Recovering from Friday's IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.
news from CyberMaryland 2016
CyberMaryland closed Friday. This year's conference featured the customary mix of industry and Government participation. You'll find our accounts of the event here. The 2016 meetings were particularly noteworthy for the strong presence of companies, universities, and public-private partnerships from the United Kingdom. Largely under the inspiration of UK Trade and Investment, there's a growing partnership between the English Midlands and Maryland (with, of course, a side of the District of Columbia and Northern Virginia).
The Internet has largely recovered from Friday's very large denial-of-service attacks. Arriving in several waves throughout the day, the attacks produced outages mostly in the United States, Western Europe, and Australia. DNS provider Dyn was the central point of attack, although Dyn itself may not have been the ultimate target. The effect of the attacks cascaded through many popular sites, rendering services like PayPal and Twitter temporarily inaccessible.
This DDoS attack, called by many the largest on record, follows the template established by the September 20 attacks against KrebsOnSecurity, in which the Mirai Trojan herded a large number of insecure Internet-of-things devices into a botnet that flooded its target with more requests than the host could handle. The compromised devices include, prominently, security cameras and home routers, and it's thought that hundreds of thousands of these were used in the attack. Given that there are so many of these devices in the hands of small businesses and private users, and given that they tend to be poorly patched and protected, it's expected that mopping up the vulnerabilities could take years.
The WikiLeaks-friendly New World Hackers tweeted claims of responsibility for the attacks, but observers remain cautious about buying that attribution. It's possible this could have been hacktivism, given publication of Mirai source code in the wake of Septembers attacks. But it's also possible, as former NSA Director Keith Alexander speculated Saturday at CyCon U.S., that the operation was a test-run by Russian security services interested in establishing a disruptive capability.
Today's issue includes events affecting Australia, Bosnia and Herzegovina, Bulgaria, Canada, China, Colombia, Czech Republic, Denmark, European Union, France, Hungary, India, Oraq, Ireland, Italy, Latvia, Lithuania, Nigeria, Netherlands, Pakistan, Portugal, Russia, Spain, Switzerland, Syria, United Arab Emirates, United Kingdom, United States, and and Vietnam.
A note to our readers: National Cyber Security Awareness Month is now in its final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Virginia Tech's Hume Center, as Dr. Charles Clancy talks about quantum computing and its attendant encryption challenges. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Baltimore: the latest from CyberMaryland
Innovation and International Cooperation (the CyberWire) CyberMaryland 2016 featured an unusual group of companies. Foreshadowing what appears to be a likely trans-Atlantic community, the conference attracted a number of companies from both Maryland and the English Midlands
Human Capital and Cyber Security: a Keynote by NSA's Admiral Rogers (the CyberWire) Early in his keynote NSA Director Admiral Michael Rogers said, "I'm here because I'm part of the Maryland cyber ecosystem," and his talk concentrated on the centrality of workforce development to his organizations' ability to accomplish their missions
The Attacker's Advantage and Pervasive Connectivity: Remarks by Michael Chertoff (the CyberWire) We are facing a growing and increasingly important area of our national security. We need the innovation of the private sector to keep ahead of the adversary. The attacker's advantage (only needing to be right once) makes it all the more important to stay ahead of the adversary
Cyber Attacks, Threats, and Vulnerabilities
Cyberattack that disrupted access to major websites is under investigation (Washington Post) Web service provider Dyn said Saturday evening that a cyberattack that disrupted huge chunks of the Internet Friday is under investigation
After Years of Warnings, Internet of Things Devices to Blame for Big Internet Attack (Fast Company) Hundreds of thousands of cameras, routers, and DVRs have been hijacked by malware for use in massive denial of service attacks
Dyn Statement on 10/21/2016 DDoS Attack (Dyn) It’s likely that at this point you’ve seen some of the many news accounts of the Distributed Denial of Service (DDoS) attack Dyn sustained against our Managed DNS infrastructure this past Friday, October 21
ISC Briefing: Large DDoS Attack Against Dyn (SANS Internet Storm Center) Last Friday, a large DDoS attack against Dyn caused many popular websites to be unreachable
Chinese firm admits its hacked products were behind Friday's massive DDOS attack (CSO) Botnets created from the Mirai malware were involved in Friday's cyber attack
Dyn DDoS attack: The aftermath (Help Net Security) On October 21, New Hampshire-based Internet performance management company Dyn suffered the largest DDoS attack ever to be registered
Twitter Account Shows Mirai Botnets Using Your Security Camera In Cyber Turf War (Motherboard) In the wake of a major cyber attack that blocked access to popular websites along the East Coast on Friday, security researchers have created a Twitter account that posts live updates
Someone Weaponized the Internet of Things (Defense One) Friday’s internet disruption could be a taste of what’s to come when nations and non-state actors stop using the web and start attacking it
15 Percent of All Routers Use Weak Passwords, 20 Percent Have Open Telnet Ports (Softpedia) Router security just as bad as you'd thought it is
Hackers Wrecked the Internet Using DVRs and Webcams (Popular Mechanics) Smart home gadgets—not computers—likely did the bulk of the nefarious work today
Here's what crippled the internet (Christian Science Monitor Passcode) An unprecedented and alarming attack on the internet's core infrastructure shutdown much of the web Friday in another sign of the growing sophistication of malicious cyberattacks
A massive cyberattack blocked your favorite websites; FBI and Homeland Security are investigating (Los Angeles Times) The Department of Homeland Security and the FBI are investigating a massive cyberattack
Major Australian websites disrupted in international cyber attack (Sydney Morning Herald) Popular Australian media, banking, insurance, retail and hotel websites have experienced outages and interruptions following cyberattacks in the US overnight
Who launched cyber attack that hit Twitter, Paypal, HBO? (San Diego Union-Tribune) Dozens of the nation’s most popular websites — including Twitter, PayPal, Airbnb, Netflix, Reddit and Spotify — were disrupted Friday by a major cyber attack that exposed the fragile nature of the Internet
Friday's cyber-attack hurt local business (AZFamily) A federal investigation is underway at this hour into a massive cyber-attack on the world's most popular websites
When burglars take over the alarms - cyber risks and the IoT (Irish Times) After Friday's disruption to Twitter and Spotify, home devices such as burglar alarms and heating controls known as the ìnternet of things` could be vulnerable to a hacking attack
Hackers Claim Responsibility for Friday's Massive Cyber Attack, Warn of More (AP via ABC7 News) Could millions of connected cameras, thermostats and kids' toys bring the internet to its knees?
WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical (Politico) A massive cyberattack Friday on a key internet routing company knocked offline major websites like Spotify, Twitter and The New York Times, as WikiLeaks supporters claimed credit
Who Is Trying To Destroy The Internet? (Science 2.0) A prolonged Internet outage affecting major sites like Twitter, Netflix, Spotify and The New York Times on Friday has commentators concerned that this is was a practice run for future, more widespread disruption of the internet
It probably wasn’t Russia who attacked the Internet yesterday. That’s what’s scary (Matthewaid) It probably wasn’t Russia who attacked the Internet today. That’s what’s scary
Today's Brutal DDoS Attack Is the Beginning of a Bleak Future (Gizmodo) This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider
Massive Internet Outage Could Be a Sign of Things to Come (MIT Technology Review) Hackers have shown how they could take down the Internet
No Ordinary Attack: With Flawed Security, Cyberthreat Posed by Internet of Things Will Only Grow (Haaretz) The attack that brought down leading websites such as Twitter and Netflix is further proof that every time firms try to link up other products to the web, security always takes a back seat
Hackers smell blood after co-opting ‘internet of things’ (Sunday Times) An army of copycat hackers could seize control of internet-connected home devices to carry out cyber-attacks, security experts have warned
Friday's cyber attacks a 'wake-up call' for insurers and public alike (Property Casualty 360) Waves of online attacks on Domain Name Server (DNS) provider Dyn Inc. blocked access to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, The New York Times and various other sites throughout Friday
Evidence ties Russia to Podesta and Powell email hacks (Engadget) They appear to be part of a unified effort to disrupt the US presidential election
HomeAmerica Brent Budowsky to RT: ‘Washington has evidence Russia hacked US’… no proof though (Russia Today) US intelligence has “evidence” that links Russia to meddling in the US elections, The Hill columnist Brent Budowsky told RT, yet failing to name exact facts, not disclosed by American authorities either
Here’s Cryptographic Proof That Donna Brazile Is Wrong, WikiLeaks Emails Are Real (Daily Caller) Cryptographic signatures demonstrate that Democratic National Committee Chairman Donna Brazile is wrong when she suggests the WikiLeaks emails were altered and that she did not send an email tipping off Democratic presidential nominee Hillary Clinton to debate questions
American vigilante hacker sends Russia a warning (CNn Money) An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets
Russia cyber hacking to undermine democracy globally: US expert (INdian Express) Christopher Porter said FireEye has observed Russian interference in elections for many years now
Chinese hackers targeted US aircraft carrier (Financial Times) Cyber security group says attack launched against visitors to vessel in South China Sea
Inside the Cyberattack That Shocked the U.S. Government (Wired) The US Office of Personnel Management doesn’t radiate much glamour
Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign (Softpedia) No clues on the attackers' identity as of yet
UK spy agency GCHQ paid NZ firm Endace to power Internet fiber-optic taps (TechCrunch) The 2013 Snowden documents revealed UK intelligence agency GCHQ to be tapping into the undersea cables that carry Internet traffic, covertly gathering vast amounts of digital comms data under a surveillance program code-named Tempora
Pentagon Expects Mosul Push to Unlock Trove of ISIS Intelligence (New York Times) The Pentagon is sending dozens of additional intelligence analysts to Iraq to pore over a trove of information that is expected to be recovered in the offensive to recapture Mosul from the Islamic State, data that could offer new clues about possible terrorist attacks in Europe
Electronic threats from above (C4ISRNET) Adversarial capabilities writ large have significantly improved vis-à-vis the United States (hence the necessity of the Defense Department’s so-called third offset strategy)
Microsoft warns of fake Security Essentials installer malware scam (WinBeta) Security is a huge (and growing) issue in the ever-more connected world in which we live. Malware has plagued computers for years, despite many tools being available that work to prevent it
Using Rowhammer bitflips to root Android phones is now a thing (Rowhammer) Permission-less apps take only seconds to root phones from LG, Samsung and Motorola
Giving Google Your Mobile Number Could Make Your Gmail Account Less Secure, Expert Warns (Huffpost Tech) If you’re a Gmail user, Google probably holds the keys to your digital life
Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know (Naked Security) Here comes what we’re calling a bus-scenario BWAIN
Cyber security experts warn firms about dark side of social media use as hackers hunt data (Independent) Networking sites LinkedIn and Facebook are mined by scammers in a sophisticated bid to steal identities and emails, writes Simon Rowe
Security Patches, Mitigations, and Software Updates
Ubuntu security notices (Ubuntu) These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive)
Mozilla Turning TLS 1.3 On By Default With Firefox 52 (Threatpost) When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default
IoT security: Defending a young industry from attack (Help Net Security) As the IoT industry matures, it’s safe to say we’re well past “early adopter” phase and seeing broader development and deployment
When It Comes To Cyber Security, Firms Must Prove Due Diligence Or Be Passed Up For Partnership (Information Security Buzz) In terms of business risks, data breaches and cyber-crime in general are quickly marching up the list of priorities for companies around the world
What is the Full Impact of a Healthcare Cybersecurity Attack? (Health IT Security) Healthcare cybersecurity attacks can have harmful effects on covered entities, with “beneath the surface” issues creating long-lasting issues, according to Deloitte research
Cybersecurity Insurance: A Catalyst for Change (InfoRisk Today) vArmour's Weatherford on How Need for Insurance Could Lead to Ramped Up Security
AT&T to buy Time Warner in US$85.4 billion deal (CRN) AT&T has entered into an agreement to buy Time Warner for US$85.4 billion in a stock-and-cash transaction that values Time Warner at US$107.50 (A$141.30) a share
AT&T’s $85 Billion Time Warner Buyout Faces Tough Federal Scrutiny (Motherboard) AT&T, the giant wireless and pay-TV provider, on Saturday announced a plan to buy entertainment titan Time Warner in a massive $85 billion deal that would dramatically reshape the US media landscape
AT&T’s Time Warner deal looks like bad news for Verizon (Washington Post) AT&T's $85.4 billion megadeal to acquire Time Warner is an unprecedented bid to diversify the telecom giant as network operators nationwide scramble to marry their communications pipes with exclusive content
The Aftermath of the Yahoo Data Breach: What Now? (EDM Digest) Yahoo is the latest victim
EU Sent Questionnaires About Microsoft-LinkedIn Deal to Rivals (Wall Street Journal) European Commission asks if LinkedIn’s data can be replicated and about the differences between professional and personal social-media networks
Proofpoint acquires Firelayers for $55 million and announces new anti-malware tool (Geektime) Israeli Firelayers will help Proofpoint expand its services for cloud-based security options
Despite IBM's Changes, Investors Should Treat the Stock With Caution (The Street) Despite beating Wall Street's third-quarter revenue and EPS estimates, Big Blue's revenue declined, and the company's gross margins are soft
AI will 'supercharge' cyberattacks. Meet the cyber defenders standing in its way (Wired) Dave Palmer, director of technology at Darktrace, warned the audience at WIRED Security that machine learning is going to supercharge cyberattacks
Radware Should Have Insight Into Recent DDoS Attacks (Seeking Alpha) Several enterprise web sites have been taken offline by DDoS attacks. Radware specializes in DDoS. Information should become available about vulnerabilities or exploits
Private Eyes: The Little-Known Company That Enables Worldwide Mass Surveillance (Intercept) It was a powerful piece of technology created for an important customer. The Medusa system, named after the mythical Greek monster with snakes instead of hair, had one main purpose
DOD Launching Expanded Hack the Pentagon Bug Bounty Program (eWeek) The Hack the Pentagon program was such a success that the DOD is launching a longer-term effort and has contracted with HackerOne and Synack to run it
The technologist convincing the Pentagon to love hackers (Christian Science Monitor Passcode) Lisa Wiswell was the driving force behind the Defense Department's first-ever bug bounty program, which rewarded outside security researchers for finding vulnerabilities in its websites. Now, the Pentagon is expanding the effort
Waterloo startup focuses on security for the quantum age (Record) A small startup in Waterloo is working on a problem that touches everyone using the Internet for buying, selling and banking — securing sensitive data against attacks from quantum computers
Nuix Aims to Deliver Security Insight (eSecurity Planet) Chris Pogue, CISO of Nuix, explains how by understanding hacker activities, risks can be minimized for enterprises
Divided We Stand: Will Brexit Weaken the UK’s Cybersecurity Industry? (Infosecurity Magazine) After the historic EU referendum result in June, Phil Muncaster takes a look at what the next steps are
Silicon Valley venture capitalist sees potential in Baltimore (Daily Record) In many ways, Anders Jones has the classic Silicon Valley story
NTT Security begins shifting sales staff to Dimension Data (ChannelWeb) But security services firm denies that sales staff have been asked to reapply for their roles as they move across to sister company
National Cyber Security Alliance to Ring the Nasdaq Stock Market Closing Bell (Military Technologies) In recognition of October as National Cyber Security Awareness Month (NCSAM), a group of NGO officials, government and digital industry leaders will visit the Nasdaq MarketSite in Times Square to close the market
Products, Services, and Solutions
IBM Watson: Not So Elementary (Fortune) Five years after its Jeopardy! victory, IBM’s cognitive computing system is through playing games. It’s now a hired gun for thousands of companies in at least 20 industries. A Q&A with the Watson boss
Is Kaspersky’s free ICS service for real? (CyberScoop) Russian cybersecurity company Kaspersky launched a new, free service this week aimed exclusively at the owners and operators of computerized industrial machinery
IPVanish VPN unveils new app, security improvements (Help Net Security) US-based IPVanish VPN, whose VPN network spans 40,000+ IPs on 500+ servers in 60+ countries, has recently pushed out a major new edition of its app
Technologies, Techniques, and Standards
FFIEC Sheds Light on Use of Cybersecurity Assessment Tool (BankInfo Security) Two regulatory agency officials describe new FAQ guide
RASP rings in a new Java application security paradigm (ITWorld) Runtime-based technologies use contextual awareness to boost Java application security
Honeypots Versus Threat Intelligence (Information Security Buzz) When faced with daily reports of security breaches in global entities like SWIFT and Fortune 500 companies, and small enterprises being held hostage with ransomware
WTF is machine learning? (TechCrunch) While the number of headlines about machine learning might lead one to think that we just discovered something profoundly new, the reality is that the technology is nearly as old as computing
Design and Innovation
Army issues computer simulation challenge for cyberwar training (Bloomberg Government) The Army’s Program Executive Office for Simulation, Training, & Instrumentation (PEO STRI) wants to create a Persistent Cyber Training Environment (PCTE), and, along with U.S. Cyber Command and others, is initiating the fifth cyber innovation challenge to find possible solutions
Research and Development
root9B Announces Collaborative Effort with United States Air Force Academy (Stockwatch) root9B, a root9B Technologies (OTCQB: RTNB) company and leading provider of advanced Cybersecurity products, services, and training for commercial and government clients, announced a collaborative effort with United States Air Force Academy (USAFA) to develop effective Intrusion Detection Tools for Industrial Control Systems (ICS)
Legislation, Policy, and Regulation
The Trouble with Vietnam’s Cyber Security Law (Diplomat) The country’s efforts in the cyber domain appear to be misdirected
Congressman raises concern over potential use of Russian satellites for troops’ Internet service (Washington Post) In a letter to the Pentagon Friday, U.S. Rep. Duncan Hunter said he was concerned a contract to provide Internet service to deployed soldiers could allow the use of Russian satellites, jeopardizing troops’ privacy and security
Cyber warfare: The new international warfront (Al Jazeera) Faced with increased cyber attacks, US government is balancing attack on and defense from hackers and cyber criminals
U.S. Cyber Command acquisition experiment begins broader cyber self-assessment (Federal News Radio) The federal government’s cybersecurity policy has reached a crossroads, and the upcoming presidential transition is an opportunity to take a long, hard look in the mirror, and decide how to move forward
Former Intelligence Leader Details Roles Played in National Security (Cape May County Herald) Balancing civil liberties, while protecting Americans and American assets, is a continuing struggle for the U.S. intelligence community, according to a former leader and advisor to two presidents
Litigation, Investigation, and Law Enforcement
Judge orders ex-NSA contractor accused of stealing secrets held in custody (Fox News) A former National Security Agency contractor accused in a massive theft of classified information will remain in custody as prosecutors continue building a criminal case against him, a federal judge ruled Friday
Ex-NSA contractor accused of massive theft is a ‘collector,’ not a ‘traitor,’ lawyers say (Washington Post) A federal judge found Friday that a former National Security Agency contractor accused of carrying out what is thought to be the largest theft of classified secrets in U.S. history posed a flight risk and ordered that he continue to be held in jail
How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing? (Tech Dirt) A few weeks back, we wrote about the arrest of Harold Martin, an NSA contractor working at Booz Allen, for apparently taking "highly classified information" from the NSA and storing it electronically and physically in his home
1,000 Clinton-Petraeus emails missing from records sent to State, FBI files show (Fox News) Roughly 1,000 emails between Hillary Clinton and Gen. David Petraeus were thought to be missing from the 30,000 emails provided by Clinton’s team to the State Department in December 2014, according to the newly released FBI investigative files
Clinton lectured State Dept. staff on cybersecurity in 2010 video (Fox News) Despite conducting her own government business through a personal “homebrew” server while secretary of state, Hillary Clinton is seen in a newly obtained video lecturing her staff of their “special duty” to recognize the importance of cybersecurity
U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring (CSO) Czech police arrested the 29-year-old earlier this month
Interpol to assist Hyderabad cops nab Nigerian cyber criminals (New Indian Express) The Interpol (International Criminal Police Organisation), the world’s largest international police organisation, is ready to assist Hyderabad city police to nab Nigerian nationals, who escaped from India after obtaining bail in cyber crime cases
More police forces back ‘No More Ransomware’ project–Kaspersky (Business Mirror) Law-enforcement agencies in 13 more states have recently joined the global campaign against ransomware, Kaspersky Lab ZAO said
Child sex abuse org urges Web firms to sign up to “game-changing” hash list (Ars Technica) Online outfits can stamp out copies, stop sharing, prevent image uploads, says IWF chief
For a complete running list of events, please visit the Event Tracker.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
18th Annual AT&T Cybersecurity Conference (New York, New York, USA, Oct 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
14th Annual EWF National Conference (Scottsdale, Arizona, USA, Oct 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Security By Design (McLean, Virginia, USA, Oct 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.
Inside Dark Web (Washington, DC, USA, Nov 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.
National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, Nov 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.
GTEC (Ottawa, Ontario, Canada, Nov 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.
Black Hat Europe 2016 (London, England, UK, Nov 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, Nov 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.
3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.
Security of Things World USA (San Diego, California, USA, Nov 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, Nov 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.
IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.
SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world
Federal IT Security Conference (Columbia, Maryland, USA, Nov 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.
11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
Cybercon 2016 (Washington, DC, USA, Nov 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with email@example.com to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.