The CyberWire Daily Briefing 02.03.16

Summary

By The CyberWire Staff

ICS-CERT releases updates on BlackEnergy and the associated attacks on Ukraine's power grid. There's general agreement that the episode exposes an unpleasantly high degree of vulnerability in utilities. New standards for critical infrastructure protection are under development.

Two security companies are dealing with flaws in their products. Malwarebytes works to patch its Anti-Malware product for man-in-the-middle and privilege-escalation vulnerabilities Google researchers discovered. Google researchers have also called out Comodo's "Chromodo" secure browser for disabling same-origin policy and hijacking DNS sessions.

Check Point releases its research into a code validation bypass flaw in eBay. eBay has said the vulnerability amounts to little and won't be patched. Check Point disagrees.

Open Effect and the University of Toronto's Citizen Lab release a study of fitness wearables. Locational privacy seems the major issue among their findings.

A data breach at Landry's and Golden Nugget, corporate parents of US restaurant chains Bubba Gump Shrimp, Saltgrass Steak, and McCormick & Schmick's, exposed customer pay cards used at its locations between May and December of last year.

Some 5200 online Neiman Marcus customer accounts were accessed by hackers late last year.

The US and the EU, after letting Safe Harbor lapse over the weekend, have agreed to a new data transfer agreement, "Privacy Shield."

The EU moves to restrict anonymous Bitcoin transactions.

The proposed 2017 US Defense budget contains some $7 billion in cyber spending.

AnonSec hacktivists say they've hacked NASA, looking for signs of its complicity in a "chem-trail" conspiracy. NASA says AnonSec's claims are overblown.

Notes.

Today's issue includes events affecting Australia, China, European Union, Japan, Philippines, Russia, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Will your trusted digital device become your biggest enemy? (NetGuide) As digital devices become a staple of people's every day lives, personal and private information is increasingly at risk

7 Signs of Infosec's Groundhog's Day Syndrome (InformationWeek) Irritations that plague security pros day in and day out

Legislation, Policy and Regulation

EU, US Agree to New Internet 'Privacy Shield' (SecurityWeek) The EU and United States struck a new deal Tuesday on data transfers relied on by Facebook and Google, after Europe's top court struck down the previous pact for failing to protect users from US spying

Here is How Today's "Safe Harbor" Agreement Addresses Privacy Concerns (Fast Company) U.S. authorities agreed to limits on mass surveillance of European user data and a new ombudsman to address complaints

Initial Agreement Reached to Replace Old Safe Harbor Agreement Between US, EU (Legaltech News) The agreement aims to protect the rights of Europeans when there data is transferred to the United States

EU-US Data Transfers Won't Be Blocked While Privacy Shield Details Are Hammered Out, Says WP29 (TechCrunch) A mote of certainty for US businesses that export EU data for processing and are wondering whether or not they are in compliance with EU law right now, given the legal quagmire of EU-US data protection relations

EU, US Agree On New Data Transfer Pact, But Will It Hold? (Dark Reading) So long Safe Harbor, hello 'Privacy Shield'

EU to step up checks on Bitcoin, prepaid cards to fight terrorism (Reuters) The European Commission will propose by the end of June stricter rules on prepaid cards and virtual currencies in a bid to reduce anonymous payments and curb the financing of terrorism, documents released on Tuesday showed

Study Claims Dark Web Sites Are Most Commonly Used for Crime (Motherboard) There is an "overwhelming" presence of content related to illegal activities on easily-accessible dark web sites, according to new research

Cryptopolitik and the Darknet: the Darkness Online (Taylor & Francis Online) Encryption policy is becoming a crucial test of the values of liberal democracy in the twenty-first century

China's next five-year plan offers preview of cybersecurity targets (CSO) Is your industry next in line to be targeted by China's government-sponsored hackers?

