Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion. M&A notes.
The tally of states experiencing "hacking attempts" in the US is now up to twenty. For the most part the attempts as reported amount to reconnaissance, or sometimes theft of not-particularly-highly-sensitive (and sometimes publicly available anyway) voter data. There's growing awareness that one need not corrupt an election's data nationwide to affect its outcome. Carbon Black thinks attending selectively to Pennsylvania precincts could do the trick.
The IoT botnets used against OVH and KrebsOnSecurity should, a Los Angeles Times op-ed says, "terrify you." "Terrify" may be breathless, but the incidents represent a dramatic increase in criminal capability. Many devices herded into the botnets were security cameras. (A short primer on how security cameras are hackable may be found here.)
InfoArmor's study of the Yahoo! breach maintains those responsible weren't "state-sponsored," but rather criminals who subsequently sold their take to a nation-state. Some observers point out that in some parts of the world there's often very little daylight between criminals and security services.
The Tofsee botnet is newly active and "aggressive," reports Talos. Tofsee is spamming phishbait consisting of what's euphemistically called "adult dating" opportunities.
Flashpoint continues to keep an eye on the unfolding attempt by thedarkoverlord to extort money from a Californian investment company thedarkoverlord doxed.
Zerodium has upped its bounty for an iOS 10 remote jailbreak to $1.5 million. (This is not a conventional bug bounty—Zerodium is a zero-day broker.)
The European Union is shifting its cyber security export rules: more permissive with encryption, more restrictive on surveillance.
Notes.
Today's issue includes events affecting Australia, China, European Union, India, Iran, Netherlands, Nigeria, Palestine/Gaza, Russia, Ukraine, United Kingdom, and United States.
A note to our readers: Next week we'll be attending the 2016 annual meeting of the Association of the United States Army. We'll be providing tweets and full coverage from the cyber-relevant portions of the three-day event. We'll also be spending some time with our colleagues from the Military Cyber Professionals Association.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Markus Rauschecker, of our partners at the University of Maryland's Center for Health and Homeland Security. He'll discuss proposed cyber regulations being considered by New York State. Our guest, Eli David from Deep Instinct, will talk to us about deep learning. If you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Hackers Target Election Systems in 20 States (NBC News) There have been hacking attempts on election systems in more than 20 states — far more than had been previously acknowledged — a senior Department of Homeland Security official told NBC News on Thursday
Symantec Shows How Easy It Is To Hack An Election (CRN) Here’s a scary idea: someone casting his or her vote for president, but in your name. Or how about: someone gains entry to an electronic voting booth and prints out false results, and hands them into officials. Unfortunately, according to Symantec, these idea could easily become reality
Cybersecurity expert: One battleground state most vulnerable to voting hacks (CBS News) The battleground state of Pennsylvania might as well have a target on its back as Election Day nears, the cybersecurity company Carbon Black warned in a new report released Thursday
County Voter Info Part of Statewide Cyber Attack (Republic-Times) The records of more than 3,000 registered voters in Monroe County may have been viewed during a summer cyber attack on the state election database in Springfield
Russian hackers likely targeted journalists investigating Flight MH17 (Graham Cluely) Attack consistent with Fancy Bear hacker group’s techniques
Army of webcams used in net attacks (BBC) One of the biggest ever web attacks - in which more than one terabit of data was fired at a website to knock it offline - has been reported
Record Cybercrime Assault Using Hacked Cameras (Sputnik) The website of prominent security blogger Brian Krebs, was overwhelmed by what's being called one of the biggest ever distributed denial of service (DDoS) attacks in Internet history. Krebs warns that the takedown of his site shows how powerful today's cybercriminals have become
Cybersecurity expert Brian Krebs was silenced by a huge hacker attack. That should terrify you. (Los Angeles Times) About a week ago, the website of journalist and cybersecurity expert Brian Krebs was hit with a crippling hacker assault known as a “distributed denial of service,” or DDoS, which knocked him off the Internet for several days
