Notes from the Air, Space and Cyber Conference. German political parties hacked. New ransomware strains and delivery mechanisms. Tesla hack demonstration. Cisco bug exploited in the wild.
news from the Air Force Association's Air, Space, and Cyber Conference
The Air Force Association's annual meeting has a name that emphasizes the importance of the cyber domain in Air Force strategic, operational, and tactical thinking.
Lieutenant General Kevin McLaughlin, Deputy Commander of US Cyber Command, opened the conference's second day with an overview of his organization and its mission. He stressed its responsibility for three missions: defense of Department of Defense information networks, support combatant commanders with "full spectrum" (that is, defensive and offensive) capabilities to joint forces, and (when directed by the National Command Authority) to protect US critical infrastructure against cyber attacks "of significant consequence."
The conference was, as one attendee remarked, "heavy-industry heavy," with producers of aircraft, munitions, and avionics strongly represented on the conference floor (service organizations and providers dedicated to Air Force members and their families were second most in evidence). There were some cyber security providers in evidence, and not all were big integrators with cyber divisions. More to the point, a general awareness of, and concern for, the cyber security of advanced systems currently under development.
There was also evident concern for development of a cyber security workforce—primarily military, to be sure, but also civilian. The Air Force, like everyone else, understands that it's operating in a very tight labor market, and it's looking for as much flexibility ("agility," as the A-1, Lieutenant General Grosso, put it) in recruiting and retention as possible. Coverage of the panel on workforce development may be found here.
Two initiatives stand out. Everyone had very good things to say about Cyber Patriot, the Air Force Association-led youth cyber education program. And the Military Cyber Professional Association was also present on the floor, a group organized to support and foster the growth of the profession.
German new outlets are reporting that a number of senior politicians and their staffs have come under cyber attack, apparently by Russian actors. The Bundestag sustained compromised last year; the current round extends to political party organizations in the country's Länder. It appears the attackers initial approach was through a long series of phishing emails purporting to originate in NATO. The timing of the attacks suggests an interest in elections, and Süddeutsche Zeitung significantly juxtaposes the story with its coverage of election-related hacking in the US.
Anonymous, unhappy with the treatment offered for ADHD in Italy, focuses its attention on four healthcare sites. The action involves both website defacements and release of stolen data.
The vulnerability Cisco found in the course of its investigation of the Shadow Group exploits is being used by attackers in the wild. Patches and mitigations are expected soon.
More ransomware enters circulation, some unsophisticated (DetoxCrypto is distributed in a poorly crafted imitation of Malwarebytes communication; other strains are being carried by bogus FedEx failed delivery notices) but some sophisticated indeed, and dangerous—Mamba, also known as HDDCryptor, is unusually dangerous. Mamba locks hard drives, encrypts files in mounted drives and network shares, and overwrites master boot records.
The RIG exploit kit has taken Angler's place, and is now distributing CrypMIC ransomware.
Academic institutions appear to have taken over first place from healthcare institutions as the principal target of ransomware.
Chinese researchers demonstrate proof-of-concept hacks of Tesla cars. They disclosed them privately; Tesla has already patched.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, India, Italy, Democratic Peoples Republic of Korea, Netherlands, Poland, Taiwan, Turkey, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland, as Jonathan Katz discusses Google’s recent adoption of HSTS encryption. Our guest is the Johns Hopkins University's Matthew Green, who will talk about the dangers of weakening encryption for the sake of law enforcement. As always, if you enjoy the podcast, please consider giving it an iTunes review.
National Harbor, Maryland: the latest from the AFA's Air, Space and Cyber Conference
Cyberwarfare: What are we doing today? (Air Force News Service) Lt. Gen. J. Kevin McLaughlin, the U.S. Cyber Command deputy commander, discussed the missions, capacity and capabilities of USCYBERCOM during a cyber warfare session at the Air Force Association Air, Space and Cyber Conference here Sept. 20
Cyber Command builds critical infrastructure defense skills (FCW) As U.S. Cyber Command reaches operational capability in its mission to protect Defense Department networks and support combat commanders, it is also firming up its plans to help the Department of Homeland Security defend critical infrastructure networks, according to one of the command's top leaders
Technical Workforce Development: The Cyber Challenge (The CyberWire) A two-person panel offered perspectives on developing, recruiting, and retaining a cyber workforce. One represented the Air Force, the other industry
Conversations on the Conference Floor (The CyberWire) We were able to spend some time on the exhibit floor, talking with exhibitors and conference participants. While the exhibits were, as one observer noted, "heavy-industry heavy" with airframe manufacturers, flight service providers, and major system integrators dominating the floor, there was also a manifest interest in cyber security
Cyber Attacks, Threats, and Vulnerabilities
German politicians faced cyberattack: report (Politico) Security experts believe senior politicians and their staff were targeted
Hackerangriff auf deutsche Parteien (Süddeutsche Zeitung) Hochrangige Politiker haben mehrmals E-Mails mit einer Spähsoftware erhalten. Die Regierung befürchtet, dass Abgeordnete vor der Bundestagswahl ausgespäht werden
Anonymous Targets Italian Healthcare Sites Against ADHD Treatment (HackRead) Anonymous defaced four Italian healthcare websites and also dumped data on the Internet — Anonymous is not happy with the government’s stand on the way ADHD patients are being treated
Cisco reveals new vulnerability used by hackers to conduct first real-world cyberattack from leaked NSA cyber tools (International Business Times) Cisco has not issued a software update yet adding that there are currently 'no workarounds that address this vulnerability'
DDoS Mitigation Firm Has History of Hijacks (KrebsOnSecurity) Last week, KrebsOnSecurity detailed how BackConnect Inc. — a company that defends victims against large-scale distributed denial-of-service (DDoS) attacks — admitted to hijacking hundreds of Internet addresses from a European Internet service provider in order to glean information about attackers who were targeting BackConnect
Android Scam Call And SMS Security Is Undone By HTML Exploiting Malware (TechWeek Europe) Android’s built-in protection which flags warnings about apps trying to send premium rate messages without user consent can be manipulated by malware
Ransomware disguises itself as Malwarebytes Anti-malware (though quite poorly) (Neowin) When it comes to deceiving people, there's nothing like using a little social engineering to achieve this. This is also the favorite technique of cybercriminals, victimizing a lot of innocent people with malware
Mamba Ransomware Encrypts Hard Drives Rather Than Files (Threatpost) Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive
HDDCryptor ransomware uses open source tools to thoroughly own systems (Help Net Security) HDDCryptor (aka Mamba) is a particularly destructive piece of ransomware that encrypts files in mounted drives and network shares, locks the computers’ hard disk, and overwrites their boot disk MBR
Security Alert: RIG Exploit Kit Picks up Where Neutrino Left Off, Spreads CrypMIC ransomware (Heimdal Security) The Neutrino EK campaign takedown that was announced 20 days ago left a big gap in the cyber crime market. And so did the arrest of Angler’s creators. But it didn’t take long for other cyber criminals to jump at the chance to increase their revenues
Fake FedEx ‘missed delivery’ emails infecting devices with ransomware (Hackread) An email has been doing the rounds on the internet that appears to be a regular notification from FedEx related to a missed delivery. However, this is no ordinary email as it is yet another campaign to trick unsuspecting users into opening an attached invoice that contains ransomware malware
Education Now Suffers The Most Ransomware Attacks (Dark Reading) New data shows ransomware rates worldwide doubling and tripling in past 12 months
Someone Is Putting Malicious USB Sticks in Australian Mailboxes (Motherboard) Some people just can't resist the urge to plug random USB sticks into their computers. Now, someone in Australia is taking full advantage of the public's naivety when it comes to cybersecurity
How Cybercriminals Target Victims: Report Cites Top Information Resources (Hacked) Cybercriminals, whose attacks cost organizations millions of dollars a year, do extensive research on their targets. They gather organizational and personal information before deciding which vulnerabilities to exploit
Fake Critical System Failure Alert Removal (Bleeping Computer) The Critical System Failure alert is a Trojan from the Rogue.Tech-Support-Scam family that displays a fake Windows alert that tries to scare you into calling a listed remote tech support number
Dissecting Windows 10 Security (Redmond Magazine) New features such as the Antimalware Scan Interface, Virtualization-Based Security and threat analytics are making Windows much more difficult to exploit, but hackers and researchers demonstrate it's still not impossible
Could a DDoS Cyber Attack Take Down a 911 Emergency System? (EDM Digest) Norton, an antivirus program developer, defines a bot as a type of malware that allows a hacker/attacker to take control of an affected computer
880,000 users exposed in MoDaCo data breach (Help Net Security) Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised
Payment Gateway Data Breach Exposes Financial Details of 324,000 users (HackRead) Attacking high profile websites and companies, stealing huge databases and dumping the data online seem to be the latest trend in the hacking community. In the latest breach, nearly 324,000 users have been affected as a payment gateway BlueSnap or its affiliate RegPack became a victim of data breach
WoW Dev Blizzard Deluged in Another DDoS Blitz (Infosecurity Magazine) World of Warcraft fans were left high and dry for the second time in a month after developer Blizzard Entertainment’s servers were DDoS-ed yet again at the start of the week
The cyber nuclear option that might already be in place (Bulletin of the Atomic Scientists) In late 2015, a top-flight online security expert made a startling discovery while investigating an attack on one of his corporate clients: A routine effort to hold the company’s data for ransom had exploited a path blazed more than a year earlier, yet the initial hackers had yet to cause any harm, despite pulling off an elaborate break-in
Welcome to the Dark Net, a Wilderness Where Invisible World Wars are Fought and Hackers Roam Free (Vanity Fair) Through the eyes of a master hacker turned security expert, William Langewiesche chronicles the rise of the Dark Net—where weapons, drugs, and information are bought, sold, and hacked—and learns how high the stakes have really become
Chinese researchers hijack Tesla cars from afar (Help Net Security) Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components
Insurer Warns of Drone Hacking Threat (Infosecurity Magazine) Insurance giant Allianz has warned that the increasing volume of drones in our skies could present a major cybersecurity threat, potentially even resulting in loss of life
North Korea accidentally lets slip all its .KP domains — and there aren’t many (TechCrunch) North Korea is famously secretive and restrictive — the regime goes to great lengths to both prevent the outside world from learning what goes on there and prevent its citizens from learning about the outside world. An IT error just gave us a glimpse at the country’s online ecosystem — and it’s a pretty meager one
Security Patches, Mitigations, and Software Updates
Tesla Fixes Critical Remote Hack Vulnerability (Threatpost) Several models of the Tesla S cars were hacked by researchers who were able to abruptly stop the car in its tracks, pop open the trunk while the car was being driven, and remotely turn on and off the windshield wipers
Symantec patches more bugs found by Google bug hunter (CSO) Symantec’s problems fixing bugs in its archive parser discovered by Google’s antivirus bug-hunter Tavis Ormandy aren’t quite over yet
Should you trust your security software? (Help Net Security) The complaint that security is broken isn’t new and even industry insiders are joining the chorus. Companies spent an estimated $75 billion last year on security products and yet cyber attacks and data breaches are still a common occurrence. Now, we’re finding that security tools themselves have vulnerabilities that are putting organizations at risk
Apple Squashes 68 Security Bugs With Sierra Release (Threatpost) With the release of macOS Sierra 10.12 Tuesday, Apple snuffed out dozens of lingering security vulnerabilities in OS X El Capitan and Yosemite. Along with updates to its OS, Apple addressed security bugs in its Safari web browser and macOS Server in separate security bulletins, also released Tuesday