Pentagon unveils budget priority for next year: Countering Russia and China (Washington Post) The Pentagon unveiled a proposal Tuesday to boost spending on advanced weaponry and the U.S. footprint in Europe, part of a plan to refocus the defense budget to counter technological and military advances by Russia and China

Pentagon chief: 2017 budget includes $7B for cyber (FCW) To better train the Defense Department's cybersecurity personnel and develop more offensive tools, the department's fiscal 2017 budget request includes nearly $7 billion for cyberspace operations, said Defense Secretary Ash Carter

National Security Agency plans major reorganization (Washington Post) The National Security Agency, the largest electronic spy agency in the world, is undertaking a major reorganization, merging its offensive and defensive organizations in the hope of making them more adept at facing the digital threats of the 21st century, according to current and former officials

NSA's TAO Head on Internet Offense and Defense (Schneier on Security) Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) group — basically the country's chief hacker — spoke in public earlier this week. He talked both about how the NSA hacks into networks, and what network defenders can do to protect themselves. Here's a video of the talk, and here are two good summaries

US to Rework Arms Control Rule on Exporting Hacker Tools (ABC News) The U.S. government is rewriting a proposal under arms control rules from 20 years ago to make it simpler to export tools related to hacking and surveillance software since they are also used to secure computer networks

Red Flag: Pentagon Contractors Get Two Year Extension on Data Protection Rule (Digital Guardian) In a worrying sign, Department of Defense Contractors requested and won an almost two year extension on new rules that would require them to protect sensitive information stored on their networks

Air Force to develop cyber-squadrons, Gen. Hyten says at Broadmoor symposium (Colorado Springs Gazette) The Air Force plans to revolutionize how it handles computer warfare by beefing up its force of cyberspace experts while contracting out easier jobs, like running the service's network

Products, Services, and Solutions

Savvius™ Launches OmniPeek 9.1 with Visualization, Geolocation, and Performance Upgrades for Enhanced Network Analytics (Savvius) OmniPeek® 9.1, best-in-class network analytics software for performance and troubleshooting, offers a higher-performance Compass dashboard, enhanced geotagging, and RAID 6 support

Damballa and iVision Give Businesses an Alternative to Traditional Security Assessments (BusinessWire) Pinpoint threat-related issues inside the network and take action to reduce risk

Guidance Software Unveils New Data Risk, Privacy and Protection Solution (BusinessWire) EnForce™ Risk Manager mitigates digital risk and increases compliance with data privacy regulations

ReversingLabs and Interface Masters Partner to Deliver a Complete Network Visibility and Cyber Security Threat Detection Solution (Yahoo! Finance) Network monitoring and file extraction/inspection solution With ReversingLabs N1000 Sensor Appliance & Niagara 2804 Network Tap/Packet Broker

PhishLabs Launches the First End-to-End Spear Phishing Solution Driven by Real-World Attack Intelligence (BusinessWire) PhishLabs, the leading provider of 24/7 phishing defense and intelligence solutions, today announced general availability of T2 Spear Phishing Protection, the first solution in the industry using intelligence from real-world phishing attacks to train employees, analyze attacks, fight back against threats, and prevent data breaches

A10 thunders into new firewall market with convergent offering (ChannelLife) A10 Networks has expanded its portfolio of security solutions with a new converged firewall, opening the doors for 'exciting and valuable opportunities' for local channel partners

FireEye Dives Into Midmarket With Launch Of FireEye Essentials (CRN) Long known as a security stalwart of the enterprise, FireEye is now diving headfirst into the midmarket with the launch of FireEye Essentials, a move it says will present a huge opportunity for its channel partners

The top 10 Linux security distros (IT Pro Portal) Linux distros can be used for a lot of things, from games to education, but when it comes to security, there's a whole mini-universe available

Inside the new Microsoft Azure security features (TechTarget) There are two new Microsoft Azure security features. Expert Rob Shapland breaks down how they aim to boost cloud security for enterprises

Tor: What Lies Beneath the Onion's Skin (IBM Security Intelligence) Tor, an acronym for The Onion Router, is free software for anonymous online communication that masks a user's identity by hiding the originating and destination IP addresses of messages sent through it

Technologies, Techniques, and Standards

New standards coming for cybersecurity of critical infrastructure (Control) Even if you don't see your industry as critical, it stands to benefit from emerging activities to harden networks through standards

Does attribution matter to security leaders? (CSO) Do you find the public discussions about attribution after a breach useful or a needless distraction?

Ransomware Happy Ending: 10 Known Decryption Cases (Tripwire) Hit by ransomware and have no backup? Most of the time, regretfully, you have no chances to recover the encrypted data beyond paying the ransom to the extortionists

Encryption Has Its Place But It Isn't Foolproof (Dark Reading) Most encrypted data is unencrypted at some point in its lifecycle — and the bad guys are pretty good at finding the one window left open

Hackers Will Get In: How Will You Protect Your Most Valuable Data? (Legaltech News) The days of being completely data-secure are over, and it's time to start thinking about protecting your most valuable data

5 New Rules to Make Escalations More Effective and Efficient (SecurityWeek) There is a new adage in the security world: don't assume you will be hacked, but assume you have already been hacked. This forces security professionals to re-examine the validity of the Cyber Kill Chain model — which reinforces traditional, perimeter-focused, malware-prevention thinking — and develop new strategies to deal with persistent and smart attackers, including insider threats

Top 4 Compliance Mistakes and How to Prevent Them (Data Center Journal) According to Verizon's 2015 PCI Compliance Report, a staggering 80 percent of retailers fail to pass interim PCI compliance assessments

How to be or find a skilled pen tester (CSO) Understanding how to think like a criminal can help you develop the skills you need to be a superior pen tester

Privacy is the new purpose: why all brands need a chief hacking officer (Marketing Magazine) High-profile hacking cases and daily bombardments of unwanted marketing interventions in personal browsing and leisure time are forcing consumers to rethink what data they share and with whom they share it. Marketers have to reframe the data issue

Seven security cultures that can help or hurt your organization (CSO) It's 2016: do you know where your security culture is? Because some cultures make the job easier than others

Marketplace

Your board and cyber risk: Reimagining security protocols from the top down (Help Net Security) As scrutiny of well-known financial services firms' security practices continues to make news, the SEC has chosen to turn its attention to risks facing a certain subset of the industry — registered broker-dealers and investment advisers — who according to public reports, continue to face cybersecurity breaches related to weaknesses in basic controls

4 reasons why your client's cyber claims could be denied (Property Casualty 360) Navigating the waters of Cyber liability claims can be complex and confusing for policyholders

FireEye acquires Invotas; Who's next? (CSO) FireEye adds security orchestration and automation to their global threat intelligence platform

First CyberArk, now Barracuda, as security M&A talk hots up (CRN) Growing understanding of cyber threats could drive consolidation among vendors, analyst argues

Raytheon: Wait For A Pullback Then Go Long (Seeking Alpha) Raytheon operates in the shadows of the larger defense contractors and therefore doesn't get much attention from investors. The company had a great 2015 and is estimating great growth in 2016 and beyond. They have a well diversified portfolio of products and are growing internationally and domestically. Their foray into commercial off-the-shelf cyber security products will give Raytheon access to a lucrative and long-lasting market

Yahoo will explore "strategic alternatives," cut workforce by 15 percent (Ars Technica) Company says it's "sharpening focus," considering divesting non-core business

A New Cybersecurity ETF From Global X Is On Its Way (Revised) (Seeking Alpha) The year 2015 may have been soft for the cybersecurity ETFs, but the craze for issuing more cybersecurity funds has not abated at all. Issuers are still seeing long-term prospects in it. Most recently, ETF issuer Global X announced plans to dip its toes into the space and filed for a cybersecurity ETF

Five rules to conduct a successful cybersecurity RFP (CSO) How to get the best price/quality offer on the open market of cybersecurity?

V3 Startup Spotlight: Data security firm Silicon:SAFE (V3) Big data is becoming a valuable commodity, so it is no surprise to see startups specialising in products and services to protect that data. Silicon:SAFE is one such company in the early stages of product development

SFP Capital and Sagamore Ventures Invest $1.25M in CWIST (KEH Communications) CWIST relocates to Baltimore, MD's City Garage as it focuses on hiring and growth

Research and Development

Government R&D can be a catalyst for technological progress (The Hill) We are living in an era where innovation, agility and imagination are all essential in order to keep pace with exponential technological transformation taking place in our society

Security Patches, Mitigations, and Software Updates

Toys Patched Against Flaws that Put Children's Data, Safety at Risk (Threatpost) As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations' ability to receive and triage bug reports

Google fixes critical Wi-Fi and media-processing flaws in Android (IDG via CSO) Attackers could compromise devices with Broadcom Wi-Fi chips over the wireless network

WordPress 4.4.2 Security and Maintenance Release (WordPress) WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately

Cyber Attacks, Threats, and Vulnerabilities

DHS posts BlackEnergy malware update as part of ongoing investigation (FierceGovernmentIT) The Homeland Security Department on Monday issued an update to its ongoing investigation of the "BlackEnergy" malicious code, recovered from the networks of a power company in western Ukraine that suffered an outage in December

Alert (ICS-ALERT-14-281-01D) Ongoing Sophisticated Malware Campaign Compromising ICS (Update D) (ICS-CERT) This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-281-01C Ongoing Sophisticated Malware Campaign Compromising ICS that was published January 11, 2016, on the ICS-CERT web site

Hard lessons emerge from cyberattack on Ukraine's power grid (Christian Science Monitor Passcode) The ongoing investigation into a cyberattack that experts have linked to a December blackout in Ukraine reveals how vulnerable other power suppliers are to malware attacks

Google ninjas go public with security holes in Malwarebytes antivirus (Register) Software biz races to fix bugs everyone now knows

Malwarebytes still fixing flaws in antivirus software (IDG via CSO) The company apologized, saying vulnerabilities are a reality of software development

Google says Comodo's 'secure' browser isn't safe to use at all (TNW) In an advisory published today, a Google engineer has pointed out that security firm's Comodo suite of tools to stay safe online actually exposes users to possible attacks

Comodo "Chromodo" browser disables same origin policy, effectively turning off web security (Google Security Research) When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices

Socat Warns Weak Prime Number Could Mean It's Backdoored (Threatpost) Socat is the latest open source tool to come under suspicion that it is backdoored

Severe and unpatched eBay vulnerability allows attackers to distribute malware (Help Net Security) Check Point researchers have discovered a severe vulnerability in eBay's online sales platform, which allows criminals to distribute malware and run phishing campaigns

Disputed eBay platform vuln poses 'severe risk' to tat bazaar's users (Register) Infosec bods warn of problem — and so far there's no reaction

Security and privacy issues plague wearable fitness tracking devices (Help Net Security) A new report is describing major security and privacy issues in several leading wearable fitness tracking devices and accompanying mobile applications. The research examined offerings by Apple, Basis, Fitbit, Garmin, Jawbone, Mio, Withings, and Xiaomi

URLZone Back, Targeting Banks in Japan (Threatpost) After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan

Hackers claim to have hacked NASA, hijacked one of its drones (Help Net Security) AnonSec hackers claim that they have breached a number of NASA's systems, and they have published a data trove containing video recordings made by the agency's aircrafts and drones, the drone's flight logs, and the names, email addresses and telephone numbers of some 2,400 agency employees

NASA Denies Hackers Hijacked Its Drone (InformationWeek) The space agency insists AnonSec didn't commandeer a NASA Global Hawk drone, but it's still looking into claims its network was hacked

Hackers Target Pastebin.com with Powerful DDoS Attack (Hack Read) Pastebin.com is a world renowned online platform where users can store plain text but it is often under cyber attacks from hackers and cyber criminals. On 30th January 2016 someone started carrying a series of powerful Distributed Denial-of-Service attack (DDoS) on Pastebin.com forcing the platform to go offline

Cyber attack on NSW Government department raises security fears (Australian Broadcasting Corporation) A hacking attempt on sensitive mining and resources data has raised questions about the New South Wales Government's online security, particularly within the state

Hundreds of Landry's, Golden Nugget Locations Hit by Data Breach (Infosecurity Magazine) Fans of restaurants like Bubba Gump Shrimp Co., Saltgrass Steak and McCormick & Schmick's should check their credit information

Neiman Marcus admits to another breach of customer data (FierceITSecurity) Attackers were able to breach the websites of Neiman Marcus and affiliated stores and steal personal information from customers, including contact information, purchase history, and the last four digits of credit card numbers

Fisher-Price smart bear allowed hacking of children's biographical data (Guardian) Security researchers have found a flaw in the Smart Toy internet-connected teddy bear that used a child's name, birthday and gender

The £1,000,000 ransomware demand that wasn't (Graham Cluley) Several folks in the computer security industry raised their eyebrows when reading recent reports that a UK council had been hit hard by ransomware, taking regular services offline

Silicon Valley's High-Tech Super Bowl Stadium Could Be a Target for Hackers (Atlantic) The Bay Area will host this year's big game in the league's newest venue, an arena chock-full of technology and networking equipment

3 Cyber Security Lessons From Super Bowl XLIX (InformationWeek) The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness

Inside the Super Bowl cyber-ops headquarters (CNBC) At an undisclosed location in the San Francisco Bay Area, a team of public and private security experts is assembling a pop-up intelligence operations center for Super Bowl 50

Academia

White House recognizes Cyber Innovation Center for support of computer science, STEM (Shreveport Times) The White House recently announced a Presidential Initiative called "Computer Science for All" along with proposed new funding for states and communities to provide all students across the country with the opportunity to engage and learn computer science

Cadets gain tech experience in CyberPatriot competition (CDAPress) As cybersecurity threats become more prominent, so does the knowledge to guard against them and fight back when they are launched

Litigation, Investigation, and Enforcement

Kerry sent 'secret' email to Clinton from personal account (The Hill) As a senator, Secretary of State John Kerry sent at least one email to Hillary Clinton from his personal account that has now been classified as secret, the State Department confirmed on Tuesday

Lawmakers bash top Education tech official on cyber flaws (The Hill) The Education Department's chief information officer is putting the personal information of hundreds of millions of people at risk, lawmakers said during a contentious hearing Tuesday

US auditors slam Homeland Security's $5.7bn Einstein firewall: But are they missing the point? (ZDNet) A US government audit has found a key network security platform offers inadequate protection. But is it designed to offer protection or some other capability?

Workers threw out U.S. nuclear secrets with common rubbish for 20 years (Center for Public Integrity) A persistent problem in nuclear weapons work crops up again

Guilty Plea in Attempted Cyber-Attack on US Govt. Computers (ABC News) A former Nuclear Regulatory Commission scientist pleaded guilty Tuesday to a federal computer crime, admitting that he attempted to launch a cyber-attack on government computers by sending employees emails that he thought contained a virus

Mass spammer gets 27 months in the slammer (Naked Security) Were you irked when a pair of text message spammers pleaded guilty but got off with probation?

Design and Innovation

More Details on the NSA Switching to Quantum-Resistant Cryptography (Schneier on Security) The NSA is publicly moving away from cryptographic algorithms vulnerable to cryptanalysis using a quantum computer. It just published a FAQ about the process

Crypto Colonizing: B of A's Blockchain-Patent Strategy (American Banker) Bank of America's blockchain patent push shows how bankers' attitudes toward the technology of cryptocurrencies have changed over the last few years — from dismissing it, to sizing it up to trying to protect their interests in it

Bot fixes buggy code so you don't have to (Naked Security) You've probably heard of bots

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.