Yahoo! Mobile Mail Wide Open Even After Password Reset (Infosecurity Magazine) In the aftermath of Yahoo! announcing the breach of 500 million user accounts, Trend Micro Zero Day Initiative (ZDI) researchers are warning that a password reset still leaves mobile mail wide open to criminals
Researchers Shoot Down Yahoo Claim Of Nation-State Hack (Dark Reading) InfoArmor says the attackers who stole a half-billion Yahoo user accounts were seasoned cybercriminals who later sold the booty to an Eastern European nation-state
Yahoo Challenged on Claims Breach Was State-Sponsored Attack (Threatpost) As challenges mount against Yahoo’s attribution of a massive 2014 data breach to state-sponsored hackers, CISO Bob Lord yesterday confirmed that a cache of 200 million Yahoo accounts marketed this summer in an underground forum is unrelated to the breach
Turns Out Consumers Stay Loyal to Companies After Hacks (Wired) The digital theft of just under 100 million records stolen from both the Office of Personnel Management and Anthem pales compared to the revelation that at least 500 million Yahoo accounts have been compromised—though one might argue that the impact is just as significant
SIMS Game Custom Content Site Hacked; 118K Accounts Leaked (HackRead) The targeted site is called Newseasims and provides custom content for SIMS2 and SIMS3 video games
Apple Users Targeted with iCloud Phishing Scam (HackRead) Lately, Apple users including celebrities have been targeted by cybercriminals with malware and phishing scams — this phishing scam is also after iCloud accounts
Tofsee Botnet Gets Aggressive with Russian Dating (Infosecurity Magazine) A marked increase in the volume and velocity of spam email campaigns containing malicious attachments is spreading the Tofsee malware and botnet at unprecedented aggression levels
“thedarkoverlord” Targets Finance in Next Wave of Extortion Attacks (Flashpoint) On September 25, 2016, “thedarkoverlord,” a notorious threat actor behind the recent extortion attempts of several healthcare organizations, gained access to highly-sensitive information from WestPark Capital investment firm. The CEO of WestPark Capital refused the actor’s blackmail demands, and as a result, partial information was released to the public by thedarkoverlord
The Rise and Fall of Encryptor RaaS (TrendLabs Security Intelligence) Back in July 2015, a new ransomware as a service named “Encryptor RaaS” (detected by Trend Micro as RANSOM_CRYPRAAS.SM) entered the threat scene, rivaling or at least expecting to succeed the likes of similar get-rich-quick schemes from Tox and ORX Locker
Europol: Crypto-ransomware Now Biggest Malware Threat (Infosecurity Magazine) Crypto-ransomware is now the biggest malware threat facing law enforcers, according to the latest annual Europol report on the threat landscape
Ransomware Threat Highlighted During Cyber Security Summit (Georgia Tech News Center) As part of the 14th Annual Georgia Tech Cyber Security Summit held Wednesday, College of Computing Ph.D. student Evan Downing, alongside GTRI Cyber Technology and Information Security lab division chief Chris Smoak, presented a seminar on ransomware
These ransomware tricks fool the most hardened security pro (CSO) Cybercriminals use these methods to pull the wool over unsuspecting victims
Another Day, Another Malicious Behaviour (SANS Internet Storm Center) Every day, we are spammed with thousands of malicious emails and attackers always try to find new ways to bypass the security controls. Yesterday, I detected a suspicious HTTP GET request
Decrypting The Dark Web: Patterns Inside Hacker Forum Activity (Dark Reading) Data analysis to be presented at Black Hat Europe highlights trends in communication between bad actors who gather in underground forums across the Dark Web
This Cybersecurity Firm Maps Hackers' Lives by the Clues They Leave Online (Motherboard) The digital underground, populated by hackers, drug dealers, and other criminals, is a vast space. The sheer number of forums, cybercriminal handles, and backroom dealings can be overwhelming to researchers or journalists
5 Things You Should Know About Nigerian "Digital Check Washing" Rings (Inc.) Wired B2B payments are all too common--and easy money for con artists expert at diverting cash transfers
How A Pair Of Cybercriminals Scales Its Carder Business (Dark Reading) 'Vendetta Brothers' cybercrime duo runs site that offers cards stolen from over 600 banks in 41 countries, FireEye says
‘Money Mule’ Gangs Turn to Bitcoin ATMs (KrebsOnSecurity) Fraudsters who hack corporate bank accounts typically launder stolen funds by making deposits from the hacked company into accounts owned by “money mules,” willing or unwitting dupes recruited through work-at-home job scams
Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers (Register) All those unchangeable PINs, up for easy swiping
NHS Cloud App Blind Spot Could Put Data at Risk (Infosecurity Magazine) A Freedom of Information request has revealed that nearly half (47%) of NHS Trusts don’t monitor all cloud app use, potentially exposing them to data security and compliance risks
Security Patches, Mitigations, and Software Updates
Cisco Warns of Critical Flaw in Email Security Appliances (Threatpost) Cisco Systems released a critical security bulletin for a vulnerability that allows remote unauthenticated users to gain complete control of its email security appliances. The vulnerability is tied to Cisco’s IronPort AsyncOS operating system
Backdoored D-Link Router Should be Trashed, Researcher Says (Threatpost) A researcher who found a slew of vulnerabilities in a popular router said it’s so hopelessly broken that consumers who own them should throw them away
Cyber Trends
83% of Companies Have Released Applications They Know Are Unsafe (Infosecurity Magazine) Bug bounties have been on the rise and are widely regarded as a smart way to scale the testing of your security code. But a new survey shows that businesses may be over-reliant on them
How the new age of antivirus software will protect your PC (PCWorld) New threats require new solutions
Boardroom perspectives on cloud implementation (Help Net Security) Although there’s a significant uptick in cloud adoption at the enterprise level, companies are missing the full benefit of their cloud adoptions by not factoring their IT implementations into their overall business strategy, according to Accenture
1 in 3 organizations have experienced an insider attack in the last year (Help Net Security) A new Bitglass report on insider threats in the enterprise found that, in a third of organizations surveyed, careless or malicious user behavior resulted in data leakage, up slightly from a year ago. 56 percent of respondents believe insider leaks have become more frequent in the last year
Marketplace
The Tailwinds Expected To Boost Cybersecurity In 2017 (Stockhouse) Goldman Sachs said in a research note published Thursday it viewed the increased government spending on cybersecurity to serve as a catalyst for cybersecurity stocks such as FireEye Inc (NASDAQ: FEYE), Cyberark Software Ltd (NASDAQ: CYBR) and Palo Alto Networks Inc (NYSE: PANW)
Security appliance market shows positive growth (Help Net Security) The total security appliance market showed positive year-over-year growth in both vendor revenue and unit shipments for the second quarter of 2016, according to IDC. Worldwide vendor revenues in the second quarter increased 5.8% year over year to $2.75 billion, and shipments grew 15.2% year over year for a total of 659,305 units
The New Battleground: Cyber Warfare (Guru Focus) Is opportunity presenting itself to investors?
Getting cyber insurance is a complex process, experts warn (Property Casualty 360) Applying for any kind of insurance coverage requires answering the carrier’s questions or filling out an application form
Examining the costs and causes of cyber incidents (Oxford Journals) In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security best practices. Because adoption of the framework is voluntary, it faces the challenge of incentivizing firms to follow along. Will frameworks such as that proposed by NIST really induce firms to adopt better security controls? And if not, why? This research seeks to examine the composition and costs of cyber events, and attempts to address whether or not there exist incentives for firms to improve their security practices and reduce the risk of attack
Zerodium Triples its iOS 10 Bounty to $1.5 Million (Threatpost) Zerodium has tripled the bounty it offers for an Apple iOS 10 remote jailbreak, boosting the reward today to $1.5 million USD, founder Chaouki Bekrar said
MACH37 Adds MITRE to Network as Member (Benzinga) MACH37 expands growing network with the addition of MITRE
Avast CEO on why it’s just spent $1.4BN to absorb security rival AVG (TechCrunch) Security firm Avast has today confirmed the completion of a $1.4 billion acquisition of fellow Czech-based antivirus company AVG. The deal will see Avast’s customer base nearly double — swelling from 230 million to more than 400 million in total, 160M of whom are mobile users
NCC Group buys US cyber security firm for up to $18.75m (Digital Look) Cyber security firm NCC Group has bought US cyber security and payment consultancy Payment Software Company for up to $18.75m in cash
IBM Is Buying One of the Most Influential Firms on Wall Street (Fortune) IBM is getting into the business of advising Wall Street—using artificial intelligence
Splunk ups the machine-learning ante (Computerworld) Last week a competitor decided to poke the bear. This week Splunk comes out swinging
Symantec Is Not a Safe Bet (Real Money) This year, shares of cybersecurity outfit Symantec (SYMC) are up almost 19%. Is this stock safe to go higher?
