Pyongyang thought to have introduced malware into RoK military network. A new botnet rivals Mirai in DDoS effectiveness. Ransomware notes. Social media grapple with content filtering.
Yonhap reports that a South Korean military intranet has sustained a North-Korean directed malware infestation. Seoul's Ministry of Defense acknowledged finding the malicious code in one of its cyber command networks.
Mirai appears to have a competitor in the distributed denial-of-service market. CloudFlare has reported that a new botnet—what kinds of bots it's composed of remains unclear—began executing attacks on November 23rd. It ran on a predictable schedule: eight hours a day for seven days, beginning at 10:00 AM PST. On the eighth day the attack switched to twenty-four hours, reaching a peak volume of 400 Gbps. (MIrai has hit 620 Gbps.) Attacks seem to have originated with Chinese IP addresses, and to have targeted servers in California. CloudFlare thinks the targets were "gaming and virtual goods sites and services."
Locky ransomware operators have shifted to [dot] osiris extensions in malicious code being spread by bogus Excel invoices. No decryption is yet available, so secure, regular backup is the best preparation for recovery. Globe2 ransomware is implicated in successful attacks on British hospitals that disrupted patient services.
Ransomware exacts opportunity costs from its victims: San Francisco's Muni light rail estimates it lost some $50,000 in fares during its attack. That's $75,000 less than the ransom Muni refused to pay, but it still hurts.
Social media companies and sites continue to grapple with content filtering. Counter-trolling seems unsuccessful. Control of terrorist imagery remains a work in progress, but is proceeding along lines followed to exclude child porn from networks.
Today's issue includes events affecting Belgium, China, European Union, France, Ireland, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Netherlands, Norway, Russia, United Kingdom, and United States.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Lancaster University, as Awais Rashid discusses the concept of critical national infrastructure. Our guest is Cris Thomas (whom you may know by his "Space Rogue" handle). He's from Tenable Network Security, and he'll be talking us through the Global Cybersecurity Assurance Report Card Tenable released yesterday.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
N. Korea likely hacked S. Korea cyber command: military (Yonhap News) N. Korea likely hacked S. Korea cyber command: military North Korea appears to have hacked South Korea's cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday
New Large-Scale DDoS Attacks Follow Schedule (Threatpost) A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope
Locky Ransomware switches to Egyptian Mythology with the Osiris Extension (Bleeping Computer) Once again, the developers of the Locky Ransomware have decided to change the extension of encrypted files. This time, the ransomware developers moved away from Norse gods and into Egyptian mythology by using the .osiris extension for encrypted files
The Ransomware before Christmas, 2016 edition (IT Governance) The weather outside is frightful and people are spending more time at home, where it’s warm and a cup of tea is right next to the laptop. It’s an endearing modern winter tale but it could easily turn into a nightmare – thanks to ransomware
Ransomware blamed for cyber attack which forced hospitals to cancel operations and shut down systems (ZDNet) 2,800 patient operations were cancelled in total, hospital confirms -- but no word on how Globe2 ransomware infection occurred
Muni Braced for $50,000 Ransomware Hit (Infosecurity Magazine) San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 hit in lost fares over the weekend it was struck by a major ransomware attack, in yet another example of the financial repercussions of critical security gaps
'Gooligan' hack hitting 13,000 Android phones per day (Chinchilla News) If you've travelled recently, you'll have been asked to leave your Samsung Galaxy Note 7 at the gate before you board your plane
Never Ever (Ever) Download Android Apps Outside of Google Play (Wired) This week, researchers revealed that a strain of malware hit at least 1.3 million Android phones, stealing user data as part of a scheme to boost ad revenue. Called “Gooligan,” it got into those devices the way so many of these large-scale Android attacks do: through an app. Specifically, an app that people downloaded outside the comfortable confines of the Google Play Store
Chrome bug triggered errors on websites using Symantec SSL certificates (CSO) The bug affected Chrome on all platforms, as well as the WebView component on Android
DailyMotion Allegedly Hacked, 85 Million User Accounts Stolen (Bleeping Computer) An unknown hacker has supposedly breached video sharing platform DailyMotion and stolen details for 87.6 million accounts, belonging to approximately 85 million users, according to data breach index website LeakedSource
Talking Dolls Pose Privacy Risk to Children, Advocacy Groups Allege (Wall Street Journal) Complaint alleges My Friend Cayla and I-Que Intelligent Robot collect and use personal information from children
It’s Trivially Easy to Watch Porn On a Restricted Tablet Made For Kids (Motherboard) Christmas is around the corner and parents all over the world are mulling over what gifts to give their kids. Many toys and other children gizmos these days have an internet connection, which poses an interesting dilemma: how do you keep the kids out of the more undesirable (read: porn) parts of the web?
