
Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.
InfoArmor has published an extensive report on the Yahoo! breach. They conclude that two distinct criminal hacking groups were involved, along with a third black market reseller. The groups that stole the data, InfoArmor says, sold them at least three times, once to a "state-sponsored actor."
It's worth noting that "state-sponsored" can include a wide variety of groups in addition to government agencies and services themselves: activists, terrorist organizations, crime syndicates and an array of hired guns can all, under the right circumstances, legitimately be considered "state-sponsored." Thus "criminal" and "state-sponsored" are far from mutually exclusive, and states are using more fronts and cut-outs in cyberspace (an updated form of traditional information operations and espionage tradecraft).
Other lessons being drawn from the breach include the "toxicity" of personal data, which draw hackers' attentions (although it's unclear how companies that depend upon monetizing such data can avoid the toxin that comes with them) and the difficulties inherent in recovering from a breach that requires a massive password reset. Since security questions were also compromised, Wired suggests it's time to start telling lies in setting up one's answers.
The FBI warns Congress of more (presumably Russian) attempts to access state voter registration databases. Many take comfort from the disparate and disconnected US state-run voting systems, but such comfort is cold: one needn't globally hack an election to alter it. The power-grid analogy is instructive—a wayward squirrel or snake won't take out a continental grid, but it can still have major effect.
Notes.
Today's issue includes events affecting Australia, Belgium, China, European Union, France, Germany, India, Israel, Morocco, New Zealand, Russia, Spain, Syria, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Charles Clancy of Virginia Tech's Hume Center, who'll discuss software defined networking and the security implications thereof. Our guest will be Netsparker's Ferruh Mavituna, who'll talk about using subresource integrity checks with content delivery networks. And as always, if you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Yahoo Hackers Were Criminals Rather Than State-Sponsored, Security Firm Says (Wall Street Journal) InfoArmor says the hackers sold Yahoo database at least three times, including once to a state-sponsored actor
The Yahoo hackers weren't state-sponsored, a security firm says (CSO) Elite hackers-for-hire were actually behind the breach, according to InfoArmor
InfoArmor: Yahoo Data Breach Investigation (InfoArmor) Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations
Yahoo Breach: User Data Considered Toxic (Digital Guardian) Computer science and security rely on precision for the descriptions of their constructs and concepts. But there are some things that defy description in these realms, and the Yahoo data breach is one of them
Yahoo Breach Raises Questions About Password Resets (Wall Street Journal) Online services that depend on email for passwords resets are also at risk, experts say
Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox (Heimdal Security) So you think you have nothing valuable on your email? Think again
Hackers have attempted more intrusions into voter databases, FBI director says (Washington Post) Hackers have attempted more intrusions into voter registration databases since those reported this summer, the FBI director said Wednesday, and federal officials are urging state authorities to gird their systems against possible other attacks
Hacking The Polls: Where US Voting Processes Fall Short (Dark Reading) The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results
Opinion: Think hackers will tip the vote? Read this first (Christian Science Monitor Passcode) In the final stretch of the presidential campaign, there's growing concern hackers could strike on Election Day. But while there are concerns about cybersecurity at polling places, altering an election is another matter altogether
U.S. Believes Hackers Are Shielded by Russia to Hide Its Role in Cyberintrusions (Wall Street Journal) Officials are increasingly confident that the Russian government is intensifying a campaign to steal U.S. computer records and leak damaging information to the American public
Record-breaking DDoS reportedly delivered by >145k hacked cameras (Ars Technica) Once unthinkable, 1 terabit attacks may soon be the new normal
Web Host Hit by DDoS of Over 1Tbps (Infosecurity Magazine) A French web hoster is claiming his firm has been hit by the biggest DDoS attack ever seen, powered by an IoT botnet with an estimated capacity of 1.5Tbps
D-Link DWR-932 router is chock-full of security holes (Help Net Security) Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities affecting the LTE router/portable wireless hotspot D-Link DWR-932. Among these are backdoor accounts, weak default PINs, and hardcoded passwords
Introducing Her Royal Highness, the Princess Locker Ransomware (Security Newspaper) Today we bring you Princess Locker; the ransomware only royalty could love. First discovered byMichael Gillespie, Princess Locker encrypts a victim’s data and then demands a hefty ransom amount of 3 bitcoins, or approximately $1,800 USD, to purchase a decryptor. If payment is not made in the specified timeframe, then the ransom payment doubles to 6 bitcoins
IP Expo Nordic and getting Popp’d by ransomware (CSO) Ransomware has become all the rage in the security field these days. Both from the perspective of the writers and the defenders. The media is lousy with these articles and I’m apparently not above writing about it myself. This has been grabbing the headlines in a big way simply because of the insidious nature of it
Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business (CSO) Even smaller criminal groups are using smarter business tactics
Necurs botnet: the resurrection of the monster and the rising of spam (Security Affairs) Necurs botnet, the monster is resurrected. Banking Trojans and Ransomware propagated via spam is bring backing the high-volume spam campaign
China cyber espionage continues (Washington Times) U.S. Cyber Command recently reported within secret government channels that China is continuing aggressive cyber espionage against American companies
At your service: cyber criminals for hire to militants — EU (Interaksyon) Cybercriminals offering contract services for hire offer militant groups the means to attack Europe but such groups have yet to employ such techniques in major attacks, EU police agency Europol said on Wednesday
SNMP Pwn3ge (SANS Internet Storm Center) Sometimes getting access to company assets is very complicated. Sometimes it is much easier (read: too easy) than expected. If one of the goals of a pentester is to get juicy information about the target, preventing the IT infrastructure to run efficiently (deny of service) is also a “win”. Indeed, in some business fields, if the infrastructure is not running, the business is impacted and the company may lose a lot of money. Think about traders
New Zealand Herald publisher suffers cyber attack (News Hub) Media company NZME says a hacker has managed to get access to the details of tens of thousands of people who entered a competition
In a first, Forest Department falls prey to ransomware attack (New Indian Express) In a first incident of its kind, a government department fell victim of ranswomware attack by cyber criminals
WADA Says Electronic Database Is Safe Despite Cyber Attack (ABC News) Despite the hack of personal medical information from some of the world's leading athletes, the World Anti-Doping Agency says its overall electronic database is safe
More Than Half Of IT Pros Employ Insecure Data Wiping Methods (Dark Reading) Recent study shows most enterprise IT professionals incorrectly believe emptying a Recycle Bin or reformatting a computer drive permanently erases data
Why digital hoarding poses serious financial and security risks (Help Net Security) 82 percent of IT decision makers admit they are hoarders of data and digital files, according to research conducted by Wakefield Research among 10,022 global office professionals and IT decision makers to look into how individuals manage data
The Real Reasons Why Users Stink At Passwords (Dark Reading) Personality, denial, and authentication-overload are big factors, new study finds
The psychological reasons behind risky password practices (Help Net Security) Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – consumers have yet to adjust their own behavior when it comes to password reuse
Which celebrities generate the most dangerous search results? (Help Net Security) Female comedian Amy Schumer knocked DJ Armin van Buuren off of the list to become the most dangerous celebrity to search for online, according to Intel Security
Security Patches, Mitigations, and Software Updates
ISC Patches Critical Error Condition in BIND (Threatpost) The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software
Opera browser starts running traffic through its own “VPN” (Naked Security) …Except it’s not really a VPN, but more of a proxy. More on that in a bit
Cisco Battles Shadow Broker Exploits (TechNewsWorld) Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency
Cyber Trends
Crossing the next frontier (Banking Technology) There has been a huge amount of hype at this year’s Sibos about financial technology and its role in financial services. Devie Mohan* looks at the technologies that will help financial institutions cross the next frontier of innovation
IBM's Ginni Rometty Tells Bankers Not To Rest On Their Digital Laurels (Forbes) Just when bankers were beginning to understand what it will mean to become digital, IBM’s CEO told them that’s become a new minimum — the next step is cognitive computing
Bay Dynamics Unveils New Report That Finds Compliance Regulations Are Driving Boards to Make Cyber Security the Top Priority (MarketWired) Third study in series finds support for, but struggles with, increasing regulations and demand for adding more board security expertise
What’s driving boards of directors to make cyber security a top priority? (Help Net Security) Almost half (46 percent) of board members believe compliance regulations help establish stronger security, but nearly 60 percent struggle with meeting increased mandates—a nearly 20 percent jump over the past two years, according to a nationwide survey by Osterman Research
Cloud Security Paradigm: Time for Change? (InfoRisk Today) Gartner's Steve Riley says security mindset needs to evolve, adapt
A Bug Bounty Reality-Check (Dark Reading) New study shows that bug bounties without a secure application development program and testing can be costly
Marketplace
Verizon Remains Mum On Yahoo Acquisition Status In Aftermath Of Hack (CRN) Verizon has remained largely silent in the days following Yahoo's confirmation that more than 500 million of its user accounts were hacked in 2014, leaving the industry wondering whether the telecom giant is still committed to buying Yahoo
Akamai Acquires Data Processing Provider Concord Systems (Akamai) Akamai Technologies, Inc. (NASDAQ: AKAM) announced today that it has acquired Concord Systems, Inc., a provider of technology for the high performance processing of data at scale, in an all cash transaction. The acquisition is expected to complement Akamai’s existing platform data processing capabilities and augment the Company’s product roadmap for supporting customers leveraging Internet of Things (IoT) technologies
Contrast Security raises $16M; Tenable founder Ron Gula among investors (Baltimore Business Journal) Contrast Security has secured $16 million in new financing from venture capitalists and technology industry veterans, including Ron Gula, the founder of Columbia-based Tenable Network Security
Contrast Security raises $16M Series B, looks to grow in Natty Boh Tower (Technical.ly Baltimore) “For cyber, this is the place to be,” said VP of Engineering Steve Feldman
Shape Security Announces Strategic Investment and Partnership With Hewlett Packard Pathfinder (MarketWired) Closes $40M Series D as it now prevents $1B+ in online fraud, protects more than 20% of in-store mobile payments worldwide
Patriot Berry Farms (PBFI) Announces Name Change to Cyberfort Software Inc., Acquisition of first IP and a move into the Cyber Security Market (Econotimes) Patriot Berry Farms Inc. (OTCQB:PBFI) is pleased to announce completion of the initial steps required in order to enter the Cyber Security industry, commencing with a name change application, filed with the SEC on September 15th 2016. The company will soon be known as Cyberfort Software Inc. and will target the $122.45 billion1 Cyber Security market, starting with its purchase of an innovative iOS and MacOS privacy and security application
FireEye Inc's Worst Business Segment in 2016 So Far (Motley Fool) Subscription and services sales are up, but revenue in this division is slumping
Dropbox and Microsoft Join Privacy Shield (Infosecurity Magazine) Dropbox and Microsoft have become the latest big name US tech companies to announce they’ve signed up to the controversial US-EU Privacy Shield data transfer agreement, following Google
ZeroFOX Named a Leader & Top-Ranked in Strategy Category for Digital Risk Monitoring by Independent Research Firm (BusinessWire) Company focused on helping organizations gain visibility, governance and security around the largest digital risk vector: social media
Proofpoint Named A Leader In Digital Risk Monitoring and Granted Groundbreaking Patent for Social Media Protection (GlobeNewswire) Proofpoint credited for standing above the pack with unparalleled control and enforcement in the Forrester Wave™: Digital Risk Monitoring, Q3 2016 report
Check Point tour opens Israel pipeline to Aussie partners (ARN) Inaugural Israel trip gives local partners insight into Check Point's internal operations
Avecto sees North American sales surge by 67% (Press Release Rocket) Spikes in both revenue and headcount for software firm following US expansion
Didi Chuxing makes information security push with new U.S. research lab and hires (TechCrunch) Didi Chuxing, China’s largest ride-hailing company, has hired two distinguished security experts to lead a new U.S.-based research center as part of a major push to increase its data security efforts
Products, Services, and Solutions
Effective DarkComet RAT Analysis in 10 Minutes and 3 Clicks (Recorded Future) In 2015 we released a report on identifying known RAT (remote access trojan) controllers. Malicious IP addresses are continuously identified through proactive internet scanning (via Shodan) for known family signatures, like Poison Ivy and BlackShades. This year we created Recorded Future Intel Cards for common indicators that make analysis a breeze, and RAT controllers are a perfect example
Inside the Mind of a Hacker (Bugcrowd) The bug bounty community is a truly global group of people, coming from all walks of life, with diverse backgrounds, technical skills and expertise. This diversity is what fuels the power of the crowdsourced cybersecurity economy, connecting a community of skilled, creative individuals with organizations that need their help
