newly released documents
Bill Clinton Staffer’s Email Was Breached on Hillary’s Private Server, FBI Says (Wired) Since it came to light that Hillary Clinton ran a private email server during her time as Secretary of State, that computer’s security has become a subject of controversy among politicos whose only notion of a “server” until recently was a waiter carrying canapés at a fundraising dinner
Evidence Clinton Was Speared In Phishing Attack (Smoking Gun) FBI report details "multiple" attempts to breach accounts
Clinton answers reporters' questions on emails, cyber hacking, in rare exchange (Fox News) Democratic presidential nominee Hillary Clinton on Monday held a question-and-answer session with reporters, defending her handling of confidential material as secretary of state and answering several other pressing questions, amid criticism she has largely avoided the news media during her campaign
A state.gov Email Account Is Not a Secure Account (Mother Jones) I had a conversation today on Twitter that suggests there's something that perhaps a lot of people don't quite understand
Kaine: Trump's actions like Watergate (CNN) Hillary Clinton's running mate Tim Kaine compared Donald Trump's seeming encouragement of Russia to hack and release Clinton's emails to Watergate
Amazon, Google, Apple… Fox News join Microsoft in US gag orders fight (Ars Technica) Eclectic bunch support MS battle against US government's secret requests for user data
Activists to FBI: Show Us Your Warrant for Mass Hack of TorMail Users (Motherboard) Mass hacking is now one of the FBI's established tactics for fighting crime on the dark web
Police Seize Two Perfect Privacy VPN Servers (TorrentFreak) VPN provider Perfect Privacy has had two of its servers seized by Dutch police, as part of an active investigation
Suspect arrested in 5-year-old kernel.org breach (CIO) A computer programmer is accused of compromising several Linux Foundation servers in 2011
Report: Nigeria Detains Reporter Over Boko Haram Link (AP via ABC News) Nigerian intelligence agents Monday detained a journalist off an aircraft arriving from Dubai, over alleged links to Boko Haram and purported knowledge of the kidnapped Chibok schoolgirls, Nigerian media and a security agent reported
Australian Teenager Sentenced to 10 Years in Jail for Anzac Day Terror Plot (New York Times) A teenager who plotted to run over and behead a police officer during a holiday parade in Melbourne last year was sentenced on Monday to 10 years in jail
Warner Bros. flags own site for piracy, orders Google to censor pages (Ars Technica) Studio also wanted Amazon, Sky, and IMDb links nixed for allegedly breaking copyright law
Pokémon Go church stunt could mean hefty jail term for Russian blogger (Ars Technica) 22-year-old accused of "insulting religious sensitivities," faces five years behind bars
John McAfee Sues Intel over Naming Rights (Infosecurity Magazine) Controversial anti-virus pioneer John McAfee has been told by Intel he can’t use his own name to rebrand a new company because the chip giant owns the rights
For a complete running list of events, please visit the Event Tracker.
cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, Sep 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
Innoexcell Annual Symposium 2016 (Singapore, Sep 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers