The CyberWire Daily Briefing 03.07.16
news from RSA 2016
We'll be taking a look back at RSA this week. We'll have three special reports on the conference beginning tomorrow, when we discuss what we heard about cyber threat intelligence. This will be followed later in the week with reports on emerging technologies and on trade and investment.
In addition to these text reports, we'll be offering three additional podcasts to supplement our regular Dailies. (You'll find our podcasts here.)
In the meantime, see the links in our RSA section below for late-breaking announcements and retrospective takes on the conference.
A note to our readers: the CyberWire was able to work from RSA with the support of EAGB—the Economic Alliance of Greater Baltimore.
Proofpoint finds an active cyber espionage campaign targeting Indian diplomatic and military personnel. "Transparent Tribe," as they're calling it, seems most active against Indian missions to Saudi Arabia and Kazakhstan. Several Pakistani IP addresses are said to be involved in the campaign, which uses a mix of phishing and water hole attacks to distribute the MSIL/Crimson remote access Trojan.
Observers continue to look for the causation, if any, behind BlackEnergy's correlation with December's Ukrainian grid hack.
Trend Micro finds Pawn Storm infesting government and media targets in Turkey. They offer no attribution, but they do avert to ongoing tensions between Turkey and Russia, Pawn Storm's circumstantial connection with various Russian actors, and the current infestation's localization to sites involved with criticism of Russian intervention in Syria.
The legitimate BitTorrent application Transmission has become enmeshed in what's being called the first ransomware campaign directed against Mac users. Palo Alto Networks reported the KeRanger attacks to Apple last week, and Apple has taken steps to interdict the ransomware.
The US and South Korea increase cooperation against North Korean threats, kinetic and cyber.
Observers mull the impact of last week's open avowal, by the US, of its possession of (and intent to use, against ISIS) offensive cyber weapons.
Apple draws more industry support in its dispute with the US FBI over unlocking the San Bernardino jihadist's iPhone.
And ave atque vale, Ray Tomlinson, "godfather of email," who passed away late last week. Our thanks to him; our condolences to his family and friends.
Today's issue includes events affecting Brazil, Chile, China, Colombia, European Union, India, Iran, Ireland, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Pakistan, Romania, Russia, Saudi Arabia, Syria, Turkey, Ukraine, United Kingdom, United States, and and Venezuela.
San Francisco: the latest from RSA
Recapping RSA Conference 2016 (Fortune) Pentagon bug bounty programs, Defense Department appointments, Apple versus FBI, and more
Fear and loathing at RSA — Hacking, security and the limits of protection (TechCrunch) There is danger everywhere you look in the cybersecurity space
At RSA Conference, Unlikely Allies Address Value of Digital Security (New York Times) To Amit Yoran, a digital security veteran, the fight between Apple and the F.B.I. over access to an iPhone can be viewed in black-and-white terms: What law enforcement authorities want is “so misguided, they simply boggle the mind”
Sparks fly over Apple v. FBI dispute at major cybersecurity gathering (+video) (Christian Science Monitor Passcode) As tens of thousands of people from all over the world convened this week in San Francisco for the RSA Conference to learn about the latest in cybersecurity innovation, the iPhone dispute between Apple and the FBI dominated the conversation
Beat the Breach: What's at stake in the encryption debate? (Christian Science Monitor Passcode) Passcode deputy editor Sara Sorcher interviews Assistant Attorney General for National Security John Carlin, RSA President Amit Yoran and Former White House Cyber Advisor Richard Clarke on the federal government's approach to cybersecurity and leading news topics at at the second annual Beat the Breach event in San Francisco, Calif. on March 1, 2016. Hosted by cybersecurity firm Invincea and the Christian Science Monitor's Passcode section, the event brings together top private sector executives with leading government officials in cybersecurity
Why the federal CISO could be cybersecurity game changer (+video) (Christian Science Monitor Passcode) Federal Chief Information Officer Tony Scott says the government's first chief information security officer will have the broadest support ever for the new role
Carter Gets Strong Marks for Innovation Push; Challenges Remain (DefenceNews) On stage at the RSA security conference here March 2, Defense Secretary Ash Carter was praised by the moderator for his “cool” ideas and his efforts to reach out to the Silicon Valley
RSA 2016: Future of cyber-espionage (SC Magazine) Security researchers laid out potential scenarios for the future of cyber-espionage on Wednesday at the RSA Conference in San Francisco. In a session titled "The Dark Web and Cyber-espionage," attendees were presented with a bleak outlook in which relatively simple attacks will increasingly be used by nation-state entities seeking to gain control of infrastructure and resources
Hackers targeting internet-connected systems to steal oil, expert warns (Guardian) The high price of oil, and an increasingly software-reliant network of sensors and monitoring tools are making the oil trade a high target for hackers
How the 'Internet of Things' could be fatal (CNBC) Researcher Marie Moe woke up after emergency surgery in 2011 with a new pacemaker to correct a heart condition. What she didn't realize at the time was that the lifesaving device in her chest exposed her to a completely different kind of threat
Act now, or live in a world with 45 trillion IoT security holes (FierceMobileIT) The security of Internet of Things devices was a popular topic here at the RSA Conference
#RSAC: Hackers Will Abuse Gov Data Access, Say Security Pros (Infosecurity Magazine) With the RSA Conference drawing to a close over in San Francisco, Tripwire took the opportunity to pick the brains of some of the security professionals at the event about the current hot topic of government access to encrypted data
Hacking back will only get you in more trouble (CSO) RSA panel warns there is no easy solution to online IP theft in response to economic espionage
Shortage of trained cybersecurity personnel has industry worried (San Jose Mercury News) After years of massive hacker attacks on industry and government, the realization that the bad guys are winning has led to a surge in cybersecurity jobs that has outpaced the supply of people to fill them
RSA: Will your next phone have quantum cryptographic 2FA? (We Live Security) Yes or no, will your next phone have quantum cryptographic 2FA?
Cyber operations platform to automate the hunt for cyber adversaries (Help Net Security) At RSA Conference Endgame announced the launch of a comprehensive cyber operations platform for organizations to detect, block, and evict advanced threats at the earliest phase of the kill chain
APCON Introduces IntellaFlex 100G Network Monitoring Solution at RSA Conference (Apcon) Service providers and enterprises gain real-time visibility of high-speed networks and extend the life of today’s security and performance monitoring tools
Tiny Firewall Tackles SOHO Security (Dark Reading) Untangle rolls out a 5-inch firewall
Bastille Wins Cyber Defense Magazine’s “Best Wireless Security Solution” Award for 2016 (BusinessWire) 4th Annual Cyber Defense Magazine Infosec Awards recognize innovation during RSA Conference 2016
CYREN WebSecurity Named Best Anti-Malware Solution by Cyber Defense Magazine (IT Business Net) Award recognizes CYREN WebSecurity for delivering fast, innovative malware defense as a SaaS service
Cyber Attacks, Threats, and Vulnerabilities
Espionage Malware, Watering Hole Attacks Target Diplomats (Threatpost) Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites
BlackEnergy malware activity spiked in runup to Ukraine power grid takedown (Register) But its role in the attack remains unclear
Pawn Storm Campaign Adds Turkey To Its List of Targets (TrendLabs Security Intelligence Blog) Pawn Storm, the long-running cyber espionage campaign, added to its long list of targets several government offices (including the office of the prime minister and the Turkish parliament) and one of the largest newspapers in Turkey
Apple users targeted in first known Mac ransomware campaign (Reuters) Apple Inc (AAPL.O) customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc (PANW.N) told Reuters on Sunday
A New Type of Ransomware is Affecting Apple's OS X Devices (Capital Wired) A new type of ransomware that attacks OS X gadgets has been identified by specialists
Apple shuts down first-ever ransomware attack against Mac users (IDG via CSO) The ransomware was seeded inside a legitimate BitTorrent application called Transmission
CERBER: Crypto-ransomware that Speaks, Sold in Russian Underground (TrendLabs Security Intelligence Blog) “Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!”