PKWARE And QuintessenceLabs Announce Strategic Partnership To Create Next-Gen Crypto Solution (PRNewswire) Integration benefits customers with strengthened solution in key management and control of data-security policy
Trustwave Unveils the Next Generation of Global Security Operations (Sys-Con Media) Global network of federated, advanced security operations centers powered by Trustwave ushers in the next generation of cybersecurity protection
Splunk Expands Adaptive Response Initiative to Strengthen Enterprise Security (BusinessWire) Organizations to demonstrate new capabilities at .conf2016
Improving Security Savvy Of Execs And Board Room (Dark Reading) Jeff Welgan, executive director and head of training for CyberVista, visits the Dark Reading News Desk at Black Hat to describe how CyberVista is working to improve cybersecurity literacy throughout the C-suite
Google Launches All-Out War on XSS (Infosecurity Magazine) Google has released a new set of tools designed to help firms better fortify their web systems against cross-site scripting (XSS) attacks using the Content Security Policy (CSP) mechanism
Signal Adds iPhone Access to Desktop App (Threatpost) Open Whisper Systems has long offered Android users of its encrypted messaging app a companion desktop version of the service. iPhone users haven’t been as lucky until Monday when the company announced desktop support for iPhone users of its Signal desktop beta app called Signal Private Messenger
ZTE debuts OTN-based quantum encryption transport system (Telecompaper) ZTE has announced the launch of what it describes as the world’s first quantum encryption transport system based on an optical transport network (OTN). The company said the system can generate secure and reliable keys by transmitting digital information and using a single photon, adding that its secure transmission and anti-decoding capabilities are far higher than any traditional information encryption method
BAE Systems launches first cloud–based compliance for financial crime in Australia (ITWire) The Anti-Money Laundering (AML) and Counter-Terrorism Financing Act (Cwth) 2006 placed strict governance rules on the financial sector, gambling sector, bullion dealers and other professionals or businesses that provide services covered by the Act. It looks like that may be extended even further
Enhance iMessage security using Confide (Help Net Security) One of the new features in iOS 10 offers the possibility of deploying specially crafted applications within iMessage. Most users will probably (ab)use this new functionality for sending tiresome animations and gestures, but some applications can actually provide added value for iMessage communication
Technologies, Techniques, and Standards
Mitigating Fraud Risks for Same-Day ACH (BankInfo Security) NACHA's Larimer says strong authentication, monitoring are key
ICS-CERT releases new tools for securing industrial control systems (Help Net Security) The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies
SWIFT security controls to be mandatory by 2018 (Tech Target) New SWIFT security policy will mandate baseline controls for banking partners, but experts are unsure how effectively the changes can be enforced
HITRUST Advances the State of Cyber Threat Information Sharing for the Nation’s Healthcare Sector (BusinessWire) First healthcare information sharing organization to contribute to DHS’s Automated Indicator Sharing Program
Enabling Cyber Preparedness amongst Banks (Dataquest) Why banks should invest in security operation centres (SOC) and incident response technologies
White House And The National Cyber Security Alliance Join Forces To Launch "Lock Down Your Login," A Stop. Think. Connect. ™ Campaign (Yahoo! Tech) As called for in the President's Cybersecurity National Action Plan, the White House, the National Cyber Security Alliance (NCSA) and more than 35 companies and NGOs today launched a new internet safety and security campaign, "Lock Down Your Login," to empower Americans to better protect their online accounts
Design and Innovation
Q&A: Internet of Insecure Things? Think security as the logical first step, says Sophos (Techgoondu) The Internet of Things (IoT) is rapidly expanding its universe by giving objects and devices the ability to connect and transfer data automatically over a network
Lower cost is key benefit of blockchain (Banking Technology) Blockchain technology has the potential to help ease banks’ profitability pressures, particularly in Europe’s negative interest rate environment, an audience was told at an offsite briefing yesterday morning
Bitcoin Returns to Its Cypherpunk Roots: An Interview With Lupták and Sip of Hackers Congress Paralelní Polis (Bitcoin Magazine) First announced on the cryptography mailing list in 2008, Bitcoin was the embodiment of a decade-old cypherpunk vision. A digital currency not controlled by any government, bank, or company existed in the hearts and minds of hackers and cryptographers long before most even considered the concept viable
Time to Kill Security Questions—or Answer Them With Lies (Wired) The notion of using robust, random passwords has become all but mainstream—by now anyone with an inkling of security sense knows that “password1” and “1234567” aren’t doing them any favors. But even as password security improves, there’s something even more problematic that underlies them: security questions
Research and Development
IARPA To Develop Early-Warning System For Cyberattacks (Wall Street Journal) A multi-year R&D project aims to use social media data and other unconventional signals to detect cybersecurity attacks
Academia
UTSA snags two grants for cybersecurity education amid hiring spree (San Antonio Business Journal) The University of Texas at San Antonio is beefing up its computer science field experts this fall as the educational institution raked in about $3.5 million in grants this week to bolster its cybersecurity education programs
Montreat College, Mission Health partner on cybersecurity training (Mountain Express) Montreat College and Mission Health are teaming to develop cybersecurity professionals who are not only trained in the best techniques, but also have the kind of ethical and moral framework necessary to become trusted leaders in the cybersecurity field
Legislation, Policy, and Regulation
EU mulls amending controversial cyber export rules (The Hill) A new proposal in the European Union would locally address many of the controversies over an international export control agreement that includes the United States
Interview: DSCI's New CEO Spells Out Priorities (InfoRisk Today) Rama Vedashree discusses projects, including efforts to grow the data security industry
How to thwart Election Day hackers: Vote the old-fashioned way (C|Net) The country's outdated, offline voting machines could actually save the election from cyberattacks, say experts at a Congressional hearing
Opinion: Will either candidate protect your data? It's time to ask (Christian Science Monitor Passcode) In light of the Yahoo breach, Donald Trump and Hillary Clinton owe the American public an explanation for how they'll protect their personal data
Litigation, Investigation, and Law Enforcement
Five arrested on suspicion of forming European Islamic State cell (Reuters) Spanish, German and Belgian authorities have arrested five people suspected of forming an "active and dangerous" Islamic State cell and promoting Islamist militancy in the three countries, Spain's interior ministry said on Wednesday
Syrian Electronic Army hacker pleads guilty after sending victim scan of his passport (Tripwire: the State of Security) A Syrian national affiliated with the notorious Syrian Electronic Army hacking group has pleaded guilty in a US court to charges of conspiring to hack into computers and extort money
Yahoo Faces Lawsuits Over Breach (Data Breach Today) But breach litigation in U.S. has mixed record of success
FBI’s Comey won’t reopen Clinton email probe, refuses to say she’s truthful (Washington Times) FBI Director James Comey said he’s not going to reopen the investigation into Hillary Clinton’s emails, telling Congress on Wednesday that none of the recent revelations since he closed the case in July “would come near” to triggering that extraordinary step
Obama Administration takes revenge on Peter Thiel? (Communities Digital News) The weaponization of the federal government against Palantir, a potentially central player in the war on terror, aims a weapon at the heart of U.S. national security
Public service openly breaking law to avoid costs and delays of security vetting (Canberra Times) The Public Service Commission is investigating more than 50 job advertisements that allegedly breach the Public Service Act
Outdated BA Agreement Results in $400,000 HIPAA Settlement (HealthcareInfo Security) Affilated hospital was previously fined by state attorney general
CloudFlare tells court it does not assist pirate sites: Report (HackRead) CloudFlare was sued for providing CDN services to websites containing pirated content – in reply, the firm has made it clear that it will not stop providing its services to such sites whatsoever
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.
Upcoming Events
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.
Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, Oct 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.
Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, Oct 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.
Cambridge Cyber Summit (Cambridge, Massachusetts, USA, Oct 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.
IP EXPO Europe (London, England, UK, Oct 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe
RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, Oct 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.
SecureWorld Denver (Denver, Colorado, USA, Oct 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
VB 2016 (Denver, Colorado, USA, Oct 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
AFCEA CyberSecurity Summit (Washington, DC, USA, Oct 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.