US Election Day security updates (more punditry than news). Online censorship rises in Turkey and China. Tesco could face millions in penalties over fraud campaign.
As the US elections proceed, the Government is simultaneously said to have "all hands on deck" against hacking, and to not really be that worried about it. Most observers see the principal threat as (Russian) information operations directed toward eroding public trust and confidence in the vote, with "data deception and denial" following in their train. Direct widespread hacking of voting machinery is thought less likely, although as Cylance and Symantec have shown, such hacks are clearly locally possible.
Both Democratic and Republican presidential campaign sites sustained Mirai-driven distributed denial-of-service campaigns yesterday, but with little effect. Flashpoint researchers say this is because Mirai's widespread availability has caused its botnets to "fracture"—essentially there are more controllers now, and there aren't enough bots to go around.
Tor's duality is on display this week. Internet users in Turkey are moving heavily to Tor as they seek to circumvent the government's blocking of social media services and its implementation of stronger online censorship. On the other hand, Operation Hyperion, a multinational police takedown of Tor-enabled black markets, has shown the less savory uses to which the anonymizing network may be put.
China's citizens (and international companies doing business in China) try to come to grips with their exposure to recently promulgated laws tightening state control of online activity.
Tesco fraud remains under investigation. Continued access to paycards and ATMs suggests the fraud may have been an inside job. Estimates of Tesco's exposure to litigation and regulatory penalties run as high as £1.9 billion.
Today's issue includes events affecting Australia, Canada, China, European Union, Finland, France, Germany, India, Ireland, Italy, Libya, Malawi, Mali, New Zealand, Netherlands, Romania, Russia, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Rick Howard from our partners over at Palo Alto Networks' Unit 42, who'll give us the latest skinny on that Nigerian prince; you know, the one whose widow might have approached you with an investment opportunity... And, in an early contribution to the upcoming predictions-for-next-year season, our guest, Dan Larson from the influential threat intelligence shop Crowdstrike, will offer a look at what we can expect in 2017 from the threat actors Crowdstrike is tracking. If you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Salted Hash Live Blog – Election Day 2016 (CSO) Election news and coverage with a security twist
Ukrainian hackers ‘snatch huge email cache from Kremlin’ (Naked Security) Two Ukrainians calling themselves hacktivists have given the BBC access to what they say are thousands of emails they claim to have pried out of the Kremlin
Turks Are Flocking to Tor After Government Orders Block of Anti-Censorship Tools (Motherboard) Turkish internet users are flocking to Tor, the anonymizing and censorship-circumvention tool, after Turkey’s government blocked Twitter, Facebook, and YouTube
Hackers Leak Crucial Data From 7 Indian Missions (HackRead) The data belongs to Indian missions in Africa and Europe — hackers claim they leaked the data because site admins didn’t respond to security alerts
America’s extraordinary cyber threat against Russia (News.com) The United States government promised retaliation against Russia for hacking into the e-mails of Democratic Party officials in an apparent bid to influence the presidential election. And according to one US military figure they have followed through with that threat — in a very big way
Hacking concern on Election Day: The companies that bring you the news (McClatchy) Experts have been warning for months that hackers could try to disrupt Tuesday’s election by penetrating local voting systems. But another target could prove easier to hack: U.S. media outlets offering election night results
Election Day in U.S. faces specter of cyberattacks (PCWorld) Hackers might use DDoS attacks and high-profile leaks to influence Tuesday's election
The Real Hacker Threat to Election Day? Data Deception and Denial (Wired) Hacks, data leaks, and disinformation have all added to the chaos of one of the most contentious elections in history. US intelligence agencies have even accused Russia of perpetrating some portion of the digital meddling. And now reports indicate that officials are preparing for worst-case cybersecurity scenarios on November 8. But what might those election day digital threats realistically look like?
Your Government Isn’t That Worried About An Election Day Cyberattack (Wired) Over the past few months, an escalating series of attacks on computer networks—many of them inflicted by something called the Mirai botnet, which uses a web of infected DVRs, webcams, and other “smart” devices to drown targeted websites in traffic—have wrought unprecedented havoc all over the world
Homeland Security says they remain vigilant against Election Day cyberattacks (CBS News) Department of Homeland Security officials told CBS News that they are equipped to counter a possible cyberattack on Election Day, hoping to quell some voter anxiety surrounding this year’s presidential election
'All Hands on Deck' to Protect Election From Hack, Say Officials (NBC News) The U.S. government is gearing up for an unprecedented effort to protect Tuesday's presidential election from cyber attack, U.S. officials told NBC News
Old voting machine vulnerability sparks new round of outrage (CyberScoop) With just four days separating the American public from Election Day, rising Irvine, Calif.-based cybersecurity company Cylance published an eyebrow-raising vulnerability disclosure report, complete with a video showing researchers hacking into a voting machine used in the United States
US e-voting machines are (still) woefully antiquated and subject to fraud (Ars Technica) Swaying an election would be hard for hackers, but eroding confidence is doable
How hackers eroded Americans' trust in democratic process (Christian Science Monitor Passcode) Even if hackers don't strike on Election Day, the drumbeat of cyberattacks and leaks this campaign cycle has affected the way citizens view the electoral process
From substations to voting stations, cyberthreats plague 2016 (EnergyWire) As Americans head to the polls tomorrow, they'll entrust their votes to a complex, at times vulnerable computer network spanning hundreds of thousands of devices across all 50 states and U.S. territories
Russia’s notorious hacking community mainly puts profits before patriotism (South China Morning Post) Just as the scandal over alleged Russian hacking of the US Democratic Party erupted in June, police in Russia were rounding up a group known as Lurk
Flashpoint Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites (Flashpoint) Between 16:20:43 UTC on November 6, 2016 and 8:19 UTC on November 7, 2016, Flashpoint observed four 30-second HTTP Layer 7 attacks targeting the campaign websites of presidential candidates Donald Trump and Hillary Clinton. There were no observed or reported outages for either of the sites
Mirai Fractures as DDoS Attempts Against Clinton and Trump Fail (Infosecurity Magazine) Security experts are claiming that the notorious Mirai botnet has now fractured into smaller competing entities after the attempts of one offshoot to DDoS the websites of both presidential candidates failed
Researchers' Belkin Home Automation Hacks Show IoT Risks (Data Breach Today) Numerous flaws trace to IoT software stacks that aren't secure by design
How Malicious Bots Can Target IoT Devices and Impact eCommerce Businesses (ShieldSquare) The Internet of Things (IoT) is a collection of billions of electronic devices, ranging from smart fridges to wireless wearable products. Since 2010, the number of devices connected to the internet has doubled from 12.5 billion devices to 25 billion. IoT, simply put, is the virtual avatar of a physical device. These devices communicate over the internet, and are controlled by their users
Recent DDoS attacks shine light on sub-standard vendors, says DarkMatter (CPI Financial) On 4 November 2016 a large-scale distributed denial of service (DDoS) attack took out web access across Liberia. This followed a 21 October attack on Dynamic Network Services Inc., (Dyn), a New Hampshire-based Domain Name Server (DNS), which DarkMatter called the largest cyberattack in history
Apocalypse now: The IoT DDoS threat (Help Net Security) One of the things you learn about humanity, if you’re paying attention, is that “gold rushes” bring out the worse in us. When there are no constraints and there is a greed motivator, people will literally trample anyone or anything to get to the goods
4G Cellular Networks At Risk Of DoS Attacks (Dark Reading) Black Hat Europe researcher shows how hackers can conduct denial-of-service attacks on 4G cellular devices around the world
Fix for critical Android rooting bug is a no-show in November patch release (Ars Technica) Linux users already got a fix for "Dirty Cow." Android users aren't so fortunate
OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts (Help Net Security) Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of Hong Kong have discovered
Hancitor Maldoc Bypasses Application Whitelisting (SANS ISC Infosec Forum) For about two months I've seen malicious documents dropping Hancitor malware with the following method: VBA code injects shellcode in the Word process, this shellcode extracts an embedded EXE from the Word document to disk, and executes it
LinkedIn Scam Pretends to Care About Your Security (Infosecurity Magazine) Oh the irony: A new approach to LinkedIn scamming has been spotted making the rounds, looking to steal confidential information from unsuspecting users by pretending to worry about their cyber-safety
ThreatSTOP Releases New Ransomware Targets (Information Security Buzz) The following ransomware targets have been introduced by the ThreatSTOP Security Team. It is important to update policies to include these targets for immediate increased protection from the growing number of ransomware attacks
Tesco Bank attack: What do we know? (BBC) Supermarket giant Tesco has suspended some parts of its online banking system after it detected attempts to steal cash from customers' accounts
Was Theft Of Money From 20,000 Tesco Bank Customers An Inside Job? (Dark Reading) UK bank confirms attack, but so far has not used the word 'hack'
Worried about the Tesco Bank attack? Here’s our advice (Naked Security) Thousands of holders of current accounts with the UK’s Tesco Bank were unable to access online banking on Monday after some accounts were subjected to “online criminal activity” and money was stolen from some accounts
Tesco Bank attack: How can you protect your account? (BBC) In the first half of 2016, criminals managed to steal £400m from UK bank accounts - a 25% increase in just a year
Some SuperPAC Websites Are Not Super-Secure (Dark Reading) Researchers find weaknesses in public websites that could expose personal information of donors and other sensitive data
Tech support scammers use old bug to freeze browsers (Help Net Security) Tech support scammers are exploiting a bug that maxes out users’ CPU and memory capability and effectively freezes the browser and possibly the computer, in an attempt to convince users that they have been hit with malware
Inside the Cerber Ransomware-as-a-Service Operation (InfoRisk Today) Ransomware is displacing banking Trojans, warns Check Point's Gadi Naveh
India's Largest Card Compromise: Has The Dust Settled? (InfoRisk Today) A hot potato a week ago, the industry seems to have moved on
That Nigerian Prince Has Evolved His Game (Palo Alto Networks Unit 42) Today Unit 42 published its latest paper focused on Nigerian cybercrime. Applying advanced analytics to a dataset of 8,400 malware samples resulted in the attribution of over 500 domains supporting malware activity linked to roughly 100 unique actors or groups. The breadth and depth of this research has enabled a modern, comprehensive assessment focused on the collective threat rather than individual actors
Espionage: Is the defense and intelligence community compromised? (C4ISRNET) Insights into a late draft of a report by the U.S.-China Economic and Security Review Commission were leaked last week, and the information is quite concerning
Security Patches, Mitigations, and Software Updates
Verizon Is Pushing The Nov. Security Patch To Pixel Phones (Android Headlines) Verizon Wireless is beginning to push out a software update for the Pixel and the Pixel XL that contain the November security patch among a few other changes
Microsoft Tears off the Band-Aid with EMET (Threatpost) Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit (EMET). But for some time, the once-useful tool has been well on its way out to pasture
Blackhat EU: Breaking Big Data (SC Magazine) Former intelligence officer David Venable gave a crowd at Blackhat EU 2016, a rundown of what big data, and bad data in the private sector could mean for your privacy
Retailers overconfident in endpoint security (Help Net Security) A new study conducted by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the retail sector
C5 Capital buys cyber security group ITC for £24m (Financial Times) Fourth acquisition made by London-based fund manager in the sector
Vista Equity Partners Successfully Completes Cash Tender Offer for Shares of Infoblox (BusinessWire) Infoblox Inc. (NYSE:BLOX) (“Infoblox” or the “Company”) and Vista Equity Partners (“Vista”) today announced the successful completion of the tender offer (the “Offer”) by India Merger Sub, Inc. (“Merger Sub”), a wholly owned subsidiary of Delta Holdco, LLC (“Parent”) and an affiliate of Vista, for all of the outstanding shares of common stock of the Company at a price of $26.50 per share, net to the seller in cash without interest and less any applicable withholding taxes or deductions required by applicable law, if any
ACTIVECYBER Launches After Acquisition of CTC-CYBER (BusinessWire) Firm expands services to deliver superior cybersecurity insights to organizational stakeholders
How Palo Alto Networks Is Building Next-Generation Security Innovators (Palo Alto Research Center) The rate of change driven by today’s technology is unlike anything we have ever experienced. New business models and ways of doing business are being created every day. Industries that have been stagnant for years are being disrupted. Look at what Uber did to transportation, what Airbnb has done to hospitality and what Palo Alto Networks is doing together with its channel partners in cybersecurity
Nuix Appoints Ethan Treese as CEO--Americas to Navigate Through Exciting Period of Business Growth (KTIV) Global technology company Nuix has appointed former Dun & Bradstreet executive Ethan Treese as its Chief Executive Officer-Americas. Treese's appointment will allow long-serving executive Dr. Jim Kent to focus on his role as Global Head of Security & Intelligence
Forcepoint™ Announces Executive Leadership Appointment (PRNewswire) Timothy A. McDonough joins as Chief Marketing Officer
Products, Services, and Solutions
WatchGuard Simplifies and Automates Security-as-a-Service for MSSPs with ConnectWise Integration (PRNewswire) Integration makes managing security easier with automated reporting, service ticketing, and enhanced visibility
Distil Networks to fingerprint bots (Enterprise Times) Distil Networks has launched a hi-def fingerprinting solution to tackle the problem of bots. It intends to start: “actively pulling additional data from the browser to identify devices with precision.” This raises questions over Personally Identifiable Information (PII) especially when the EU GDPR comes into force
Intel Security Innovation Alliance to focus on providing security against sophisticated cyber attacks (First Post) Intel Security announced that industry-leading companies like Check Point, Huawei, HP Enterprise, Aruba and MobileIron had joined its partner ecosystem. Intel Security has been working on providing an extensive ecosystem of its partners as part of the Intel Security Innovation Alliance.
Tenable Network Security joins the Intel Security Innovation Alliance (Networks Asia) Tenable Network Security, Inc. announced it has joined the Intel Security Innovation Alliance and completed a new technology integration that will provide McAfee ePolicy Orchestrator (ePO) customers with continuous visibility across their existing McAfee environment
Skybox Security Joins CyberX to Help Firms Tackle Cyber Attacks (News 18) Global security analytics leader Skybox Security on November 7, 2016 announced a partnership with software security startup CyberX to provide enhanced security to enterprises in the country
Experian is recognized as a leading security solution provider (PRNewswire) Providing the best fraud solutions is always the end goal
Microsoft Edge Browser is the Most Effective Protection Against SEM (Virus Guides) According to the latest report of NSS Labs, Microsoft Edge is the web browser which blocks the highest percentage of socially engineered malware (SEM) and phishing attacks when compared to Google Chrome and Mozilla Firefox
Technologies, Techniques, and Standards
New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices (Dark Reading) Imperva and Rapid7 have built scanners to discover IoT devices vulnerable or infected with Mirai malware
Changing IoT Passwords Won't Stop Attacks. Here's What Will. (Dark Reading) The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
Securing Black Friday sales: Is your business ready? (Help Net Security) Black Friday is the day following Thanksgiving Day in the US, well-known for a variety of promotional sales. These are dependent on Internet connections working, servers coping with demand, in-store bandwidth holding up for transaction processing, and more. Both in-store and online, Black Friday sales are dependent on technology
Tips and Best Practices for Securing your Cloud Initiative (Data Center Knowledge) As organizational IT data centers move to adopt cloud technologies they’ve immediately begun to see benefits in this type of distributed computing. Users are now able to access their applications or corporate desktops from any device, anytime and anywhere. But it’s not just about apps and desktops. New types of cloud services are revolutionizing user experiences and rich content delivery
Why a Reactive Security Strategy Costs Companies Millions Each Year (CTOVision) The Internet is both a blessing and a curse for businesses. While it opens up new markets that would have simply been unavailable decades ago, it also brings threats that, if not countered, can cost those companies millions, or even billions, of dollars
Army Wargames Hone Battlefield Cyber Teams (Breaking Defense) The Army is reinforcing its combat brigades with cyber soldiers. In 18 months of wargames with a wide range of units — tanks, Strykers, infantry, Airborne, Rangers — Army Cyber Command troops have brought hacking and jamming to bear on the (simulated) battlefield alongside guns and bombs
Classified vs. controlled unclassified information: what you should know (Federal News Radio) Classified documents usually get all the attention, but a new rule is addressing the way controlled information is marked and disseminated in non-classified documents
Design and Innovation
The Most Militarily Decisive Use of Autonomy You Won’t See (Defense One) Drones and robots get the headlines, but autonomous cyber weapons will be key to future warfare
What’s Next For IoT Security? (Semiconductor Engineering) The recent cyberattacks highlighted the security lacking in many IoT devices. Solutions are on the way
Software verification: the first step towards safe and resilient systems (Information Age) ‘Cyber security’ is misunderstood by many companies, and it is actually software security and software verification that are the first (and often missed) steps to a safe and resilient system
Submissions are open for RSA Conference Innovation Sandbox Contest 2017 (Help Net Security) The 12th annual Innovation Sandbox Contest at RSA Conference is now accepting submissions to name the “RSAC Most Innovative Startup 2017.” Past winners include successful companies such as Sourcefire, Imperva, Waratek, and most recently Phantom
Research and Development
China research team smashes quantum cryptography record (Silicon Republic) A team of researchers from China – with assistance from a lab in the US – has smashed the current quantum cryptography record, by sending a message across a distance of 404km that is impossible to eavesdrop on
Factoring Quantum Mechanics into Encryption (Physics Central) Recent cyber-attacks have left many people convinced that there is no real way to keep anything secret, at least not anything connected to the grid. You can strengthen your passwords and antivirus protection, but if the systems that send and receive your data are vulnerable, so are you. And the reality is, no one actually knows just how secure our encryption systems are
Legislation, Policy, and Regulation
China formalises existing restraints with new cybersecurity law (ZDNet) China's top legislative body this week passed a cybersecurity law that elevates the formally 'low-level regulations' applied across the nation in areas such as security, online speech, and citizen rights
Will China’s cyber security law restrict online freedom? (Infotechlead) The Chinese government on Monday passed a new cyber security law, as part of heightening Beijing’s control on the Internet
China's vague cybersecurity law has foreign businesses guessing (CSO) China has approved a cybersecurity law that many foreign companies have opposed
Investigation Offers New Glimpse Into Russian Military’s Hacking, Recruitment Efforts (Radio Free Europe/Radio Liberty) The captions asks those who have “successfully graduated from college” and are experts in "technical science" to apply to join a new entity called the Research Squadron of the Russian Federation
New boot camp for cyberspies announced (Misco) In a move that brings us ever closer to living in the plot of a James Bond film, last week the government released news of its new boot camp for cyberspies
Litigation, Investigation, and Law Enforcement
Regulators could fine Tesco Bank over cyber attack (Telegraph) Tesco could be potentially be hit with a multi-million pound fine by City regulators in the wake of an unprecedented attack on its banking arm that saw money taken from about 20,000 current accounts
Tesco would face fines of up to £1.9bn under GDPR for Tesco Bank breach (Computing) Entire Tesco group would be in the firing line – with demands for more payouts on top from class-action lawsuits
Security Controls 'Working' Despite NSA Theft: US Official (NBC 10) National security breaches have changed in recent years from unearthing moles working for foreign governments to stopping intelligence workers before they leak or share documents with journalists
Clinton Email Investigation: A Forensics Perspective (BankInfo Security) Investigator Rob Lee explains the process to find classified emails
Clinton email case handling brings tumultuous time for FBI (Federal Times) The FBI's handling of the Hillary Clinton email investigation has created more turmoil for the bureau than any other matter in recent history, exposing internal tensions within the Justice Department and stirring concerns the famously apolitical organization unnecessarily injected itself into the campaign
Tor marketplaces shut down by Operation Hyperion (Naked Security) Tor, the conduit for below-the-radar browsing, and drugs, weapons and other illegal activities, has been under the microscope by law enforcement in the past two years. In the past months alone, we saw Brian Richard Farrell, who helped run Silk Road 2.0, sentenced to eight years in jail for his work in the dark market. His arrest was part of Operation Onymous, which aimed to take out illegal marketplaces on Tor, back in 2014
Dutch police takes over darknet market, posts warning (Help Net Security) As law enforcement agencies around the world continue taking down online markets on the Dark Web, the Dutch National Police and the nation’s Public Prosecution Service are trying out a new strategy for deterring sellers and buyers of illegal goods
Unsealed Court Docs Show FBI Used Malware Like ‘A Grenade’ (Motherboard) In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service
14 arrested for laundering millions stolen with malware (Help Net Security) The UK National Crime Agency (NCA) has arrested fourteen individuals suspected of laundering more than £11 million stolen through the use of malware
Those Suing Anthem Seek Security Audit Documents (HealthcareInfo Security) Lawyers in breach-related suit argue OPM audit findings are relevant
New challenges surface for VW, including a possible new defeat device in Audis [updated] (Ars Technica) And in the US, VW given until the end of November to find a fix for 3.0L diesel cars
Oil exec accused of impersonating Elon Musk in an email sues Tesla over Twitter hack (Naked Security) In September, Tesla sued an oil pipeline services company exec, claiming that he tried to impersonate Musk in an email message that sought to glean financial information about the company
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, Feb 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.
2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, Nov 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.
IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.
SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world
Federal IT Security Conference (Columbia, Maryland, USA, Nov 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.
11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, Nov 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
CyberCon 2016 (Washington, DC, USA, Nov 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with firstname.lastname@example.org to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.