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 (Recorded Future Special Intelligence Desk) According to updated Recorded Future analysis, Adobe (Flash Player) and Microsoft products (Internet Explorer, Silverlight, Windows) continue to provide the primary avenue of access for criminal exploit kits. While nation-state targeting of political efforts has dominated InfoSec headlines in 2016, criminals continue to deliver ransomware and banking trojans using new exploit kits targeting new vulnerabilities
Scottish FA Apologizes After Fans are Phished (Infosecurity Magazine) Scottish football fans have been targeted by a highly convincing phishing scam
NSFW posts pop up on T.J. Maxx’s Facebook page (Boston Globe) The official Facebook page of Framingham-based corporate retailer T.J. Maxx appeared to fall victim to hackers on Sunday
Watch an emotional Paige Spiranac speak out about the cyber bullying she's faced (Golf Digest) Paige Spiranac would like to improve upon last year's performance when she tees it up again at this week's Omega Dubai Ladies Classic. In the meantime, the LPGA hopeful/social media star should be content if the highlight of her latest trip to the Middle East is the press conference she gave on Monday
Security Patches, Mitigations, and Software Updates
Dirty Cow Vulnerability Patched in Android Security Bulletin (Threatpost) The Dirty Cow vulnerability lived in Linux for close to a decade, and while it was patched in October in the kernel and in Linux distributions, Android users had to wait for more than a month for their fix
Nation-state hacking from Russia and China set to continue into 2017, experts warn (International Business Times) Most of the biggest hacks that will happen in 2017 are 'already under way'
Government cybersecurity readiness declining, according to survey (Federal Times) The government sector is unprepared in aggregating risk intelligence and performing risk assessments, according to the 2017 Global Cybersecurity Assurance Report Card compiled by Tenable Network Security and research partner CyberEdge Group
One-Fifth of Government Agencies Don't Encrypt Data (Infosecurity Magazine) Nearly 20% of government agencies using a public cloud do not encrypt data, but still see security as a top priority
Why Palo Alto Networks Is A Buy (Seeking Alpha) PANW’s shift to the subscription and renewals model is driving growth and helping it add more customers, while also leading to an improvement in the margin. PANW will benefit from an improvement in its total addressable market, which will grow to $22 billion in 2019 from $18.2 billion in 2016. It is expected that PANW will triple its market share by 2024 from the current share of 7% in the security market, driven by its wide suite of products
Darktrace co-founder discusses the future of cybersecurity (TechCrunch) One of the co-founders of the tight-lipped cybersecurity firm Darktrace peeled back some of the secrecy around the company today at TechCrunch Disrupt London, describing how investor Mike Lynch brokered a meeting between Cambridge mathematicians and spies at the British intelligence agency GCHQ to found the company
Nintendo Teams Up With HackerOne to Secure 3DS Via Bounty Program (Hardcore Gamer) Security vulnerabilities are a nightmare for a console company. Piracy and inappropriate content are particularly troublesome to Nintendo, so it’s teamed up with the web site HackerOne to find information on possible exploits of the 3DS platform
Bitglass makes European channel debut (Channelnomics) Cloud security vendor plans to open UK office early next year
Forcepoint™ Announces Executive Leadership Appointment (PRNewswire) Meerah Rajavel joins as the company's new Chief Information Officer
Unisys Appoints New Chief Marketing Officer, Aims To Boost Its Security Marketing Message (CRN) Unisys bolstered its marketing prowess Monday by bringing on former LiveOps chief marketing officer Ann Sung Ruckstuhl as the solution provider’s new CMO
Accenture Continues To Build Cybersecurity Practice, Hires Former Fidelis CSO To Head Incident Response Practice (CRN) Continuing to build up its new cybersecurity unit, Accenture has hired former Fidelis Cybersecurity chief security officer Justin Harvey as managing director and global lead for the company’s incident response practice
FourV Systems Announces Two Appointments to Senior Board of Advisors (BusinessWire) Experts with strong backgrounds in security and risk to support company growth and expansion
Products, Services, and Solutions
GlobalSCAPE, Inc. Releases New Security Features and File Sharing Capabilities to Its Data Exchange Platform (Globalscape) Security enhanced through integration of Web single sign on through SAML; broader support for RSA, RADIUS; new workspaces Outlook plugin
Virtru Recognized by Google as a Recommended for G Suite Application for Encryption (Marketwired) G Suite users to benefit from Virtru's data-centric approach to business privacy and security -- ensuring data is protected wherever it travels
Convergence continues expansion with Panthera (Convergence Tech) A solid step in Panthera’s objective to provide leading capabilities across the technology platform; Convergence continues their expansion to serve the full-array of customer’s requirements from desktop to the application to the infrastructure while assuring secure application delivery
Palo Alto Networks extends AWS relationship to enhance firewall scalability (Channel Buzz) Palo Alto sees its adaption to the new age of cloud security as fundamental, and has been doing what it can to keep its channel partners moving in tandem on this objective
Behavior analytics tools for cybersecurity move into enterprises (Computerworld) Parchment deploys Darktrace's Enterprise Immune System
FireEye: The Big Difference With Helix (Seeking Alpha) FireEye recently introduced a cutting-edge security product called Helix. Helix will transform security deployment for small and large businesses. Is this the game-changer we have been waiting for?
Centrify streamlines adoption of hybrid cloud (Financial News) Centrify has announced new hybrid cloud capabilities and best practice guidance to speed and secure adoption of Infrastructure-as-a-Service (IaaS), the company said
Amazon Launches AWS Shield DDoS Protection Service (HackRead) AWS Shield comes in two packages: AWS Shield Standard and AWS Shield Advanced
Google Debuts Continuous Fuzzer for Open Source Software (Threatpost) A new Google program aimed at continuously fuzzing open source software has already detected over 150 bugs
Orange Slovakia offers family security package by Eset (Telecompaper) Orange Slovakia offers a security package for the whole family. It protects up to four devices and include also a special application for protection of children on the internet. The family security package includes Eset SmartSecurity, Eset Mobile Security and Eset Parental Control by the company Eset
New anti-Facial Recognition Glasses Protect Users’ Privacy From CCTV Cameras (HackRead) Wear Reflectacles to avoid surveillance through CCTV Cameras and to enjoy night-time biking
Technologies, Techniques, and Standards
Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication (NIST) We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication
BYOD: How to provide secure access to network resources (Help Net Security) IT organizations have little or no choice when it comes to Bring Your Own Device (BYOD) programs
Laws, regulations and contracts that infosec pros should be familiar with (Help Net Security) If you’re a white hat and you want to continue being one, knowing what laws and industry regulations allow or not allow (or require or not require) you to do is of crucial importance
How to avoid bogging down your own servers (Panda Mediacenter) There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack
Internal and External Ramifications of Leaked Board Strategies (Infosecurity Magazine) Building off part one of our conversation, where we discussed the evolving board landscape as well as the associated top security concerns, this second part dives into breach response and how to prepare against them
The Five Core Components of Proactive Cybersecurity (TechZone 360) In 2016 the cyber landscape reached new heights with advanced attack methods, increased levels of sophistication and escalated frequency of adversary activity
Security startup confessions: Customer breach disclosure (Help Net Security) Balancing the needs of your company, your employees, and your customers requires making tough choices
Weihnachtsgeschenke sicher online shoppen (PCtipp) Ob per Smartphone, Tablet oder PC – der Onlineeinkauf der Weihnachtsgeschenke boomt. Anstatt sich in überfüllte Geschäfte zu stürzen, kaufen viele Schweizer die Präsente lieber online von zu Hause aus. Der IT-Sicherheits-Hersteller G DATA gibt Tipps fürs sichere Internet-Shopping
Design and Innovation
Solve cybercrime by permanently linking physical space and cyberspace (CSO) Virtually every cyber threat is enabled by the failure of most online identity verification systems to reliably connect a person’s physical identity with his or her cyber identity. Solving this problem will dramatically improve global cyber security
How blockchain can help fight cyberattacks (TechCrunch) Imagine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm
Facebook begins asking users to rate articles’ use of ‘misleading language’ (TechCrunch) A survey asking users about “misleading language” in posts is the latest indication that Facebook is facing up to what many see as its responsibility to get a handle on the fake news situation. At least part of its solution, it seems, is to ask users what they think is fake
Hacker News calls for “political detox,” critics cry censorship (TechCrunch) Can social media even exist without political debate? What about trolls? Hacker News, the social news site run by Y Combinator, is trying to find out
‘Spezgiving’: How Reddit’s CEO Tried And Failed to Troll the Trolls (Motherboard) Opening with the acronym for the phrase "Today I F[***]ed Up," what follows is an apology written by Reddit’s co-founder and current CEO, Steve Huffman
Research and Development
DARPA selects Raytheon for cybersecurity support (UPI) Raytheon has received a $9 million contract to support the U.S. Defense Advanced Research Project's Agency's latest cybersecurity project
Malaysia to Establish Cybersecurity Academy (Infosecurity Magazine) The Malaysian Digital Economic Corporation (MDEC) and Protection Group International (PGI) have signed an agreement to work together to develop a cybersecurity academy in Malaysia
15 under 15: Rising stars in cybersecurity (Christian Science Monitor Passcode) Kids born after the year 2000 have never lived a day without the internet. Everything in their lives is captured in silicon chips and chronicled on Facebook. Algorithms track how quickly they complete their homework; their text message confessions and #selfies are whisked to the cloud
Legislation, Policy, and Regulation
Obama Has a Plan to Fix Cybersecurity, But Its Success Depends on Trump (Wired) The Obama White House has had to reckon with cybersecurity like no other presidential administration in history, from China’s 2009 hack of Google, to the Office of Personnel Management breach, to the rise of botnets built from dangerously insecure “internet-of-things” devices
DDoS, IoT Top Cybersecurity Priorities for 45th President (KrebsOnSecurity) Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama
Atkin: Cybersecurity, critical infrastructure will be challenges for Trump's DHS (Federal Times) Speaking at the Homeland Security & Defense Business Council’s annual gathering forecasting the state of the agency, Thomas Atkin outlined the challenges the Department of Homeland Security will continue to face in 2017
Where would Mattis take cyber? (FCW) President-elect Donald Trump's pick for secretary of defense has a long and colorful track record of comments on combat, Afghanistan, Iran and other threats to the U.S. When it comes to cyber, however, experts say he's a bit of a tabula rasa
Van Hollen Applauds Elevation of U.S. Cyber Command in Maryland (AFRO) Today Maryland Congressman Chris Van Hollen issued the following statement applauding the elevation of U.S. Cyber Command in Maryland as part of the House-passed National Defense Authorization Act (NDAA)
Litigation, Investigation, and Law Enforcement
Court upholds warrantless surveillance of U.S. citizens under Section 702 (TechCrunch) The U.S. federal appeals court has ruled in United States v. Mohamud, a case that began with a 2010 holiday bomb plot and will end with unique implications for the private digital communications of American citizens
Court: Secret spying of would-be Christmas tree bomber was OK (Ars Technica) ACLU slams ruling, says this surveillance violates the constitution
Facebook, Microsoft, Twitter and YouTube collaborate to remove ‘terrorist content’ from their services (TechCrunch) Facebook, Microsoft, Twitter and YouTube today announced they would cooperate on a plan to help limit the spread of terrorist content online. The companies said that together they will create a shared industry database that will be used to identify this content, including what they describe as the “most extreme and egregious terrorist images and videos” that have been removed from their respective services
Sextortion: The U.S. military's dirty little secret is a growing national security concern (Military Times) You're scrolling through Facebook like any other day when a friend request pops up from a pretty girl. You accept, and she sends you a naughty picture. You send one back, just to be polite, or maybe because she asked nicely. Maybe you move the conversation onto Skype for a live show. But then she demands money, hundreds of dollars, and threatens to send your naked photo to your friends, your family and — worst of all — your employer
Child porn on government devices: A hidden security threat (Christian Science Monitor Passcode) Explicit images of minors, which have been discovered on federal workers' computers across the government, can be gateways for criminal hackers and foreign spies. What's the best way to combat the problem?
EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit (Threatpost) The Electronic Frontier Foundation is accusing the Drug Enforcement Agency of improperly withholding documents in a court case that hopes to reveal details about the government’s controversial surveillance program known as Hemisphere. The EFF, which is suing the DEA as part of a Freedom of Information Act (FOIA) request, is demanding the agency turn over documents that have been withheld or have been highly redacted
Snowden 'not counting' on pardon from Obama (The Hill) National Security Agency whistleblower Edward Snowden acknowledged in an interview broadcast Monday that a pardon from President Obama before he leaves office in January is unlikely
Snowden: Petraeus shared data ‘far more highly classified than I ever did’ (The Blaze) Edward Snowden, the former contractor for the National Security Agency who in 2013 leaked classified information that showed the U.S. government surveilled private data, said in an interview published over the weekend that retired Gen. David Petraeus “shared information that was far more highly classified than I ever did with journalists”
“Bullsh*t and spin”: Autonomy founder mocks HP’s $5B fraud suit against him (TechCrunch) How could Dr Michael Lynch raise a $1 billion venture capital fund while being sued for $5 billion over alleged fraud in the $11 billion sale of his company Autonomy to HP? “The reality is, that doesn’t take much time” since he has a team of lawyers on the case, Lynch said on stage during TechCrunch Disrupt London
Software Salesman Pleads Guilty To PoS Scam (Dark Reading) Washington's John Yin allegedly sold point-of-sale systems with revenue suppression software, incurring government monetary loss of $3.4 million
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CES® CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in the cybersecurity arena. The IoT, connected cars, new payment systems, VR and AR, wearables and our mobile devices all add new levels of concern to protecting our personal and corporate data. In this day-long conference, we’ll tackle the world of cybersecurity that demands we go far beyond the simple passwords and anti-virus protection of yesterday.
Disrupt London (London, England, UK, Dec 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.
US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, Dec 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.
NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, Dec 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, Dec 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.
Infosecurity Magazine Conference (Boston, Massachusetts, USA, Dec 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information, practical case studies and strategic and tactical insight
Practical Privacy Series 2016 (Washingto, DC, USA, Dec 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly good sessions right now—we can’t wait to share them with you!
CISO Southern Cal (Los Angeles, California, USA, Dec 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
SANS Cyber Defense Initiative 2016 (Washington, DC, USA , Dec 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative 2016 will feature courses in IT security, security management, IT audit, penetration testing, and computer forensics, including short courses that can be taken with a long course to enhance your training. Every course, evening talk, and special event is designed to equip you with cutting-edge knowledge and skills required to combat today's cyber criminals. SANS events offer you a unique opportunity to learn from the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately
Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, Dec 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.