WISeKey International Holding Signs MOU with Indian Investors to Establish a Joint Venture (WISeKey India) to Expand IoT and Cybersecurity in the Indian Market (Broadway World) WISeKey International Holding Ltd (WIHN.SW) (“WISeKey”) and a group of successful entrepreneurs having built and sold multiple companies in India and US announced today that they have signed a Memorandum of Understanding (“MoU”) to establish a Joint Venture to deploy WISeKey IoT and Cybersecurity Platform to the Indian Market
FireMon boss looks to streamline channel for enterprise push (Channelnomics) Kurt Mills to identify top resellers to help company move 'upstream'
Creating Connections at the 3rd Annual Women in Cyber Security Reception (Delta Risk) The CyberWire and the Cybersecurity Association of Maryland Inc. (CAMI) hosted their annual Women in Cyber Security reception on September 27 to celebrate and bring awareness to the success of women in the cyber security industry
Cylance CEO Stuart McClure Wins NetEvents Innovation Idol Award, Honoring Creative Entrepreneurship (BusinessWire) Company also honored with Hot Start-Up IoT Award at 2016 NetEvents Innovation Awards
Former US Cyber Command Deputy Director Lieutenant General Robert Schmidle Jr. Joins Endgame Advisory Board (PRNewswire) U.S. Cyber Command Deputy Director brings battle-tested experience to leading threat hunting platform
Products, Services, and Solutions
Virtustream Approved as G-Cloud 8 Supplier for UK Government's Latest Framework (PRNewswire) Virtustream helps public sector organisations take control of their clouds
Cypherpath Launches Infrastructure as a File (IaaF) Solution for the Enterprise (Yahoo! Finance) Cypherpath, the leader in on-demand containerized infrastructure solutions, today announced that its Cypherpath Infrastructure Container System is now available for enterprise-level infrastructure deployments
Dome9 Launches Compliance Engine, Slashing Time-to-Compliance for the Public Cloud (Sys-Con Media) New offering simplifies the IaaS compliance lifecycle across any public cloud, from aggregation and analysis to remediation and continuous enforcement
Fiber Nederland offers security from Kaspersky (Telecompaper) Dutch ISP Fiber Nederland has launched a security package based on software from Kaspersky Lab
Technologies, Techniques, and Standards
EMV: The Anniversary Of One Deadline, The Eve of Another (Dark Reading) How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
UK Gov Boost Security with HTTPS and DMARC (Infosecurity Magazine) The UK government is mandating the use of the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol as well as HSTS and HTTPS as of Saturday in a major boost to its cybersecurity credentials
Guide to Getting the Right Single Sign-on Solution (eSecurity Planet) Single sign-on solutions help users cope with password pressures by enabling a single authentication event to offer access to multiple applications
Protect Your Enterprise by Balancing WordPress Plugins (Infosecurity Magazine) Data breaches are becoming more prevalent – and expensive. According to the March Beazley Breach Insights 2016 report, the Beazley response unit responded to 60% more data breaches in 2015 over 2014. Still more shocking, the proportion of breaches involving third-party vendors more than tripled over that same time period, rising from 6% of breaches in 2014 to 18% in 2015
Clear and present danger: Combating the email threat landscape (Help Net Security) Like it or loathe it, email is here to stay
Why your employees are still a huge security risk (CSO) Is security awareness training doing the job of protecting organizations from employee negligence? Michael Bruemmer of Experian Data Breach Resolution tells us where awareness is falling short, and what companies can do to improve
SnoopWall Launches Free Cyber Security Tips in Advance of National Cyber Security Awareness Month 2016 (PRNewswire) October 2016 is National Cyber Security Awareness Month - SnoopWall and Miss Teen USA 2013 agree it is time we all become #CyberAware
The Definition of Quantum Everything (Nanalyze) In an earlier article we talked about 10 companies working on quantum computing and promised our lovely readers a follow up article on companies working on “quantum cryptography” and/or “quantum encryption”
Design and Innovation
Meet Apache Spot, a new open source project for cybersecurity (CSO) The effort taps big data analytics and machine learning for advanced threat detection
Securing industrial IoT: Spotlight on DMZ and segmentation (Tech Target) Industrial IoT is ushering the era of IT and OT convergence. However, making traditional OT assets smarter with IT technologies also means a larger cyber threat surface and, hence, more exposure to cyberattacks which are growing smarter as well
Academia
Many 'Phish' in the Sea (Athens Post) Ohio University fends off phishing scams and viruses through its OIT Security Department
UTSA Receives $3 Million From Homeland Security For Cybersecurity Training Courses (Texas Public Radio) UTSA’s Center for Infrastructure Assurance and Security has received $3 million from the Department of Homeland Security. The money will be used to support cybersecurity training courses to oppose new and emerging cyber threats
Legislation, Policy, and Regulation
America is Losing the Cyber War (US News and World Report) Russia, China, Iran and North Korea have a tactical edge against U.S. digital restraint
EU clamps down on sale of surveillance tech to despotic regimes (Ars Technica) New export controls would loosen rules on crypto, tighten them on surveillance
Pentagon’s 5,000-Strong Cyber Force Passes Key Operational Step (Bloomberg) Teams will target ‘closest alligators to the boat’: analyst. Force to reach full operating capability by September 2018
New OPM Background Check Bureau Launches October 1 (SIGNAL) While the new agency tackles inherited backlog, DOD moves forward with creating its IT backbone
White House names first director of new security clearance bureau (Federal News Radio) The Obama administration on Thursday named a career personnel security expert to lead the government’s new National Background Investigation Bureau, the semi-independent office that will officially take over responsibility for processing security clearances on Monday
Litigation, Investigation, and Law Enforcement
Comey on Clinton email probe: 'Don't call us weasels' (Politico) The normally stoic FBI chief grew emotional as he rejected claims that the FBI was in the tank for Clinton
FBI probes possible hacks targeting phones of Democratic Party staff (Naked Security) The FBI has approached a handful of Democratic Party officials over concerns that their mobile phones may have been hacked as recently as the past month, unnamed sources have told Reuters
Report: FBI Use of Controversial Surveillance Program Declined After Snowden Revelations (Washington Free Beacon) The FBI has significantly scaled back its collection of Americans’ phone records since Edward Snowden exposed the government’s surveillance program in 2013, according to a new report
WhatsApp’s privacy U-turn on sharing data with Facebook draws more heat in Europe (TechCrunch) A dramatic privacy about-face by messaging app WhatsApp this summer, in which it revealed an update to its T&Cs would for the first time allow the sharing of its user data with parent company Facebook, is getting the pair into hot water in Europe
Aussie Border Police Bust Dark Net Drug Dealer (HackRead) A couple of months ago the Australian police busted a pedophile ring on Tor – now, Australian border force is aiming to track down drug distribution via dark net
Man Arrested Over Cyber Attack At Sandown Bay Academy (Isle of Wight Radio) A man has been arrested in connection with a cyber attack at Sandown Bay Academy
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.
Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, Oct 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.
Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, Oct 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.
Cambridge Cyber Summit (Cambridge, Massachusetts, USA, Oct 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.
IP EXPO Europe (London, England, UK, Oct 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe
RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, Oct 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.
SecureWorld Denver (Denver, Colorado, USA, Oct 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
VB 2016 (Denver, Colorado, USA, Oct 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
AFCEA CyberSecurity Summit (Washington, DC, USA, Oct 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia
Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.