Ransomware updates. Attacks on gamers and gaming platforms. Patch notes. Looking back at 2016, and ahead to 2017.
G Data reports discovering a new ransomware strain on Christmas Eve, DeriaLock, which demands $30 from its victims in equally subliterate all-dein-Basen-gehoren-uns German or English, take your pick. And Bleeping Computer describes an odd Koolova variant seen in development that offers decryption in exchange for the victim's downloading and reading two articles on ransomware—apparently a misguided educational initiative?
The skids at R.I.U. Star Patrol, known for their recent attack on Tumblr ("There is no sinister motive. It's all for light hearted [sic] fun," as the Patrol explains) said they planned Christmas denial-of-service attacks on Xbox One and Playstation 4 servers. The attacks are essentially motiveless. Outages have been reported early this morning; how extensive they are remains unclear.
Gamers seeking an unfair advantage over their online opponents face a targeted threat—a malicious cheat code for CounterStrike overwrites their Master Boot Record.
Two patches are particularly worthy of attention: Cisco offers an update to mitigate vulnerabilities in its CloudCenter Orchestrator, and PHP Mailer 5.2.18 closes a remote code execution hole in the widely used (WordPress, Drupal, Joomla, and elsewhere) software.
We are in the midst of 2016 retrospectives and 2017 predictions. Predictions generally project the past year's trends into the future (reasonably enough): an increasing military optempo in cyberspace, more adaptation of online media to influence operations, widespread attacks on (and via) the Internet-of-Things, the commodification of ransomware, a persistent appetite for surveillance among the world's governments, and the likelihood that emerging technologies will bring fresh threats to privacy.
Notes.
Today's issue includes events affecting China, Egypt, European Union, Guyana, India, Russia, Sweden, Thailand, Ukraine, United Kingdom, and United States.
A note to our readers: New Year's Day falls on Sunday, and so we'll take a break on Monday, January 2nd. Other than that we'll publish on our normal schedule. Best wishes for the new year from all of us at the CyberWire.
You can find information security lessons everywhere. We think we see some in the new Star Wars flick, "Rogue One." Here's a thought: the Empire's contractors on Eadu were apparently less than fully NISPOM compliant. Didn't Director Krennic require them to self-certify? (For background on NISPOM, see this account of a CRTC symposium, and lawyer up, padawans. Even the Empire has privacy and employment laws. We're pretty sure...although Krennic's HR policies seem a little strict...)
The CyberWire podcast this week offers a series of end-of-year long-form (but still brief) episodes. We're running extended interviews that include never-before aired conversations with some of our most interesting partners and guests. Our normal programming returns on January 3rd. If you've been enjoying the podcasts, please consider giving us an iTunes review.
You may also find the special edition of our Podcast of interest—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
Cyber Attacks, Threats, and Vulnerabilities
Skeptics Doubt Ukraine Hack, Its Link to DNC Cyberattack (Voice of America) Malware used to hack Democratic National Committee servers during the 2016 elections was also used to hack an artillery-targeting app in Ukraine, and might have caused Ukrainian military losses to pro-Russian forces, according to a report released this week by CrowdStrike, a cybersecurity company
Faketivists Could Play Havoc with Euro Elections in 2017 (Infosecurity Magazine) Security experts are warning of a rise in so-called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends
IS's Looming Death Could Be Hiding Bad News (Radio Free Europe | Radio Liberty) In 2014, the world was gripped by news of two deadly epidemics
Battlefield 1 PS4 & Xbox One Servers Are Down – No Response From EA (MobiPicker) EA servers down for the release of Battlefield 1 today. Stay tuned for updates as we keep an eye on the network, and find out when it’s back online
Group that attacked Tumblr threatens to DDoS Xbox for Christmas (Naked Security) A new hacking group is taking credit for a distributed denial-of-service (DDoS) attack that took down Tumblr this week. But so far, little is known about R.I.U. Star Patrol other than its motive of attacking for fun
Tumblr Attackers Now threatening to Ruin Christmas for Xbox Users with DDoS Attacks (HackRead) Tumblr was down on 21st December
What’s Prompting Hackers To Target PSN And XBox Live On Christmas Day? (MobiPicker) Controversial hackers collective R.I.U. Star Patrol released a video late last week claiming that they were considering a massive, coordinated cyber attack on PlayStation Network (PSN) and XBox Live on Christmas Day
How a Smart Toy Could Get Hacked (Panda) Almost a decade has passed since the arrival of Furby, which made quite a splash on the children’s toys market. That was just the beginning. Now, Christmas serves as a time to usher in new companions that, of course, come with their respective apps and are able to have full conversations, as though they were alive. The Internet of Things has come to the toy store
CounterStrike Hacking Tool Overwrites Cheaters' Hard Drive MBR (Bleeping Computer) CounterStrike gamers looking for an advantage over their competition might be in for a surprise this Christmas, as there's a booby-trapped cheat tool going around that will overwrite their hard drive MBR (Master Boot Record) and prevent their computers from booting
As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify (Bleeping Computer) Today's Bitcoin to US Dollar exchange rate has reached $902, the first time Bitcoin price has gone above the $900 mark since January 2014, almost three years ago
Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware (Bleeping Computer) There have been a lot of strange twists and turns when it comes to ransomware this month. First, we had Popcorn Time that gave you the option of screwing over people by infecting them to possibly get a free decryption key. Now, we have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles
New DeriaLock Ransomware Active on Christmas, Includes An 'Unlock All' Command (Bleeping Computer) Today, on Christmas Eve, G Data malware analyst Karsten Hahn has come across a new ransomware family named DeriaLock, which locks your screen and requests a payment of $30
Report: Online booking security gaps allow hackers to steal free flights (Deutsche Welle) IT security researchers have uncovered a gap that allows hackers to take plane tickets from customers who booked and paid online, German media reported. The results spell big problems for passengers and airlines alike
Fake Michael Kors Site Has Highest Volume For Non-Malware Attacks (PYMNTS) Tricking someone into clicking on a fake website and turning over their personal data has been a favorite scam of hackers, and it doesn’t seem to be abating, with security firm Cyren reporting a fake Michael Kors shopping website coming in as the highest volume non-malware attack of all of 2016
Cyber scammers are now targeting Guyanese and their inadvertent weakness for Christmas parcels (Guyana Guardian) The holiday version of a cyber-scam which seeks to implant a photo stealing and data stealing Trojan into the mobile phones and computers of unsuspecting persons has been targeting Guyanese and other Caribbean web users on an unusually higher scale this Christmas
Sports-Related Website Targeted (Sports ISAO) A sports-related website has recently been under attack from what appears to be an automated system that attempts to login to the website with guessed credentials. Use of this strategy, known as a brute force attack, against WordPress websites are once again on the rise. Additionally, the vast array of plug-ins for WordPress provides ample opportunity for hacks if the site administrator is not up-to-date with patching
ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers (Bleeping Computer) Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported by security researchers in the last three or more months
Digital Shadows Report: Mirai Botnet Isn’t Going Away (See Video) (American Security Today) Digital Shadows, a provider of cyber situational awareness, released its new report Mirai and The Future, Forecasting the DDoS Landscape in 2017
Suddenly hot smart home devices are ripe for hacking, experts warn (CNBC) Will 2017 be the year your home becomes under attack from cyber criminals?
US healthcare under siege: Got good insurance? (Register) Great. Keep an eye out for medical device hackers, though
Where the industrial IoT vulnerabilities lurk in your plant (TechTarget) When you connect manufacturing machinery to the internet, you've created a potential gateway for hackers. Here's a look at the risks you might be facing
APWG Report: Record-Shattering Q2 Phishing Attack Wave Ebbed in Q3 2016 (SAT Press Releases) The Anti-Phishing Working Group reports that the year’s record wave of phishing subsided in the autumn. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter — a decline of 25 percent
Russian Cybercriminals Fake Real People To Make Money From Real Online Ads (Filehippo) And the 2016 prize for original cybercriminal thinking goes to… the hackers who created fake people so they could make real money from real online ads
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant (Dark Reading) SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security
Britney Spears Isn’t Dead: Sony Says Twitter Account Compromised (Bloomberg) Issue has been fixed, recording division says in statement. Company apologizes to pop star and fans for confusion
Security Patches, Mitigations, and Software Updates
Cisco Warns of Critical Flaw in Cloudcenter Orchestrator Systems (Threatpost) Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download
Critical security update: PHPMailer 5.2.18 (CVE-2016-10033) (SANS Internet Storm Center) ISC recommended action: Patch...now. This is a very popular application, left unpatched it will be exploited
Nook 7 tablet updated to neutralise ADUPS fear, says Barnes & Noble (Naked Security) Desperately casting around for a last-minute gift? Too price sticker-shocked to get an iPad or Kindle Fire HD?
