
Implications of the Yahoo! breach. KrebsOnSecurity is back after massive DDoS (IoT botnets, "privatized censorship" seen). Switzerland votes for more surveillance. Cyber riots in the Caucasus. FBI releases more Clinton email probe documents.
Yahoo!'s disclosure Thursday that more than 500 million customers' account information—including "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers"—draws much comment. The breach, dating to 2014, was discovered during investigation of rumors that stolen credentials were being offered on the black market. The company blamed an unnamed "state-sponsored actor" for the compromise.
Yahoo! has been seeking a soft landing for a much-challenged business by selling its core assets to Verizon for $4.8 billion. That soft-landing is now in doubt: The New York Times notes that Yahoo! stated in the merger agreement that “there have not been any incidents of, or third-party claims alleging” security incidents that could affect Yahoo!'s value. The acquisition could be cancelled, but observers think renegotiation of the price downward likelier.
KrebsOnSecurity is back, now hosted by Google, after sustaining a very large DDoS attack. The site's host, Akamai (who hosted KrebsOnSecurity pro bono; the two parted without rancor) severed services when the volume of attack traffic began to affect its other customers. The attack is a troubling bellwether for two trends: use of IoT botnets in high-volume DDoS, and the privatization of censorship (Krebs is thought to have been attacked in retaliation for reporting on a DDoS-as-a-service enterprise).
The US FBI late Friday released more documents from its investigation of former Secretary of State Clinton's email practices.
Switzerland yesterday voted for more extensive government surveillance powers.
Notes.
Today's issue includes events affecting Afghanistan, Armenia, Australia, Azerbaijan, Canada, China, Germany, India, Kosovo, Russia, Switzerland, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Ben-Gurion University of the Negev, as Yisroel Mirsky describes the security risks of Android touch loggers. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
GCHQ thwarted Russian cyber-attack on general election (Sunday Times) Russian hackers threatened to cause massive disruption to British government departments and TV broadcasters in the run-up to last year’s general election, security sources have revealed
Dark Net Researcher Says Russian Hackers Attacking Big Companies in US (HackRead) According to dark net researcher Ed Alexander, nearly 85 high profile US tech firms including Amazon and Apple Pay allegedly attacked by Russia-based hacking group
Armenian Hackers Leak Azerbaijani Banking and Military Data (HackRead) Armenian hackers leaked personal details of government officials and also defaced embassy sites to celebrate 25 years of Armenian independence
Yahoo hack is latest major cyber-attack (AFP via Yahoo! Tech) The massive hacking attack on Yahoo revealed Thursday is one of biggest thefts of online users' personal information ever, affecting some 500 million accounts
Yahoo’s compromised records likely hidden within encrypted traffic, vendor says (CSO) Venafi researchers outline crypto problems at Yahoo, say compromised data was likely encrypted
Is the Yahoo hack evidence of an international cyberwar? (KPCC) On Thursday, Yahoo announced that they're the victim of one of the largest data breaches in history, stating that 500 million accounts had been compromised. In their announcement, they also described the hack as state-sponsored
Yahoo! hack – Industry reactions (ITSecurityGuru) Yahoo has confirmed that more than 500 million account holders’ details have been compromised in a data breach
Security Industry Reactions to the Yahoo! Breach (The CyberWire) Last week's disclosure by Yahoo! that somewhat more than 500 million customers' credentials had been compromised in a breach dating back to 2014 has prompted widespread reaction from industry experts. The incident has implications for Yahoo!'s consumer trust; it also is seen as likely to affect, adversely, the soft landing the company anticipated in Verizon's proposed acquisition of Yahoo!'s core assets. We summarize below some of the commentary we've received from security industry veterans
Massive Yahoo Data Breach Shatters Records (BankInfoSecurity) Between cybercriminals and state actors, password war is being lost
Why Yahoo Is Under Fire About Cyber Hack Timeline (Fortune) Yahoo has many more questions than answers right now
Yahoo's Mega Breach: Security Takeaways (BankInfo Security) Post-Snowden, breaches less likely to occur today, F-Secure's Sullivan contends
Yahoo hack throws internet insecurity into sharp relief (Christian Science Monitor Passcode) The massive scale of the credential thefts at Yahoo, LinkedIn, and the other internet firms has focused attention on the seeming inability of American companies to secure their networks against foreign and domestic adversaries
Massive Yahoo hack 'evidence of industry’s complacency' (Engineering & Technology) Data of 500 million Yahoo users has been stolen in what has been described as the largest hack of its kind to date, prompting cyber security experts to unleash an avalanche of criticism about the lack of circumspection in the industry
Some Yahoo users close accounts amid fears breach could have ripple effects (Reuters) Many Yahoo users rushed on Friday to close their accounts and change passwords as experts warned that the fallout from one of the largest cyber breaches in history could spill beyond the internet company's services
Yahoo Data Breach: Stolen Passwords Were Encrypted, but That Doesn't Mean Users Are Safe (Consumer Reports) The most dangerous losses could be security questions and answers
What Consumers Need to Know About the Yahoo Security Breach (ABC News) Yahoo announced on Thursday that it believes information associated with at least 500 million user accounts was stolen by a "state-sponsored actor" at the end of 2014
One of the Largest DDoS Attack Ever Seen Kills Krebs Security Site (WebProNews) One of the largest Denial of Service (DDoS) attacks ever seen on the internet has caused Akamai to dump a site it hosted, KrebsOnSecurity.com. The DDoS attack was apparently in retaliation for journalist Brian Krebs' recent article about vDOS, which is allegedly a cyberattack service
Krebs on Security booted off Akamai network after DDoS attack proves pricey (ZDNet) There's no rancor or bitterness, however, since Akamai hosted the security expert's blog pro bono
The Democratization of Censorship (KrebsOnSecurity) John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech
A massive attack that may have hijacked online cameras will soon be “the new normal” (Quartz) One of the biggest distributed denial-of-service (DDoS) attacks ever was directed at independent security journalist Brian Krebs on Tuesday (Sept. 27), and lasted for three days, leading his service provider to take his website offline. More ominously, the attack could have been originated from a “botnet”—a network of devices controlled by a hacker—comprised of unsecured, internet-connected, cameras
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net (Ars Technica) “Free speech in the age of the Internet is not really free,” journalist warns
Some thoughts on the Krebs situation: Akamai made a painful business call (CSO) Akamai was damned if they do, damned if they don’t, but Krebs is the one who is taking the beating
Email Hack Details Movements of Joe Biden, Michelle Obama and Hillary Clinton (New York Times) Hackers on Thursday posted hundreds of emails from a young Democratic operative that contained documents detailing the minute-by-minute schedules and precise movements of the vice president, the first lady and Hillary Clinton during recent campaign fund-raisers and official political events
Financial watchdog hit by IT outage - days after telling banks to improve cyber defences (Telegraph) The City watchdog said many of its systems have been knocked out by a “major IT incident”, days after it urged financial companies to improve their defences against cyber risks
iOS 10 security flaw allows hackers to crack passwords 2,500 times faster, Russian firm Elcomsoft says (International Business Times) Backup data mechanism in iOS 10 is vulnerable to password-cracking tools commonly used by hackers
Ever-Evolving Trojan Roots Devices and Infects Android System Process news.softpedia.com (Let All Know) The trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult
Over 850,000 Devices Affected by Unpatched Cisco Zero-Day (Softpedia) Lots of critical equipment vulnerable to BENINGCERTAIN 0-day
Caught on the Drive-by: Buhtrap Banking Malware Returns (Infosecurity Magazine) The Buhtrap malware has been caught stealing again: And an investigation from Cyphort Labs shows it being dropped via drive-by download targeting Russian banks
Spam Levels Spike, Thanks In Part To Ransomware (Dark Reading) By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns
Ransomware from Stoned to pwned (CSO) When I was in the trenches as a defender I saw all manner of malicious software. The first one I ever encountered back in the late 80s was the Stoned virus. This was a simple program that was lobbying the infected computer operator on the subject of legalizing marijuana. It was spread through the use of infected floppy disks
Chances of cyberattacks affecting election results in Nevada, US called remote (Las Vegas Review-Journal) The nation’s secretaries of state are trying to reassure voters that despite talk of cyberattacks and “rigged” systems in this contentious election cycle, the prospect of outside hackers skewing the outcome is remote
Clinic Reports Security Incident Involving HIE Access (HealthcareInfo Security) Vendor inappropriately accessed information on about 4,000 patients
Security Patches, Mitigations, and Software Updates
Microsoft Authenticator for iOS updated with push notifications feature (Phone Arena) Microsoft has just announced one of the long-awaited features that users requested has just made its debut on its Authenticator: push notifications
The Security Bug That Made Microsoft Discontinue Windows Journal (Softpedia) Heap overflow issue broke the camel's back
Cyber Trends
ICS vulnerabilities are still rampant (CSO) A panel of experts at the recent Security of Things Forum agreed that attackers are probably already inside the nation’s industrial control systems
Interview: Patrick Grillo, Fortinet (Infosecurity Magazine) Fortinet’s director of product strategy, Patrick Grillo, recently took to the Gartner Security & Risk Management Summit stage to deliver a session titled ‘The Internet of “Very Bad” Things’, but just before he did, I was able to sit down with him to dig a little deeper into what he thinks is so ‘Very Bad’ about the IoT, and what it means for the industry
Public safety threat: Cyber attacks targeting smart city services (Help Net Security) A new survey conducted by Dimensional Research assessed cyber security challenges associated with smart city technologies. Survey respondents included over 200 IT professionals working for state and local governments
MPs warn smart meters carry cyber attack risk (City A.M.) MPs have warned today that the government's plan to install smart meters in every house and business across the UK by 2020 carries cyber security risks
Companies say IoT matters but don't agree how to secure it (CSO) An IDC survey shows a majority of enterprises consider IoT strategic to their future
Federal Insider Federal cyber incidents jump 1,300% in 10 years (Washington Post) For the naive who still think cyber data is safe with Uncle Sam, here is some information that demonstrates the harsh reality
Typical Cost of a Data Breach: $200,000 or $7 Million? (GovInfo Security) Audio report: ISMG Editors analyze the latest developments
Marketplace
Yahoo's Titanic Data Breach Highlights Risk to M&A (Fortune) Companies are increasingly studying the security risk of their acquisition targets
Yahoo could pay for breach negligence in lower-priced Verizon deal (USA Today) Yahoo's trouble over its massive data breach is far from over
What the Hacking at Yahoo Means for Verizon (New York Times) Questions swirl about whether Verizon’s $4.8 billion deal for Yahoo’s core business will be renegotiated, or happen at all
Yahoo!’s Massive Breach: CUDA, Fortinet et al. Should Get a Lift, Says Piper (Barraon's) The Street this morning is trying to figure out what to do with Yahoo!’s (YHOO) disclosure yesterday of one of the largest-ever hacks, with half a billion users’ data having been compromised by a “state-sponsored actor”
Report of buyout interest from Cisco, IBM sends Imperva shares soaring (CNBC) Shares of the security-software company Imperva gained 21 percent on Friday after a report said it has drawn acquisition interest from several companies
Cisco Systems, Inc.: Why CSCO Stock is Important Again (Income Investors) CSCO stock: benefiting from new business focus
Has HPE lost focus on security software business? (Infotechlead) HPE enhances its security software as it prepares to spin-merge with Micro Focus — after selling several related businesses, says Jane Wright, principal analyst at TBR
Cyber crime has become big business (Financial Express) IT security firm Symantec is moving beyond traditional security software to help customers protect against a wider range of threats
Dell's SonicWALL sale close to completion (ChannelWeb) Dell Security VP expects the deal to close around the end of October
Australia must take cyber security opportunity (ComputerWeekly) Australia may never be able to create an IT industry like that in the US, but it can lead in cyber security
Security tycoon puts his trust in Ireland (Sunday times) Eugene Kaspersky got into computer safety by accident. Now the Russian billionaire is creating a €5m office in Dublin
Skyhigh Networks Raises $40 Million to Control the Cloud (Fortune) Cloud security startup now boasts more than 600 enterprise customers
Startup Spotlight: Cymmetria's Cyber Deception Technology (eSecurity Planet) Cymmetria's cyber deception technology turns the tables on bad guys by luring them to decoys where users can track their lateral movements
Cybersecurity accelerator gives startups the chance to work with GCHQ spy agency (ZDNet) A new government scheme designed to help protect the UK from cyberattacks has been launched
CounterTack Recognized as Innovative US Army Venture-Backed Startup (American Security Today) CounterTack today announced it was recognized by CB insights, a research and advisory firm, in a list of emerging technology companies backed by U.S. government defense- and security-focused investment firms
Security Salaries Skyrocket with Pros in Hot Demand (Infosecurity Magazine) Whilst the cybersecurity skills shortage continues to plague the industry, security professionals appear to be reaping the benefits with job opportunities and salaries skyrocketing across the board
Proofpoint Hires Former Fortinet Exec As North American Channel Chief (CRN) Proofpoint has nabbed former Fortinet channel exec Jon Bove as its North American channel chief, as the security vendor looks to expand its push into the channel with regional reseller partners
Products, Services, and Solutions
Cybersecurity training center set to open in Baltimore (Technical.ly Baltimore) The ETA Cyber Range is set to provide simulations of attacks on the digital battlefield
Darktrace announces cloud-only environment (Cloud Pro) Enterprise Immune System offers 100% visibility of users and data in the cloud
Technologies, Techniques, and Standards
7 New Rules For IoT Safety & Vuln Disclosure (Dark Reading) In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry (Dark Reading) Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says
Broadening the Scope of Mobile Security (GovInfo Security) New NIST report offers list of risks to address
Quantum computing will cripple encryption methods within decade, spy agency chief warns (National Post) The head of Canada’s electronic spy agency warned Friday the advent of super-fast quantum computers will cripple current encryption methods for securing sensitive government and personal information within a decade
An Open-Source Security Maturity Model (Dark Reading) Oh you don't run open-source code? Really? Christine Gadsby of Blackberry and Jake Kouns of Risk-Based Security visit the Dark Reading News Desk at Black Hat to explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications -- proprietary and otherwise
The best way to learn about computers: break them (Christian Science Monitor Passcode) Travis Goodspeed, an independent cybersecurity researcher, says tinkering leads to better cybersecurity
Changing Passwords After a Breach Is Still Way Too Hard (Motherboard) Yahoo’s announcement earlier this week that 500 million user accounts were compromised inspired another prolonged sigh, at a time when data breaches are so commonplace they sometimes seem like background noise
Design and Innovation
Is Facebook having a crisis of confidence over all the bad news its algorithms are making? (TechCrunch) Is Facebook having — A) An existential crisis B) An attack of conscience C) A mid-life crisis D) None of the above?
Why CISOs Must Make Application Security a Priority (InfoRisk Today) Denim Group's John Dickson sizes up app development challenges
What’s in your code? Why you need a software bill of materials (CSO) When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates
Research and Development
Unpicking the Gordian knot around blockchain patents (TechCrunch) Earliest mentions of the term “bitcoin” in patent titles and abstracts date back to around 2009, while the term “blockchain” begins to appear in patent titles from around 2011. As of June 22, 2016, there were 492 published patent families directed to the theme of blockchain and 192 relating to bitcoin
Legislation, Policy, and Regulation
Swiss voters approve new surveillance law (Help Net Security) On Sunday, the Swiss populace voted in support for a new surveillance law that will give the Federal Intelligence Service (FIS) wider electronic surveillance powers to prevent terrorist attacks
The great firewall of China (Times of Malta) What are the implications of China’s cyber sovereignty, Marc Kosciejew asks
Top five GDPR myths (Help Net Security) At this moment, there are many misunderstandings surrounding the new GDPR legislation. These rules will affect any business that handles personal data, and therefore the majority of organisations in the UK, so owners are beginning to look into what GDPR will mean for them
Cyber security experts cold on mandatory breach legislation (Financial Review) The notion of compulsory data breach notifications is leaving some internet security experts and business leaders cold, despite the barrage of cyber attacks plaguing Australian companies on a daily basis
Regulation Of Encryption Is Need Of The Hour (CXO Today) It has been an observation that Indian corporate, government agencies, and even healthcare organizations, have been victims to reputation and financial draining data hacks and security breaches. The major reason is the lack of awareness for data encryption, and purpose it serves for organizations that deal with a large quantity of data flow, especially over the internet
Homeland Security increases focus on cybersecurity at the polls (Christian Science Monitor Passcode) Robert Silvers, assistant secretary for cybersecurity at Homeland Security, said the agency is helping states fortify voting systems against digital tampering before November's presidential election
What's the Likely Future of Cybersecurity in the States? (Government Technology) During a keynote session at their annual conference this week in Orlando, the National Association of State CIOs (NASCIO) released their biennial survey results on state cybersecurity. While the overall report trends (compared with the previous three surveys) seemed encouraging, many attendees asked me if the real situation was as positive as the data seemed to imply. Let’s explore the state CISO survey answers and the rest of the story
Litigation, Investigation, and Law Enforcement
Yahoo is sued for gross negligence over huge hacking (Reuters) Yahoo Inc (YHOO.O) was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts
‘Keep an Eye on Him,’ Ahmad Khan Rahami’s Father Says He Told F.B.I. (New York Times) The father of the man accused of carrying out bombings last weekend in New York and New Jersey said that, two years ago, he warned federal agents explicitly about his son’s interest in terrorist organizations like Al Qaeda and his fascination with jihadist music, poetry and videos
German Military Hacked Afghan Mobile Operator to Discover Hostage's Whereabouts (Softpedia) This was Germany's first offensive cyber operation
ISIS hacker gets 20 years for giving terrorists US military kill list (Ars Technica) We're “passing on your personal information to the soldiers of the khilafah”
Did Russia Hack The NSA? Maybe Not (KPBS) Lately Russia has been taking the blame for hacking everyone from the Democratic National Committee to former Secretary of State Colin Powell to the National Security Agency
Report: NSA hushed up zero-day spyware tool losses for three years (Register) Investigation shows staffer screw-up over leak
Obama used a pseudonym in emails with Clinton, FBI documents reveal (Politico) President Barack Obama used a pseudonym in email communications with Hillary Clinton and others, according to FBI records made public Friday
Why Did the Obama Justice Department Grant Cheryl Mills Immunity? (National Review) Well, what would Friday be without the latest document dump from the Clinton email investigation? Yesterday afternoon, with the public in distracted anticipation of the coming weekend and Monday’s Clinton-Trump debate showdown, the FBI released another 189 pages of interview reports
Former NSA analyst: FBI may reopen investigation if Clinton loses (Washington Examiner) The FBI could reopen its investigation into Hillary Clinton's mishandling of classified information if she fails to win the November election, according to a former National Security Agency analyst, especially in light of revelations made public in a Friday document dump by the agency
Trump hotel chain fined over data breaches (CSO) The chain, one of Donald Trump’s businesses, also delayed in reporting the breaches to consumers
Privacy groups urge US FTC to investigate WhatsApp promises (CSO) WhatsApp's plan to share data with parent Facebook violates earlier commitments, groups say
House Intelligence Panel Gets Dozens of Whistleblower Complaints Every Year (Intercept) Critics of leakers have often argued that whistleblowers have legitimate channels through which they can report their grievances, but in the murky world of intelligence, it’s hard to know how many complaints are filed, and what, if anything, happens as a result. Now, the House Permanent Select Committee on Intelligence says it sees “dozens” of such complaints every year.
IBM botched geo-block designed to save Australia's census (Register) Bureau of Stats says spooks signed off IBM's plan, but Big Blue mucked something up
Another Way to Violate Privacy: PHI in Court Documents (HealthcareInfo Security) Hospital system hit with sanctions tied to documents it filed
Man Arrested over Pippa Middleton iCloud Hack (Infosecurity Magazine) A man has been arrested for allegedly hacking into the iCloud account of Pippa Middleton and stealing around 3,000 personal images
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
Upcoming Events
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
Structure Security (San Francisco, California, USA, Sep 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.
Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, Oct 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.
Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, Oct 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.
Cambridge Cyber Summit (Cambridge, Massachusetts, USA, Oct 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.
IP EXPO Europe (London, England, UK, Oct 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe
RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, Oct 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.
SecureWorld Denver (Denver, Colorado, USA, Oct 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
VB 2016 (Denver, Colorado, USA, Oct 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
AFCEA CyberSecurity Summit (Washington, DC, USA, Oct 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.