Swift hopes daily reporting will help stem payment fraud (CSO) But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity
Cyber Trends
New AlienVault Research Finds 76% of Security Professionals Believe Sharing Threat Intelligence Is a Moral Responsibility (Yahoo! Finance) AlienVault polled 222 security professionals at Black Hat 2016 to determine how they are incorporating threat intelligence into their malware defense strategies
28 Percent of Organizations Don't Encrypt Data in Public Cloud Environments (eSecurity Planet) And 47 percent said security concerns are their main reason for avoiding cloud deployments, a recent survey found
Identity and personal data theft account for 64% of all data breaches (Help Net Security) Data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015, according to Gemalto
UK: Financial fraud soars (Help Net Security) More than 1 million incidents of financial fraud – payment card, remote banking and cheque fraud – occurred in the first six months of 2016, according to official figures released by Financial Fraud Action UK
Cyber terrorism seen as biggest single future threat (Help Net Security) 47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%)
Marketplace
Poland's PGZ signs cyber co-operation agreement with Microsoft (IHS Jane's Defence Weekly) Polish state-owned defence group Polska Grupa Zbrojeniowa (PGZ) has announced that it has agreed to co-operate with Microsoft on the provision of cyber-security within Poland
SIEM market dynamics in play (Network World) Financial churn combined with new requirements are transforming the SIEM market for enterprise organizations
Student cybervandal earns $300,000 for hacking US Airlines (Naked Security) In November 2014, Georgia Tech computer engineering student Ryan Gregory Pickren cyber-trespassed to post this pre-football-game message on the calendar of his school’s arch-rival, University of Georgia
Products, Services, and Solutions
Terbium Labs Announces the General Availability of Its Dark Web Data Intelligence Platform, Matchlight (Yahoo! Finance) Terbium Labs announces the general availability of Matchlight, the world's first fully private, fully automated data intelligence system to find compromised or stolen data on the dark web as soon as it appears. In private beta since June 2015, Matchlight has quickly grabbed the attention of security teams at leading businesses and government organizations for its innovative approach to information security -- offering much-needed private, proactive and automated breach detection that's both affordable and reliable
ThreatConnect Adds Orchestration to its Intelligence Platform (News Channel 10) With orchestration, ThreatConnect customers may bridge security teams, tools, processes, and threat intelligence for faster, more efficient actions
High-Tech Bridge releases a new version of its free SSL testing service (High-Tech Bridge) High-Tech Bridge is pleased to announce a new release of its free SSL security testing service that companies and organizations from all over the world use to test their web, email, VPN and other SSL/TLS-based services. The new release thoroughly tests for known vulnerabilities in SSL/TLS implementation (e.g. Heartbleed) and in encryption protocols (e.g. POODLE), as well checks if a SSL/TLS configuration is compliant with PCI DSS requirements, HIPAA guidance and NIST guidelines
Device Authority announces new KeyScaler IoT security platform (Device Authority) KeyScaler converges Device Authority and Cryptosoft security solutions and adds policy driven key and certificate management
Generali Global Assistance : Deploys Iris OnWatch Identity Protection for Optima Tax Relief (4-Traders) Generali Global Assistance (³GGA² or ³the Company²), a leader in the assistance industry since its founding in 1963 and part of the multinational Generali Group, today announced that it has deployed its Iris OnWatch (³Iris²) identity protection platform for Optima Tax Relief (³Optima²). Optima will now, along with its industry leading tax relief services, offer its customers 360° identity and digital protection services inclusive of the four pillars of identity protection - prevention, monitoring, alerts and resolution
Verodin and Critical Start Partner to Advance Instrumented Security Across Industry Sectors (BusinessWire) Critical Start to resell and integrate Verodin Platform within its security assessment and managed security services practices
APTEC and Duo Security Help Enterprises Protect Critical Assets with Multi-Factor Authentication (APTEC) APTEC, a Cyber Risk Management, LLC company and leading provider of identity governance and access management services, today announced a partnership with Duo Security to help organizations add and manage strong two-factor authentication, protecting business critical data and other IT assets. Under the partnership, Duo’s scalable, cloud-based Trusted Access platform joins APTEC’s portfolio of identity-as-a-service (“IDaaS”) offerings, which will greatly strengthen the security and compliance of any organization
Security Startup FinalCode Tackles The Big File-Sharing Problem With Help From The Channel (CRN) San Jose, Calif.-based security startup FinalCode continues to invest in its young channel program, focusing on security resellers and enterprise content management resellers
FireEye Threat Analytics Platform: Product overview (Tech Target) Expert Dan Sullivan takes a look at the FireEye Threat Analytics Platform, a cloud-based security analytics product that offers threat detection and contextual intelligence
iovation Launches Sophisticated Machine Learning Fraud Detection Solution (Yahoo! Finance) iovation, the leading provider of device-based solutions for authentication and fraud prevention, today announced the launch of iovationScore
CentraComm Extends Managed Security Services to the Cloud with Zscaler (Press Release Rocket) New offering combines CentraComm’s managed service expertise with the Zscaler Cloud Security Platform to enable customers moving from appliances to the cloud
Continuous PCI Compliance Monitoring from Tenable Network Security Provides Real-time Compliance Data on 75 Percent of PCI DSS Controls (BusinessWire) Tenable strengthens payment card system security and enables faster threat response for retail operations, merchants and service providers
PKWARE: Inventors of Zip now fielding smart, scalable encryption (CTO Vision) PKWARE has a history of producing scalable, highly functional software and approaches to data storage, movement and encryption. With this post we are initiating coverage of PKWARE, tracking them in our Disruptive IT Directory in our sections on the highest performing Infrastructure and Security companies
Lord David Blunkett Urges Orgs to take Cyber Highway to Better Security (Infosecurity Magazine) Today, Former Home Secretary and Chairman of Cyber Essentials Direct Lord David Blunkett launched The Cyber Highway which offers a new, unique and user-friendly online portal for large enterprises seeking to sure up the cyber defense of their supply chain, and for companies of all sizes that want to improve their cyber resilience
Technologies, Techniques, and Standards
ISF Debuts Best Practice Framework for Protecting 'Crown Jewels' (Infosecurity Magazine) The Information Security Forum (ISF) has debuted Protecting the Crown Jewels, a structured, methodical process for determining the approaches required to protect mission-critical information assets
Industrial IoT is inching toward a consensus on security (CSO) The Industrial Internet Consortium has released an IoT security framework
The federal self-driving vehicles policy has finally been published (Ars Technica) There's a 15-point safety assessment for manufacturers and help for individual states
Which Threat Risk Model Is Right for Your Organization? (eSecurity Planet) Which threat risk model is right for you? We compare strengths and weaknesses of three popular ones: STRIDE, DREAD and CVSS
Blog: Financial Sector Offers Model for Cybersecurity Sharing (SIGNAL) When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control
Hacking 'Forward’ With Weaponized Intelligence (Dark Reading) Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
Why Data Reduction is Key for Meaningful Visualizations (Security Week) As many of you are aware, I have spent quite a bit of time in Security Operations Centers (SOCs) over the course of my career. I remember one particular experience like it was yesterday. A high ranking executive came through for a whirlwind tour that literally lasted about 17 seconds. On her way out, she screamed, “I need more pictures on those big screens!”
The Five Steps of Incident Response (Digital Guardian) Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident. There are five important steps that every response program should cover in order to effectively address the wide range of security incidents that a company could experience
When Alexa is listening, what do you tell houseguests? (Christian Science Monitor Passcode) If you've plugged in an eavesdropping personal assistants such as the Amazon Echo Dot, are you obligated to warn visitors, 'Be careful what you say, Alexa is listening'?
Research and Development
Scientists Set a New Distance Record for Quantum Teleportation (Motherboard) Scientists have teleported the quantum state of a light particle over six kilometers (roughly 3.7 miles), setting a new distance record for quantum teleportation—and taking another step towards creating an internet that’s secure from hacking threats, including those posed by future quantum computers
Academia
NIST Grants Take Regional Approach to Solve National Cybersecurity Challenge (NIST) The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has awarded grants totaling nearly $1 million for five projects that are taking a community approach to addressing the nation’s shortage of skilled cybersecurity employees
Report ranks CMU at top of list for cybersecurity (Pittsburgh Business Journal) Carnegie Mellon University was ranked number one by InformationWeek as the top college for cybersecurity
Legislation, Policy, and Regulation
Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say No (Wire) From mandatory disclosures, to improving CERT-IN’s functioning and transparency, there is much to be done in the event of future cyber attacks
Experts Want Transparency From Government’s Vulnerabilities Equities Process (Threatpost) The federal government’s Vulnerabilities Equities Process—albeit a heavily redacted version—was turned over more than a year ago, and despite that measure of visibility, privacy and security watchdogs still don’t have the transparency they seek with the regard to the unreported flaws the government has at its disposal
Pentagon goes 'back to basics' on cyber (FedScoop) The plan, released last year and updated in February, is designed to radically simplify the department's approach, and provide metrics and benchmarks for assessing progress
STRATCOM Nominee Favors Boosting Cyber Command, Nuke Modernization (Defense News) US Cyber Command should be elevated to an independent, unified combatant command, the nominee to head US Strategic Command told lawmakers Tuesday
Will tracking digital harassment help defend against internet trolls? (Christian Science Monitor Passcode) Almost a year after his teenage daughter's attacker was sentenced in a high-profile sexual assault case, Alexander Prout hoped his family could get back to normal
Minnesota, Florida Outline Cybersecurity Plans (Government Technology) State CIOs weigh in on the issue that's topping their priority lists
Litigation, Investigation, and Law Enforcement
House panel looking into Reddit post linked to Clinton’s deleted email (Naked Security) Paul Combetta, the IT guy who reportedly deleted Hillary Clinton’s emails despite Congress’ orders to preserve them, was given immunity by the Department of Justice a few weeks ago
Wells Fargo CEO grilled by Senate committee over opening fake accounts (Ars Technica) The bank will be contacting every customer and expanding its review of fraud
Federal judge says Bitcoin is money in case connected to JP Morgan hack (Ars Technica) Despite definitions used by IRS and Florida judge, Anthony Murgio won’t have two charges dismissed
Judge: child porn evidence obtained via FBI’s Tor hack must be suppressed (Ars Technica) Third judge rules that Playpen search warrant was invalid from the start
Hollywood and Washington battle to define Snowden's image (Christian Science Monitor) With Hollywood and rights groups stepping up efforts to portray the ex-National Security Agency contractor as a hero, Snowden's detractors in Congress struck back by questioning his motives and ethics
The Cyber Threat: Snowden—Ultimate Insider Threat Missed by NSA Security (Washington Free Beacon) How political correctness harms the intelligence community and national security
Judge gives man who stole former NSA chief’s identity a break (Chicago Sun-Times) The judge wasn’t convinced that the man standing before him — someone who’d stolen the identity of the former director of the National Security Agency — had cleaned up his act
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
AFA AIr, Space, and Cyber Conference (National Harbor, Maryland, USA, Sep 19 - 21, 2016) The Air Force Association’s Air, Space & Cyber Conference is the must-attend event by Airmen each fall. This annual gathering provides attendees with an unrivaled platform to debate and discuss the most pressing trends and topics shaping the defense industry
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
Cyber Security Conclave India (SCSC) Conference and Exhibition (Hyderabad, India, Sep 22 - 23, 2016) Understanding the intensity and effects of growing cyber frauds, SCSC – Society for Cyberabad Security Council has come up with the very first edition of the Annual Cyber Security Conclave in 2015. This event is exclusively designed to create a mutual platform for experts and the public to come together and share knowledge on one pestering issue – cyber-crime and how to keep yourself within the boundaries of cyber security.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
Structure Security (San Francisco, California, USA, Sep 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.
Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, Oct 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.
Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, Oct 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.
Cambridge Cyber Summit (Cambridge, Massachusetts, USA, Oct 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.
IP EXPO Europe (London, England, UK, Oct 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe
RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, Oct 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.
SecureWorld Denver (Denver, Colorado, USA, Oct 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
VB 2016 (Denver, Colorado, USA, Oct 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.