Macro Malware Strides in New Direction, Uses Forms to Store its Code (TrendLabs Security Intelligence Blog) The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies
VulDB: IBM Business Process Manager up to 220.127.116.11/18.104.22.168/22.214.171.124 URL Handler cross site scripting (SCIP) A vulnerability, which was classified as problematic, has been found in IBM Business Process Manager up to 126.96.36.199/188.8.131.52/184.108.40.206. Affected by this issue is an unknown function of the component URL Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability
Seagate Phish Exposes All Employee W-2’s (KrebsOnSecurity) Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned
Three more firms hit by targeted Phishing attacks seeking W2 data (CSO) Simple scam has snagged seven victims in less than two-months
Hackers demand €20k as firms hit by 'ransomware' (Independent) Irish businesses also targeted by 'garda fine'
Another Malicious Document, Another Way to Deliver Malicious Code (Internet Storm Center) I’m operating several catch-all mailboxes that help me to collect interesting emails. Besides the classic spam messages which try to sell me colored pills and to promise me millions of revenue, I’m also receiving a lot of malicious documents. For a few weeks, I can see a huge peak of emails
Time Warner Cable’ Business Class Customer Support portal Hacked (Hack Read) TeaMp0ison is back — this time with a new approach and a new hack
MPD Possible Victim of Cyber Attack (Alabama News) The Montgomery Police Department is the target of a possible Cyber attack
Big increase in DDoS attacks (Mybroadband) The latest Akamai State of the Internet Security Report reveals a massive increase in the number of DDoS attacks, and shows where these attacks come from
Security Patches, Mitigations, and Software Updates
Known Bugs in Windows 10 Redstone Build 14279 - Kaspersky Software Not Working (Softpedia) Since it’s just available for fast ring users, the newly-released Windows 10 Redstone build 14279 still comes with several bugs and Microsoft has detailed all of them in an announcement today
Shamed Amazon Decides to Restore Full-Disk Encryption to Its Fire OS Devices (Softpedia) Amazon has announced it will be restoring support for full-disk encryption to its mobile devices running Fire OS after the company was criticized from all sides this past weekend
Google extends right-to-be-forgotten rules to all search sites (Ars Technica) That includes Google.com for the first time—blocked via geolocation data
We're fighting an invisible war -- in cyberspace (CNet) Destructive skirmishes are taking place in cyberspace right now, and increasingly they're spilling into people's daily lives
When Encryption Becomes The Enemy’s Best Friend (Dark Reading) The growth in SSL/TLS traffic has made it a lot easier for threat actors to slip attacks and malware past enterprise defenses
A major red flag about security could threaten the entire IoT (Business Insider) Companies are pushing ahead full force into the Internet of Things, but a new report has revealed a potentially major problem
Why Brand Reputation Management Now Includes Cyber Safety (Business2Community) As I’ve been telling anybody who will listen, cyber security is the challenge of our day and marketers who are responsible for a brand need to take it seriously
Rise of the CISO: Why the C suite needs a security chief (Tech Republic) The CISO role is growing in popularity, but what does it actually mean for your business? Here's what the role is responsible for and why CISOs are multiplying in the enterprise
Symantec And Check Point: Finding Value In A Highly Valued Space (Seeing Alpha) Symantec and Check Point have far more modest valuations than their faster-growing rivals in the enterprise security space. Check Point achieves remarkable margins, and as such, is one of the better GARP stories in the IT universe. Symantec: Now that the Veritas divestiture is complete, is a bet on a turnaround. But valuation provides a support for the bet
SIM card maker Gemalto's margin forecast lifts shares (Reuters) French SIM card maker Gemalto on Friday said it expected its gross margin to improve significantly this year after posting forecast-beating results, driving its shares more than 10 percent higher
Cisco buying cloud startup CliQr for $260 million (Silicon Beat) Cisco is buying San Jose startup CliQr Technologies for $260 million as it continues to boost its cloud offerings, the San Jose networking company said Tuesday
Samsung, Qualcomm Under Pressure to Enter Chipmaker Deal Frenzy (Bloomberg) Chipmakers will continue gobbling up one another this year, and deep-pocketed giants like Qualcomm Inc. and Samsung Electronics Co. are under pressure to enter the fray
Ex-GCHQ-run Darktrace 'diagnoses' sick computers and cures them (Telegraph) Cyber defence startup Darktrace diagnoses threats to a company's computer systems, just like a developing cold
Armadillo makes loud noise over new vendor Cylance (CRN) Security VAR predicts latest vendor signing could make waves in end-point security space
TalkTalk chief signals change after cyber attack (FInancial Times) The damaging cyber attack on TalkTalk’s website last year will lead to a fundamental change in how the company operates, says chief executive Dido Harding, who signalled that chasing customers with low-cost offers would be tempered with greater responsibility
IBM Cuts Jobs In 'Workforce Rebalancing' (InformationWeek) IBM has reportedly begun a wave of layoffs that are initially targeting the Global Technology Services and Global Business Services groups. Here's what we know so far
Booz Allen Hamilton to support cyber security services for US DoD (Army Technology) Booz Allen Hamilton (BAH) has secured a $5bn contract to provide cybersecurity and information systems support services for the US Department of Defence (DoD)
Ex-Hackers On List Of Billionaires (Forbes) The World’s Billionaires List for 2016 was announced by Forbes today — and reformed hacker Bill Gates is number one, with a net worth of $75 billion
Products, Services, and Solutions
Free 'DCEPT' Tool Entraps Attackers Stealing Admin Credentials (Dark Reading) SecureWorks researchers offer their homegrown 'honeytoken' detection tool as open-source
Dell delivers Red Cloak security service to spot network attacks by analysing activity (V3) Dell's SecureWorks subsidiary has unveiled a cloud-based service that identifies threats through malicious behaviour, enabling it to pick up on attacks that may otherwise go undetected because they involve little or no malware code
Unisys Stealth coming to classified programs (GCN) Unisys’s Stealth security software solution, which provides identity-based micro-segmentation across a range of environments, received word from the National Security Agency that the platform is close to approval for NSA’s Commercial Solutions for Classified Program Components List
Technologies, Techniques, and Standards
Data watchdog encourages companies to get encryption software independently assessed (Out-Law) Organisations should get the encryption software they intend to use independently assessed where it is "of critical importance" that they can be sure the personal data they are responsible for cannot be accessed via built-in vulnerabilities in the software, the UK's data protection authority has said
Data breach laws to create compliance confusion: IT security expert (CIO) Detailed guidance and consultation needs to be introduced, says Protiviti's Ewen Ferguson
Ransomware Rules for Payment: Do Extortionists Have the Advantage? (RSA Blogs) When an entire health system fell prey to cybercriminals and medical records were locked up by a ransomware attack in early February, there seemed no choice but to pay the sum demanded in order to avoid the impact on patient care: $17,000 in 40 Bitcoin. And in that single moment, one hospital became the obligatory canary in a coal mine
Why Marrying Infosec & Info Governance Boosts Security Capabilities (Dark Reading) In today's data centric world, security pros need to know where sensitive data is supposed to be, not just where it actually is now
7 tips for securing the Internet of Things (Naked Security) I’ve recently had the opportunity to purchase some “smart” devices that everyone seems to be referring to as the Internet of Things (IoT)
Let your uSeRS chOOse wACKy passWords, US banks! (Naked Security) With many US banks, what you see in your password field may not be what you get
Selecting the Right Sized Integrator for your Enterprise (Security Magazine) Smaller integration firms are quickly filling the gaps left by national integration giants, often with custom-tailored and flexible security systems. Which one is right for your enterprise?
Design and Innovation
Ray Tomlinson, godfather of @ email, dies at age 74 (Reuters) Ray Tomlinson, considered to be the godfather of email, has died, according to his employer, Raytheon Company. He was 74
Can you take the Internet out of the Internet of Things? (TechCrunch) The Internet of Things and the Internet might seem inextricably linked, but, increasingly, there are questions centered around how IoT devices should work with one another — and what happens when the Internet connection goes down?
Half of inventions “arise unexpectedly” from serendipity—not direct research (Ars Technica) Research institutions are the least likely inspirations for that spark of creativity
Research and Development
SK launches quantum cryptography communication network (Telecompaper) A consortium led by SK Telecom has completed the rollout of five different national test networks for national quantum cryptography communication that cover a combined total of 256 kilometers. The test networks cover five different areas in Korea
Teams face off in Rocky Mountain Collegiate Cyber Defense Competition (Denver Post) Regional winner Brigham Young University advances to national competition in San Antonio
Legislation, Policy, and Regulation
Cyber campaign against Islamic State marks beginning of a new secret war (Baltimore Sun) Days after the United States acknowledged conducting warfare over computer networks for the first time, Defense Secretary Ashton B. Carter took the stage at a major information security conference in San Francisco
Why the Pentagon is finally acknowledging the U.S.'s 'offensive cyber' efforts (Jacksonville Business Journal) U.S. Secretary of Defense Ashton Carter was in Washington this past week testifying on the Pentagon’s budget before jetting off to Silicon Valley to talk innovation with tech business leaders, but whether he’s on the East Coast or the West Coast there’s one issue that every audience is asking about: offensive cyber
South Korea, U.S. begin exercises as North Korea threatens attack (Reuters) South Korean and U.S. troops began large-scale military exercises on Monday in an annual test of their defenses against North Korea, which called the drills "nuclear war moves" and threatened to respond with an all-out offensive
US and South Korea to work more closely on cyber security enhancements 0 (StreetWise Journal) South Korea’s Ministry of Science, ICT and Future Planning announced at the weekend that vice minister Choi Jae-Yu had met with Dr. Reginald Brothers, the under-secretary of the US Department of Homeland Security recently to forge closer cooperation in the field of cyber security
The Crypto Wars Are Global (Motherboard) American politicians, media, and the public may be focused on the ongoing battle between Apple and the FBI over encryption in the iPhone, but the so-called Crypto Wars are far from just a national issue
Apple Vs National Security (Indian Express) There is an opportunity for a global treaty to balance security concerns and privacy
UK government's response to cyber attack info sharing negligible, says Mitsubishi-Tokyo Bank (ComputerWorld) While Lloyds says frontline businesses often unaware of cyber risk realities
Apple case exposes ongoing government rift over encryption policy (Reuters) Even as the Department of Justice battles Apple in court over access to encrypted data, the Obama administration remains split over backing requirements that tech manufacturers provide law enforcement with a "back door" into their products, according to a dozen people familiar with the internal debate
Executive branch concedes Wassenaar Arrangement must be renegotiated, not revised (SC Magazine) The U.S. executive branch this week changed its stance on the controversial 2013 amendment to the Wassenaar Arrangement that closely regulates the international export of cyber hacking and surveillance technologies
Microsoft and Google employees on US national guard may join cyber was against Islamic State (Tech 2) U.S. Defense Secretary Ash Carter said the National Guard’s cyber squadrons will play an increasingly important role in assessing the vulnerabilities of U.S. industrial infrastructure and could be asked to join the fight against Islamic State
Navy workforce memo separates cyber from IT (FCW) The Defense Department has been restructuring its workforce in recent years to adapt to the challenges of its heavy reliance on cyberspace for missions
Litigation, Investigation, and Law Enforcement
Apple exec argues against turning back the clock to 'less-secure time' (Computerworld) Reprises arguments made by Apple and a slew of supporters in page of The Washington Post
Why Apple should hold firm against FBI (San Francisco Chronicle) Since a pitched legal battle between the FBI and Apple began last month, the arguments over encryption and national security are deepening
Tech Companies Hesitated Before Supporting Apple (New York) Tech companies — including Alphabet, Microsoft, Facebook, Snapchat, and Yahoo — are signing amicus briefs in support of Apple in its case against the federal government, which has asked Apple to unlock the phone of one of the San Bernardino terrorists
Amicus Briefs in Support of Apple (Apple Press Info) [Amicus briefs and letters to the court, with links]
Apple vs FBI: Lavabit warns FBI’s “extraordinary” action may drive US businesses offshore (TechCrunch) Another amicus brief has been filed in support of Apple in its legal battle with the FBI over the measures it is being ordered, by a court writ, to take to help the agency break into a locked iPhone used by one of the San Bernardino terrorists
Top iPhone Hackers Ask Court to Protect Apple From the FBI (Wired) Since Charlie Miller became the first hacker to demonstrate how to take over an iPhone in 2007, he’s had a complicated relationship with Apple
FBI v Apple: Is medical records privacy at risk? (HealthcareDIVE) The debate over whether tech giant Apple should help the Federal Bureau of Investigation unlock an iPhone used by one of the San Bernardino terrorists moved to Congress Tuesday, where lawmakers pressed both sides on how best to balance physical security and information security
What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Updated] (Ars Technica) He now says there's no evidence of cyber doom, wants iPhone unlocked to be sure
Brazil Arrests Senior Facebook Exec Over WhatsApp Aid In Drug Case (Fortune) Not the first time Brazil has clashed with WhatsApp over lack of cooperation
U.S. Commerce Department to Place Restrictions on ZTE Corp (Fortune) The problem is ZTE’s alleged dealings with Iran
Suspected Bush family hacker Guccifer to be extradited to US (IDG via CSO) The hacker will be sent to the U.S. for 18 months in order to face multiple charges there
Central Bank of Venezuela doubles down in “cyber-terrorism” website lawsuit (Ars Technica) DolarToday wins motion to dismiss, but Caracas fires back with a new filing
New Name Surfaces In Clinton's Email Scandal (Forbes) A new name has surfaced in connection to Hillary Clinton’s private email server – Ronald S. Posner, Chairman and CEO at eChinaCash
Cumbrian hacker's cyber attack forced Moonpig to close website on three continents (Carlisle News and Star) A computer hacker launched a cyber attack on the firm Moonpig[dot]com, forcing it to shut down its operations in three different continents.
16-year-old who distributed his teacher’s nude pics faces felony charges (Ars Technica) "When you’re 16, just being sorry... is not enough anymore"
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research
CISO Chicago Summit (Chicago, Illinois, USA, Mar 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Navigating Summit 2016 (Canberra, Australia, Mar 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy and cyber-security are the cornerstones of this strategy. The Summit will examine the implications of privacy and security in a ubiquitously connected, data driven world. Key areas of focus will include digital identity, open data and data sharing, the implications of technologies such as cloud computing, data analytics and the Internet of Things and perceived tensions between privacy and security and innovation.
CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, Mar 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate