The CyberWire Daily Briefing 03.14.16

Cyber Attacks, Threats, and Vulnerabilities

Who Took The Cookies From The Cookie Jar? (Dark Reading) The indictment of five Iranian hackers three years after the fact raises the question: Is naming them a worthwhile part of the threat defense lifecycle, or is it a meaningless distraction?

North Korea slams Seoul's cyber attack accusations (Economic Times) North Korea on Sunday blasted Seoul's accusation that Pyongyang had launched a series of cyber attacks targeting South Korean government officials, calling the allegation a "bullshit" fabrication

Why This Recent Piece of ISIS Intelligence Stands Out (Time) An ISIS membership list eclipses the capture of its "Chemical Ali"

ISIS Activists Protest Breach Of Security (MEMRI) MEMRI's exclusive publication of the letter by Gazan ISIS fighter Abu 'Abdallah Al-Muhajir, in which he complained to ISIS leader Abu Bakr Al-Baghdadi about the cooperation between ISIS-Sinai and Hamas, caused a stir among the organization's operatives in Sinai and its supporters in Gaza

Israel’s Big Brother TV show has some unwelcome guests: Hamas hackers (Washington Post) The Israeli version of the reality TV hit Big Brother had some unwelcome guests on Friday night: hackers from the militant Palestinian group Hamas who interrupted the show for nearly three minutes with a dose of their own menacing reality

New ways to fingerprint Tor Browser users discovered (Help Net Security) Users who want to remain anonymous online often opt for using the Tor Browser, which hides their real IP address, but there are techniques that (more or less) malicious actors can used to identify them

ESET warns against wave of infected emails (Security Brief) Cyber security firm ESET is warning people against a wave of infected emails after discovering an unusual high record of a malicious downloader called Nemucod in several countries, including New Zealand and Australia

A Growing Number Of Android Malware Families Believed To Have A Common Origin: A Study Based On Binary Code (FireEye) On Feb. 19, IBM XForce researchers released an intelligence report [1] stating that the source code for GM Bot was leaked to a crimeware forum in December 2015

Hackers Target Anti-DDoS Firm Staminus (KrebsOnSecurity) Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked

Anti-cyber-attack biz Staminus is cyber-attacked, mocked by card-leaking tormentors (Register) Hackers leave 'tips when running a security company' memo

Credit card terminal goes from safe to compromised in less than three seconds (CSO) This is how easy some skimmers are to install

Broken 2013 Java Patch Leads to Sandbox Bypass (Threatpost) Java’s miserable 2013 just will not go away

Don’t feel comforted by an antivirus’s security certification (Network World) Billions of antivirus users worldwide are at risk thanks to low hanging vulnerabilities in high-profile security products by vendors which can brag of being awarded a security certification for their product

Security Software Certification (Tavis Ormandy) I’ve been working on cleaning up some of the low hanging vulnerabilities in major security products lately

Salt Lake City Police, Airport Websites DDoSed Against Teenager Shooting (Hack Read) The attackers from New World Hackers group (NWH) claimed that they conducted a series of powerful “distributed denial of service” (DDoS) attacks on the official website of Salt Lake City police, the airport, First Utah Bank and Downtown Alliance last night to register their protest against police shooting in which a teenager (Abdi Mohamed) who fell into a coma after being shot multiple times during a fight in downtown Salt Lake City

Bangladesh bank says hackers tried to steal $951 million (Reuters) Bangladesh's central bank confirmed on Sunday that cyber criminals tried to withdraw $951 million from its U.S. bank account, as the country’s finance minister said he first got to know of one of the biggest bank heists in history through the media

New York Federal Reserve $1 Billion Cyber Heist Thwarted by Spelling Error, While Casinos Allegedly Helped Funnel $81 Million (Casino.org) The New York Federal Reserve was in the midst of approving a series of what seemed to be authorized transfer requests by the Bangladesh central bank when it came to light that cyber hackers were the ones scheduling the financial activity

Questions about BB fund heist (Daily Star) An obvious case of a targeted attack, using vulnerability exploit tactics, the 100 million dollar Bangladesh Bank heist will remain one of the most profiled cyber crime case studies throughout 2016

More companies hit by fake CEO attack to steal employees' payroll information (Graham Cluley) It's not just Seagate and Snapchat staff who should have just said "no" to the CEO

A Fake Tweet Can SInk a Fleet (ZeroFOX Team) Everyone makes mistakes. Fortunately for ESPN, this one was not as costly as it could have been

SSH Honeypots (Ab)used as Proxy (Internet Storm Center) I’m operating a small group of SSH honeypots (located in Belgium, Canada & France) and I’m of course keeping an eye on it every day

Beware the email: Ransomware virus behind attack on Ottawa Hospital (Ottawa Citizen) The Ottawa Hospital has confirmed that four computers in its network of 9,800 were hit with ransomware last week which encrypted the information on those machines making it unaccessible to hospital administrators

Report: Ambulances vulnerable to hacker (MedCityNews) One of the newest arenas for cybersecurity is connected vehicles, and few types of vehicles are more connected than ambulances. That means medical transport is a growing target for hackers

Cancer Center Breach Another Symptom Of Healthcare’s Growing Epidemic (Dark Reading) Healthcare organizations suffered nearly one cyberattack per month in the past year, with nearly 50% saying patient information was exposed

Controversial world chess tournament website struck by denial-of-service attack (Graham Cluley) Might angry chess fanatics be behind the attack?

Security Patches, Mitigations, and Software Updates

SAP software download app exposed passwords thanks to serious vuln (Register) Java bug splatted. Patch, update, you know the drill

OpenSSH Security Advisory: x11fwd.adv (OpenSSH) Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1)

Microsoft Sneaks Nagging Windows 10 Ads into Critical Security Patch (Bitdefender Business Insights) Microsoft really really wants your business to upgrade to Windows 10 as soon as possible

Cyber Trends

A Look at the Mandiant M-Trends 2016 Report (Internet Storm Center) Mandiant released their 2016 threat reports last month and highlighted some interesting trends: more breaches were made public and location and motive of attackers were more diversified

Organizations Lack Visibility into Application Security (eSecurity Planet) Ponemon Institute study sponsored by IBM reveals application security shortcomings

2016 Data Breaches Have Exposed 4.3 Million Records (24/7 Wall Street) The latest count from the Identity Theft Resource Center (ITRC) reports that there has been a total of 139 data breaches recorded through March 8, 2016, and that nearly 4.3 million records have been exposed since the beginning of the year

Security Researchers Challenge Claims Data Breaches Increasing (eWeek) While industry reports cite a rise in data breach incidents, academic researchers find few signs that the threat is getting significantly worse

Two New Cybersecurity Reports Offer Legislative Opportunities and Data Breach Scenarios (Government Technology) This is a tale of two studies. The first report from the Governing Institute was sponsored by the National Cyber Security Alliance (NCSA) and AT&T, and covers the intriguing results of a state government legislative survey on cyber. The second reports offers a “Data Breach Digest” from Verizon which elaborates on 18 different data breach scenarios worth considering. Both reports are free and bring excellent recommendations and worthwhile opportunities

How Cybercrime Is Evolving (INSEAD) The anonymous and borderless nature of cybercrime puts every organisation at potential risk

It's time to pump the brakes on IoT (CIO) A recent survey suggests consumers think smart homes are too expensive, too complex, and too insecure, and despite the hype that surrounds the Internet of Things (IoT) the technology is far from ready for the masses

Geopolitics, the State, and Cybersecurity in a Globalized World (Geopolitical Monitor) On February 9th of this year, the Obama administration announced that after a seven year observation of the cybersecurity environment, it was going to establish the Cybersecurity National Action Plan (CNAP)

Cyberwar, out of the shadows (Q&A) (CNET) Author Fred Kaplan details how the US has quietly amassed the power to hack the world but has failed to create a plan for deterring similar attacks on US soil

Marketplace

Security concerns limit business initiatives (Help Net Security) Though the C-suite recognizes the benefits of data security, organizations are still struggling to develop programs that effectively incorporate security strategies without detracting from other business initiatives, according to Dell

GCs Say Their Companies Still Aren’t Ready for a Cyber Attack (Corporate Counsel) Cyber security is the top risk facing companies, but a majority still aren’t prepared for the legal fallout from a cyber security incident, according to a survey of general counsel conducted by Consero Group in partnership with AegisAdvantage

Israeli Businesses Learning to Insure Themselves Against Cyber Attacks (Haaretz) Banks lead the way in buying coverage but others are learning they need more than firewalls to protect their databases

Silicon Valley firm's stumble signals chill in cybersecurity market (Christian Science Monitor Passcode) Norse Corp. generated buzz with provocative threat reports but now appears to be on its last leg. Its downfall could signal that investors are cooling on the once-frothy cybersecurity market

Here’s What’s Going On In Tech Layoffs (Mattermark) Despite a flood of layoff news, the situation doesn’t seem terrible. Yet

FireEye, Barracuda Networks, Palo Alto: Why Cyber-Security Stocks Are Rallying Today (Bidness Etc.) Bidness Etc takes a look at today’s biggest movers in the cyber-security space

Piper Jaffray Upgrades FireEye Inc (FEYE) to Overweight (Financial Market News) FireEye Inc (NASDAQ:FEYE) was upgraded by research analysts at Piper Jaffray from a “neutral” rating to an “overweight” rating in a note issued to investors on Wednesday

Interview With Synack’s CEO Jay Kaplan: Getting the ‘Hack’ of It (Workforce) Inspiration leads to aspiration leads to innovation

Denver startup on Super Bowl cybersecurity team found 100,000 threats (Denver Post) ProtectWise's technology wowed cybersecurity officials in charge of network security at big game

Salient CRGT Awarded $9M Contract to Provide Data Analytics Services to the DOT Pipeline and Hazardous Materials Safety Administration (PRNewswire) Long-standing relationship providing data integration and risk analysis services in support of hazardous materials and pipeline transportation safety across the United States

Thales Opens New Cyber Security Operations Centre as Cybercrime Continues to Grow (Newswire Today) Thales announces the opening of a new Cyber Security Operations Centre (CSOC) in Elancourt, near Paris

Products, Services, and Solutions

2016 Innovation Awards: PivotPoint Risk Analytics (Business Insurance) Data breaches are among the top concerns for any organization these days, with incidents reaching near catastrophic levels as personal and private business information is stolen, warehoused, sold and distributed. Their effects are far-reaching and expensive

Go ahead, make some free, end-to-end encrypted video calls on Wire (Ars Technica) Switzerland-based startup trumpets its strong security and pro-privacy stance

Technologies, Techniques, and Standards

A rogue access point at RSA Conference? Here’s what happened (Help Net Security) Ever since businesses began to offer Wi-Fi access to customers, experts have warned that open hotspots are not secure

Infosec pros point at problem with CVE system, offer alternative (Help Net Security) For the last 17 years, the American not-for-profit MITRE Corporation has been editing and maintaining the list of Common Vulnerabilities and Exposures (CVEs)

Mitigating Risk for Stronger Healthcare Cybersecurity (HealthITSecurity) EHNAC Executive Director Lee Barrett further breaks down the important of risk mitigation for healthcare cybersecurity measures

Cyber insurance insufficient to cover all hack damages (Health Data Management) Some type of cyber breach is nearly guaranteed to hit every health system in the country, and potential effects could include stolen patient data, disrupted operations, destruction of technology, stolen consumer information or exposure of corporate secrets, trade secrets and proprietary information

Zero trust: Data breach prevention is all about breaking the kill chain (IT World Canada) Breaches to enterprise security are often an inside, albeit unintentionally, thanks in part to the rise of privileged users. Once hackers gain access to a system, they use the access levels of a certain user to make lateral moves and ultimately wreak havoc

Deal With A Data Breach Like a Chronic Disease (Inc.) Adam Levin, founder of security management and resolution company IDT911, explains why you need to monitor and manage your identity for years after it's been breached

The Evolution of Crisis Communications in the Social Media Age (Security Magazine) Establishing your enterprise as a trusted source of information during an emergency now demands the savvy use of social media

Software can’t compete with these cops in identifying suspects (Washington Post) A report by the World Economic Forum recently forecast that 5 million jobs will have been overtaken by robots by 2020. A special unit among London's police department, Scotland Yard, will most certainly not be among them

What is HIPAA Compliance? (Michael Peters) Confused about HIPAA and HIPAA Compliance? This article will explain HIPAA and the importance of complying with this complex federal law

Governance the often-missing piece of Information Security (IT Security) In the report, What does Information Security have in common with Eastern Air Lines Flight 401? – I posit that one byproduct of professionalizing Information Security will be elevating it to the board level where it belongs

Design and Innovation

Why saying 'idek' sets off Venmo's terrorism alerts (Verge) When web slang and terrorism collide

Cybersecurity Training, Military Style (Wall Streeet Journal) Private firms bet they can improve their cybersecurity preparedness by copying tactics used by the armed forces

After the Satoshi Roundtable, is there a way to bridge the bitcoin divide? (TechCrunch) A recent rift amongst the developers of Bitcoin, which originally started with a question over increasing the so-called block size (so that throughput of transactions can be increased), exposed deep divides about distributed governance; and has now ironically led to entrenched positions, flared tempers, public insults, accusations and disparaging remarks

The unsung genius who secured Britain's computer defences and paved the way for safe online shopping (Telegraph) The story behind the work of James Ellis, one of Britain’s great unsung heroes, and his role in strengthening the country’s national security can today be revealed in full for the first time

Research and Development

Can we build quantum-resistant encryption? (GCN) The possibilities and problems of quantum computing have figured more in science fiction than they have in government security, but that is gradually starting to change

Academia

Sisler cyber patriots Baltimore bound for anti hacker competition (Winnipeg Metro) The team of Winnipeg youth is going into the national cyber security contest CyberPatriot as the top ranked team after online qualifying rounds

On guard Vanguard: Local cybersecurity team takes first in state competition (HJ News) In its first year of competition, a group of high school students from Bridgerland Applied Technology College’s cybersecurity team took first place in the state in their division for CyberPatriot VIII, an educational program encouraging students to explore careers in cybersecurity

Legislation, Policy, and Regulation

UK surveillance powers bill needs “substantial changes”, warns opposition Labour party (TechCrunch) The UK government is continuing to try to push much criticized surveillance powers legislation through parliament, with the bill in question — the Investigatory Powers bill — getting its second reading in Parliament tomorrow

The two misconceptions dominating the encryption debate (TechCrunch) Cybersecurity is a massive challenge affecting everyone –- startups, government, corporate systems and consumers, costing the global economy billions of dollars annually

How to break the deadlock over data encryption (Washington Post) Since the 1990s, U.S. law enforcement has expressed concern about “going dark,” roughly defined as an inability to access encrypted communications or data even with a court order

Expert Reveals Dark Side Of 'Dark Social,' Says Messaging Apps Enable Terrorist 'Command And Control' (Media Post) At a time when tensions between the military intelligence community and the digital technology industry appear to be high, retired U.S. Marine Corps General John Allen outlined how successfully the two have been working together to combat how Islamic extremists have been using digital media to recruit foreign fighters and command and control their operations

At SXSW, Obama asks tech community to compromise on encryption (Christian Science Monitor Passcode) Speaking to a tech-savvy crowd at the South By Southwest festival in Texas this weekend, President Obama made his strongest statement yet in support of law enforcement access to consumer devices – but said that the debate should not be defined by extremes on either side

Obama: ‘We don’t want government to look into everyone’s phones willy-nilly’ (TechCrunch) Encryption with a backdoor accessible to very few in important situations is what President Barack Obama says he suspects is the answer to the digital privacy versus security debate. That contradicts the position of many in the security industry who believe that would inevitability lead to abuses of such a backdoor

No, you backoff on backdoors or else (Errata Security) Speaking at #SXSW, President Obama threatened the tech community, telling us to backdoor our encryption ourselves or else congress will mandate a worse solution later

Obama Administration to Expand Unconstitutional Warrantless NSA Spying on Americans (Reason) The new surveillance rules have nothing to do with stopping terrorism

Techies to Washington: Anything You Can Do We Can Do Better (Wired) President Obama is kicking off the annual South by Southwest conference in Austin, Texas, today with a conversation on how technologists and government agencies can work together to solve some of the country’s toughest problems. His goal, it seems, is to cement his own legacy for embracing technology and set the stage for the next administration to continue that work