Microsoft admits maybe it ‘went too far’ with pushy Windows 10 upgrades (Yahoo!) In the holiday spirit of telling it like it is, Microsoft finally admits what everyone has known all year: pushing Windows 10 upgrades on people, whether they wanted it or not, was a bad move that ruined a great software upgrade
Apple gives iOS app developers more time to encrypt communications (Computerworld) The iOS App Transport Security (ATS) will not become a requirement on Jan. 1, as previously announced
Mozilla to Support Firefox for Windows XP and Vista until September 2017 (Bleeping Computer) Just before the Christmas holiday, Mozilla announced plans to support Firefox for Windows XP and Vista until at least September 2017
Clever Facebook Hack Reveals Private Email Address of Any User (Threatpost) Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user
Cyber Trends
The Dark Side of VR (The Intercept) Virtual reality allows the most detailed, intimate digital surveillance yet
Microsoft’s innovation czar: we’re moving from ‘information age’ to ‘intelligence age’ (Geektime) Microsoft’s director of strategic engagements shows off company’s work applying NLP to genetics and other issues impacting humanity
From cyberpropaganda to IoT bonets: Strap yourself in for a rocky 2017 (IT Pro Portal) 2017 is not going to be an easy year for IT professionals
Cyber Threat Predictions For 2017 And Beyond (Business Solution) Authentication technology, machine learning, and probabilistic tools gain ground to combat threats
Cyber Security Predictions For 2017 (AEC News) The year is coming to a close and for the the internet and cyber security communities that means looking back at what problems the internet faced in 2016, what issues are likely to arise in the year ahead, and how we can protect ourselves
A Cybersecurity Christmas Story (Dark Reading) Automation and orchestration will be essential components of security in 2017
The central role of identity verification in 2017 (IT Pro Portal) Identity verification and authentication will continue to play a critical and central role for digital commerce in 2017
The Worst Hacks of 2016 (Motherboard) It’s that time of the year again, where we recap the worst or biggest hacks of the previous 365 days, and try to convince you that, yes, this was the worst year for security ever
Year in Review: Militaries Got More Cyber in 2016 (Council on Foreign Relations) This year marked a turning point in military uses of cyberspace. For the first time, the United States, United Kingdom, and Australia acknowledged deploying offensive cyber tools against the Islamic State. The fact that the United States, China, Russia, and others break into adversary computer networks is not new–intelligence organizations have done so since the early 1990s. But openly acknowledging that a military, as opposed to largely civilian intelligence organizations, is using malware to gain an advantage during an armed conflict breaks new ground
Top 4 Cyber Attack Vectors of 2016 (The Merkle) It is evident that 2016, has been a year filled with all types of cybercrime. Ranging from DDoS attacks to malware, hacking to ransomware, and social engineering to skimming, a lot of havoc has been caused by select groups of individuals. But what were some of the top attack vectors exploited by criminals in 2016?
The Perils of Connectivity: Cyber Insecurity in 2016 (Cipher Brief) From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, PayPal, CNN, The New York Times, and Amazon hosting services inaccessible, to nation-states inserting themselves into the democratic process of other countries’ self-determination, it has truly been a landmark year for cybersecurity—or lack thereof
Vice is the latest site to call it a day on comments (Naked Security) Another online comments section has bitten the dust, collapsing under the ponderous weight of nastiness
Perfect cyber security will never exist: Verizon's Novak (Economic Times) Chris Novak talks about why India lacks behind in cyber security, IoT security flaws and how enterprises go wrong in their outlook towards cyber security
Privacy is still alive and kicking in the digital age (TechCrunch) Our lives are lived in data. Data crossing borders and connected in virtual space. Most often, it appears, we live in open and too easily accessible data networks. States and corporations are watching us through data, and we are watching each other through data. What does individual privacy mean in this data saturated environment?
Marketplace
VPN Firms Set for a Great 2017 Thanks to Snoopers’ Charter (Infosecurity Magazine) Virtual private network (VPN) providers are reporting an upsurge in interest from UK citizens keen to avoid state snoopers after the controversial Investigatory Powers Bill was passed
Cyber security startup Haystax secures $4 million investment from Fishtech Labs (Geektime) Companies are increasingly worried about insider threats, and Haystax guarantees it can help find those needles
The 'endpoint plus network' strategy is CSO's armor: Kris Hagerman (CSO) A holistic security portfolio elevates the company's value proposition as a preferred vendor for companies, Sophos CEO says
IBM's Astonishing Patent Strategy Shows Where It's Going Next (Nasdaq) IBM (IBM) is set to top the list of patent holders for the 24th year in a row in the U.S. This is no ordinary feat. IBM is the only company to have ever exceeded over 7,000 U.S. patent grants during a single year. During 2016 year-to-date, IBM has already crossed the 7,000-patent mark for the third consecutive year
Is Blockchain The Next IBM Strategic Imperative? (Seeking Alpha) Blockchain is generally associated with bitcoin, but it is much more than that. IBM is one of the pioneers in this industry. Here we report some basic definitions and examples of how blockchain is being developed. The global blockchain market is estimated to be worth $210M. We estimate that IBM is generating between $6M and $50M a year from its blockchain segment
Cisco Systems (NASDAQ:CSCO) Will Set Up Cyber Security Centres In Gurgaon And Pune To Help Monitor Threats In Real-Time (Seneca Globe) Cisco Systems, Inc. (NASDAQ:CSCO) to close at $30.46 by are moving up 0.13% with session volume was recorded 12.81 Million. Networking giant, Cisco (CSCO) will set up cyber security centres in Gurgaon and Pune to help monitor threats in real-time as well as train people, including government officials to combat these challenges
Insider Q&A: Mimecast's Peter Bauer (ABC News) Email has become a crucial part of how companies communicate, but those systems are constantly being attacked by everything from inbox-clogging spam to phishing emails looking to steal secrets and money
Cybersecurity: Threat Intelligence and an integrated approach to security (OpenGovAsia) Guy Rosefelt, Director, Threat Intelligence & Application Security, NSFOCUS talks about Threat Intelligence and the unique opportunities of operating in China
Impact of future Army Cyber Command headquarters felt throughout year (Augusta Chronicle) The Army is still several years away from moving its Cyber Command headquarters to Fort Gordon, but its impact has beenfelt throughout Augusta in 2016
Products, Services, and Solutions
R3's Corda blockchain platform now available on Microsoft Azure (Brave New Coin) Microsoft Azure is a cloud computing platform for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. The platform offers a growing collection of integrated cloud services, including analytics, computing, database, mobile, networking, and storage
Leaked Docs Reveal How Much iPhone Data Cellebrite Can Extract Using Its Phone-Cracking Tech (WCCF Tech) Cellebrite, an Israeli firm, rose to fame earlier this year when it was wrongly rumored that the company was helping the FBI unlock the San Bernardino shooter’s iPhone 5c. At that time, the FBI vs Apple legal battle on encryption was all over the news waves, getting the company some attention too
Norton by Symantec unveils updated Android mobile security version (Gizbot) Norton by Symantec on Friday launched a latest version of its flagship mobile solutions "Norton Mobile Security for Android", featuring a "Report Card" that provides automatic security and privacy analysis and reveals where data travels
Russia offers technology to keep hackers at bay (The Hindu) Russian Quantum Center (RQC) said that it is ready to collaborate with India and offer its quantum technology that will prevent hackers from breaking into bank accounts. RQC plans to offer 'quantum cryptography’ that could propel India to the forefront of hack proof communication in sectors such as banking and national and homeland security
Technologies, Techniques, and Standards
Manual threat intelligence management: Doing it the hard way - Part 1 (IT Pro Portal) Threat intelligence source selection and capture
Manual threat intelligence management: Doing it the hard way - Part 2 (IT Pro Portal) Processing threat intelligence and actioning threat intelligence
Manual threat intelligence management: Doing it the hard way - Part 3 (IT Pro Portal) Threat intelligence analysis and maintenance
How to Enable Two-Factor Authentication on Slack (Electronic Frontier Foundation) For the twelfth and final day of the 12 Days of 2FA, we will look at how to enable two-factor authentication on Slack. If you are a member of multiple Slack “teams” (e.g. work.slack.com and school.slack.com), you will need to set up 2FA separately for each account you use
Hacker Lexicon: What Is the Attribution Problem? (WIred) After months of news about Russian meddling in this year’s US presidential election you’re probably sick of speculation and ready for answers: What exactly did Russia do and why? It sounds simple enough, but a fundamental concept in cybersecurity and digital forensics is the fact that it is sometimes extremely difficult after a cyberattack to definitively name a perpetrator. Hackers have a lot of technical tools at their disposal to cover their tracks. And even when analysts figure out which computer a hacker used, going from there to who used it is very difficult. This is known as the attribution problem
Blockchain technology could ensure security of any information, says Kaspersky Lab chief security expert (EconoTimes) The number of cyber attacks and security breaches is on the rise and expected to surge even more in the forthcoming year. The cryptocurrency ecosystem, in particular, underwent a number of attacks resulting in losses running into millions of dollars
UK’s Nuclear Submarines runs Windows XP for Submarines™ (MSPowerUser) In these days of strangely increasing nuclear tension it may amuse (or frighten) our readers to learn that Microsoft’s first commercial NT-based operating system is still in charge of the UK’s nuclear deterrent, powering the 4 nuclear submarines that protect UK’s interest
Design and Innovation
World's Largest CA Comodo Announces EV Code Signing Certificate Availability (PRNewswire) New certificate type prevents malware authors from hiding behind a wall of certificate anonymity
Signal implements ‘domain fronting’ technique to bypass censorship (Security Affairs) The latest update of Signal introduces the ‘domain fronting’ technique that has been implemented to circumvent censorship
Best Artificial Intelligence Stories in 2016; Mark Zuckerberg Developing Real ‘Jarvis’ (University Herald) Artificial Intelligence is gaining so much interest this year and it would be just right to discuss the top stories on AI that made it to the headlines. Some of these stories include XPRIZE's AI 2020 competition, Google's WaveNet, and even Mark Zuckerberg's attempt to create his own "Jarvis"
Legislation, Policy, and Regulation
No Signal: Egypt blocks the encrypted messaging app as it continues its cyber crackdown (TechCrunch) After a week of blocking the secure messaging app Signal in Egypt the service is back online thanks to new features added by its parent company Open Whisper Systems
Ministers Back Bill That Would Allow Court to Censor Internet (Haaretz) Bill gives court power to order companies like Facebook, Twitter and Google to remove inciting content
Wassenaar Arrangement: Still No Deal Reached (Infosecurity Magazine) Security researchers have been left in the lurch after negotiators failed to find a breakthrough in talks designed to update a controversial export treaty which currently treats white hat hacking tools like weapons
Should Russia be punished for alleged cyber attacks on America? (Russia Direct) The story of Russian cyber interference in the U.S. election has taken on a life of its own, with potentially unintended consequences for both the U.S. and Russia
Why Dictators Hate Chess (Slate) Garry Kasparov on Vladimir Putin’s meddling and America’s response
Obama moves to split cyberwarfare command from the NSA (Washington Post) With weeks to go in his tenure, President Obama on Friday moved to end the controversial “dual-hat” arrangement under which the National Security Agency and the nation’s cyberwarfare command are headed by the same military officer
Key Challenges Facing Trump’s Pentagon Include Cyber, Acquisitions Management (Washington Free Beacon) DOD inspector general spotlights 'critical' hurdles as president-elect prepares to take office
FBI whistleblowers see glimmer of hope with new law, but still face uphill battle (Federal News Radio) Whistleblowers at the FBI may soon see some relief from a confusing and arduous disclosure process. But if one whistleblower’s story is any indication, the battle to have their cases heard may still be a long one
Litigation, Investigation, and Law Enforcement
The FBI investigates if China has been hacking The FDIC (USB Port) The Chinese military could be behind the cyber attacks the FDIC has suffered in different opportunities since 2010, and the Federal Bureau of Investigation (FBI) is going to open an investigation on the matter
Putin casts Democrats as sore losers amid renewed election hacking claims (Washington Times) President Vladimir Putin on Friday continued to dismiss allegations concerning the Russian government’s role in a hacking campaign waged against the Democratic Party prior to last month’s White House race amid ongoing claims involving Moscow’s purported election meddling
2016 Presidential Campaign Hacking Fast Facts (Gant Daily) Here’s a look at hacking incidents during the 2016 presidential campaign and allegations by the US that the Russian government meddled in the election. Both Republicans and Democrats have issued calls for a deeper probe of Russian interference. President Barack Obama said that the US will take action against Russia and has ordered a complete review of elections going back to 2008 before he leaves office. President-elect Donald Trump has rejected suggestions of Russian influence, despite the CIA concluding that Russia acted to help Trump win
Inquiry says Snowden in contact with Russia's spy services (AP via Columbia Daily Tribune) Former National Security Agency contractor Edward Snowden remains in contact with Russian intelligence services, according to a bipartisan congressional report released at a time when Russia is considered a top national security concern
Intel Committee Releases Declassified Snowden Report (US House Permanent Select Committee on Intelligence ) The House Permanent Select Committee on Intelligence today released a declassified version of its investigative report on Edward Snowden, the former National Security Agency contractor who fled to China and then Russia after stealing an estimated 1.5 million classified documents. The report, including redactions for classified information, was the result of a two-year inquiry into Snowden’s background, likely motivations, and methods of theft, as well as the damage done to U.S. national security as a result of his actions. The report was completed in September 2016 and submitted to the Intelligence Community for a declassification review
Edward Snowden Fast Facts (CNN via KBKZ) Here is a look at the life of Edward Snowden, who has admitted to leaking information about United States surveillance programs to the press
Belatedly, a Defense of a Whistleblower (Consortium News) After vowing to run a transparent government, President Obama oversaw an unprecedented legal assault on whistleblowers, only now offering up a modest concession, as Linda Lewis explains
US begins asking foreign travelers for social media accounts upon entry (The Hill) U.S. Customs and Border Protection has finalized a measure to have foreign travelers provide social media accounts when they enter the country
Nasdaq Stockholm Receives Fine for Inadequate Cyber Security (Acumin) Nasdaq Stockholm, along with its clearing operation, has been fined by F1, Sweden’s financial services regulator, for failing to sufficiently manage its cyber security supplier
Teen charged as cops snare 'cyber warriors' 9 held for attack on government sites (Bangkok Post) A 19-year-old man arrested in connection with a series of cyber attacks in protest of the controversial computer crime law has been charged while several others have been detained for questioning
Vendor BlimeSub a.k.a BTH-Overdose busted (DeepDotWeb) Emil Babadjov, the person behind the vendor aliases “Blime-Sub” and “BTH-Overdose,” was arrested and made his initial court appearance on December 14 2016, in San Francisco. According to the indictment he sold heroin, fentanyl, and methamphetamine on Alphabay with both accounts having combined over 2300 sales
An update on all the legal cases we thought would be huge in 2016 (Ars Technica) Beyond Apple's clash with DOJ, these surveillance cases got our attention in 2016
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CES® CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in the cybersecurity arena. The IoT, connected cars, new payment systems, VR and AR, wearables and our mobile devices all add new levels of concern to protecting our personal and corporate data. In this day-long conference, we’ll tackle the world of cybersecurity that demands we go far beyond the simple passwords and anti-virus protection of yesterday.
SANS Security East 2017 (New Orleans, Louisiana, USA, Jan 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in the "Big Easy" in January. Now is the time to improve your information security skills and laissez les bons temps rouler!
Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, Jan 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).
Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, Jan 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats to critical infrastructures. This summit will focus on two sectors that are among those at greatest risk, the energy and manufacturing sectors. Highlighting emerging technologies and policy initiatives, this event will foster the development of high impact strategies to address the many interrelated cybersecurity challenges we face in the protection of our nation’s critical infrastructures.
ShmooCon 2017 (Washington, DC, USA, Jan 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
SANS Las Vegas 2017 (Las Vegas, Nevada, USA, Jan 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.
BlueHat IL (Tel Aviv, Israel, Jan 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, Jan 25 - Feb 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks
Blockchain Protocol and Security Engineering (Stanford, California, USA, Jan 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.