New NSA rules allow agency to share data without privacy protections or terrorism links (Extreme Tech) A consistent argument the NSA and its defenders have offered for the agency’s behavior since 9/11 is that its mass surveillance and warrantless wiretapping programs are required to fight terrorism

Cybersecurity Sharing: Think Before You Participate (No Jitter) The sharing of threat information among enterprises and federal agencies is good in principle, but requires a cautious approach

Zealous Cop on the Beat: the FCC's Proposed Privacy Rules (LinkedIn) They have been eagerly awaited and now they are here: the proposed privacy rules of the Federal Communications Commission (FCC)

Litigation, Investigation, and Law Enforcement

Encrypted WhatsApp messages frustrate new court-ordered wiretap (Ars Technica) DOJ and Facebook, WhatsApp's parent company, may clash just like in iPhone case

New Documents Solve a Few Mysteries in the Apple-FBI Saga (Wired) As the saga around the San Bernardino iPhone continues, new details are trickling out in court documents about the phone and the government’s investigation. Some of the details answer longstanding questions about the case while others raise more questions

Apple Deliberately Raised Barriers, Government Says (Dark Reading) Only the company can do what is needed to help the FBI unlock iPhone belonging to San Bernardino terror suspect, government says

Government hints it may demand iOS source code, signing key (Computerworld via CSO) Not-so-subtle threat that if Apple won't comply with court order, there's a Plan B … which could be a Lavabit-like ultimatum

Why the iPhone the FBI Wants to Crack Likely Has No Crucial Data (Fortune) Should Apple still unbolt the vault?

Why Apple is right to resist the FBI (TechCrunch) The FBI wants Apple to do something no private company has ever been forced to do: break its own technology

Apple VP's op-ed piece on FBI draws mixed reactions (Lawyer Herald) Apple unlocking the encryption code of an iPhone owned by a slain terrorist might actually damage beyond repair the national security it so fervently wants to protect

Apple-FBI duel is playing big at SXSW (USA Today) It is inescapable: The Apple-FBI dust-up is never far from thought at SXSW

Florida sheriff pledges to arrest CEO Tim Cook if Apple resisted cooperation (Ars Technica) If Apple wouldn't comply with a court order, sheriff vows: "I'll lock the rascal up"

The Shame Game (New Republic) The internet has given us a new public square. Now law enforcement is trying to harness its power

Industry watching as cybersecurity company fights claims it botched response to data breach (Legal Newsline) The cybersecurity industry is closely following a first-of-its-kind lawsuit filed against Trustwave over allegations that the forensic investigating company botched its response to a data breach

Delaware High Court Justices Not Convinced Imperva Directors Were Beholden To ‘Midas Touch’ CEO (Legal Solutions) Dissident Imperva Inc. investors have failed to persuade Delaware’s high court to revive charges that their directors rubber-stamped a bad buy of Skyfence Networks in order to stay in the inner circle of data security firm Imperva’s “Midas touch” CEO Shlomo Kramer

From Stolen Wallet to ID Theft, Wrongful Arrest (KrebsOnSecurity) It’s remarkable how quickly a stolen purse or wallet can morph into full-blown identity theft, and possibly even result in the victim’s wrongful arrest

Men lose three times as much money than women to cyber crime (Information Age) The CIty of London Police has revealed for the first time who is being targeted most by cyber crime, and who is being hit hardest

Police investigate cyber bullying in Coalisland area (Tyrone Times) The police have said they are looking into reports of cyber bullying in the Coalisland area

Sun of a gun: a solar energy “Do Not Call” violator is brought to justice (Naked Security) As practically every American with a phone knows, a veritable plague of automated telemarketing calls has spread across the land

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity professionals in the country. These experts, from private practice, the government and corporate worlds, will share proven tips, valuable lessons learned and insightful prognostications about the year ahead. You owe it to your clients and yourself to attend the only law school-sponsored CLE program in the country that is devoted 100% to cybersecurity legal developments.

Upcoming Events

SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.

Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses

ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise

Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities

Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity

Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings

SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future

Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate