High-profile malvertising campaign serves ransomware. Snoopers' charter, crypto war debates. Apple's final filing.
Some high-profile sites have been hit by an Angler-driven malvertising campaign. Among businesses infected are the New York Times, BBC, The Hill, Newsweek, AOL, and MSN. Trend Micro, Trustwave, and Malwarebytes noticed increased malicious traffic over the weekend, much of it serving ransomware. Users in the US are the principal targets.
Iran, which detained a US riverine command boat on January 12, says it extracted data from devices the US sailors carried. Iran characterizes the information as "thirteen thousand pages" and says it's putting it to good intelligence use.
No word, yet, on the widely anticipated US indictment of Iranian hackers for the Bowman Avenue Dam incident.
FireEye warns that attackers use Citrix products to access corporate networks.
The Office of Inadequate Security publishes a long, interesting interview with Ghostshell, as the onetime hacktivist star continues his repentance and expiation tour. He expresses guilt over having enriched security companies with the FUD he provided.
The attempt on the Bangladesh Central Bank should prompt enterprise introspection over authorization and security controls. (Reflect as well on the current popularity of business email compromise fraud as an attack vector.)
In the US, NIST issues draft data security guidelines for BYOD and telework.
An Indian government biometric identity program aims to help the poor, but also raises privacy concerns. The snoopers' charter debate in the UK and the crypto wars in the US arouse similar disputes.
Apple hits back at the Justice Department in its last filings before the iPhone case goes to court.
Notes.
Today's issue includes events affecting Bangladesh, China, Iran, Iraq, Israel, Netherlands, Philippines, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Malvertising campaign hits New York Times, BBC, others (CSO) Several top-tier domains were victims of a malvertising campaign driven by the Angler Exploit Kit
Malvertising – When trusted websites go rogue (Naked Security) Crooks don’t need to hack into a mainstream website to infect it with malware
Iran says it recovered information from Navy sailors' devices (Navy Times) Iran has retrieved thousands of pages of information from devices used by U.S. Navy sailors who were briefly detained in January, the country's state television reported Tuesday
Attackers use these Citrix products to 'fly under the radar' of corporate security tools, warns FireEye (FierceITSecurity) Attackers are using Citrix products to remotely access the victim's environment, such as a corporate network, once a breach has occurred, warned security firm FireEye
Finally, someone to blame for the ransomware surge, just don't feed the hackers (FierceCIO) The end of last year saw a significant uptick in incidents where system administrators were denied access to their technology until they paid hackers ransom
Beware PowerSniff! Malware uses Word macros and PowerShell scripts (Graham Cluley) Malware appears to be hunting for point of sales systems, while actively avoiding healthcare and educational computers
GhostShell, On the Record – The Extended Interview (Office of Inadequate Security) “When it’s the middle of the night and you realise you’ve just been attacking and mapping entire cyber continents the only thought left in your head is “Who even cares anymore?”
Pedophiles May Be Using Anonymous’ Symbolic Mask To Trap Children (Hackread) A Pastebin post claims that pedophiles are using Anonymous' Guy Fawkes mask to trap children online
Physical Attack Can Breach Cryptographic Security for Mobile Devices (Check Point Blog) Researchers from the Check Point Institute for Information Security at Tel Aviv University have discovered that the encryption mechanism used for securing money transfers on mobile phones can be broken using a simple piece of $2 equipment
Cyber heist shakes up Bangladesh banking system (Reuters via Business Insurance) Bangladesh’s central bank governor resigned on Tuesday over the theft of $81 million from the bank’s U.S. account, as details emerged in the Philippines that $30 million of the money was delivered in cash to a casino junket operator in Manila
What We Can Learn From the Bangladesh Central Bank Cyber Heist (TrendLabs Secuirty Intelligence Blog) The reported hacking of Bangladesh’s central bank accounts with the U.S. Federal Reserve once again shows how bad the impact of cyber attacks to organizations, enterprises or even nation-states can be
Three things to learn from the New York Fed hack (Housingwire) Think your company is immune? Think again
Researcher seeks help contacting developers of iPhone app exposing 198,000 users (CSO) The database is just sitting in the open, but there is no one to claim it
What is this "/smoke/" about? (Internet Storm Center) I am currently seeing a lot of requests against my honeypot like the following
Business email compromise fraud rising fast, hard to fight (CSO) The email comes from a trusted source -- the CEO
Steam Stealer Malware ‘Booming Business’ For Attackers Targeting Gaming Service (Threatpost) Malware that targets Steam accounts has proliferated the gaming platform and become what researchers are calling a “booming business” for cybercriminals over the last few months
1-800 FLOWERS warns that hacker may have stolen customers' personal info (Graham Cluley) Online florist failed to nip hackers in the bud
Android diabetes apps lack privacy, data-sharing protection (FierceMobileHealthcare) Consumers using Android-based diabetes apps may mistakenly believe data collected and stored by the software isn't being shared and their privacy is being protected, according to a new study
Fake Frappe-Photos: the Great Coffee Instagram Scam (ZeroFOX) There are only two certainties in life: people love coffee, and people love Instagram. The two are a match made in heaven. Enter, the Instagram scam
Top 5 Healthcare Data Breaches in 2016 Not From Hacking (Health IT Security) 2015 was filled with hacking incidents, but the top healthcare data breaches so far this year are from different causes
Risk management: fake social media sites drive growth of ‘threat intelligence’ sector (Financial Times) How many of the people who follow you on social media sites really exist — and how many are lifelike avatars created by criminal hackers?
Stuxnet Part Of Widespread Cyber-Intrusion Of Iranian Infrastructure, New Film Claims (Dark Reading) New Stuxnet documentary that debuts tomorrow in Berlin reportedly reveals how Israel blew its cover, and the worm just one element of a much larger US-Israel cyber spy operation in Iran
The Unusual Suspects: Cyber threats, methods and motivations (BAE Systems) They’re the unseen, threatening, mysterious adversaries your business must defend against. But holding them up to the cold light of day diminishes their power – and helps defeat their attacks
Security Patches, Mitigations, and Software Updates
OpenSSH Implementations With X11forwarding Enabled Should Heed Recent Security Update (Threatpost) Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update
Cyber Trends
Internet of things: humble lightbulbs could become a form of attack (FInancial Times) If anyone in the technology industry believes the cyber security risk posed by the internet of things is exaggerated, then Daniel Miessler, a director at IOActive, a security company, is keen to put them straight
Tech firms warn public on growing cyber-risks (St. Louis Post Dispatch) It's not just computers and mobile phones that are vulnerable to cyber attack, according to software firm Trend Micro. As more devices are hooked up to the Internet, it could be anything from medical equipment to industrial machinery — and even sex toys
Behind every stupid user is a stupider security professional (CSO) Security professionals should look in the mirror, before declaring a user, “stupid”
Threat Intelligence's Big Data Problem (Dark Reading) Security teams are drowning in often useless threat intel data, but signs of maturity are emerging in what IT-Harvest predicts will be a $1.5 billion market by 2018
Indian parents are very worried about their children’s online security: Report (First Post) A recently published report by Norton by Symantec indicates that Indian parents are more worried about their children than the rest of the world
Marketplace
IDC: Cyber Insurance Will Be Commonplace In The Future (InformationWeek) IDC is advising insurers faced with a mature market to consider offering cyber insurance. Cybercrimes, it says, have cost the global economy $445 billion
Vodafone entering the cyber-security game (IT Pro Portal) Vodafone announced today it is entering the world of cyber-security with a new global line of business
Alphabet and Cisco Fund Ex-HP Security Lead's Startup (Fortune) $30 million in the bank for Skyport
Top-30 Cybersecurity Providers in Silicon Valley (Let's Talk Payments) Palo Alto Networks produces hardware firewall products that take an app-centric method for traffic classification and enable app visibility
Why the US Is Buying Up So Many UK Artificial Intelligence Companies (Motherboard) Autonomy, DeepMind, SwiftKey, VocalIQ. Each are British artificial intelligence and machine learning startups bought by US tech giants—HP, Google, Microsoft, and Apple, respectively
Wombat Security Announces Three-Year Annual Growth Rate Greater Than 900% in Exploding Security Awareness and Training Industry (MarketWired) Company boasts over 1,000 enterprise customers and over 100% growth in revenue and headcount in 2015; company completes integration with ThreatSim to create market leading security education solution
How Palantir Uses Big Data to Find Missing Kids (Fortune) The software unicorn has a growing ‘philanthropy engineering’ arm
SpectorSoft Changes Name to Veriato to Reflect Growing Demand for Corporate Truth (BusinessWire) Plans to Grow Staff By As Much As 30 Percent, Including New Senior VP of Worldwide Sales Joseph Torano; Launches $5,000 Online Scavenger Hunt March 15
UK contracts for new EW and cyber framework (IHS Jane's 360) The UK Ministry of Defence (MoD) has placed contracts with four companies under a new long-term framework agreement supporting electronic warfare and cyber (EW&C) research and technology
iPhone Encryption Battle: What Apple Can Learn From BlackBerry (InformationWeek) BlackBerry was the preferred smartphone for business users a mere five years ago, until the company decided to allow certain governments to access user messages. Apple could face the same confidence loss from corporate customers if the company assists the FBI to crack the security of the iPhone
Cybersecurity Sales Vet Beau Hutto Joins Gurucul as Federal Sales VP (GovConWIre) User behavior analytics provider Gurucul has appointed Beau Hutto as vice president for federal sales to help drive the company’s government market reach
Products, Services, and Solutions
Thomson Reuters Special Services and Terbium Labs Partner to Expand Data Intelligence Capacity for Corporate and Government Organizations (Terbium Labs) Thomson Reuters Special Services (TRSS), a business of Thomson Reuters, and Terbium Labs, the company behind the world's first fully private, fully automated Dark Web data intelligence system, today announced a collaboration to improve the analytical and data intelligence capabilities for TRSS corporate and government customers
Triumfant Extends Its Advanced Endpoint Threat Detection and Remediation Capabilities to the Cloud (BusinessWire) New cloud offering makes Triumfant’s AtomicEye easily accessible to any data provider
Symantec launches a Web site encryption service (Seeking Alpha) Symantec's (NASDAQ:SYMC) Encryption Everywhere service, to be offered via Web hosting partners, promises to let hosting firms "integrate encryption into every website from the moment it is created." Basic and premium service tiers can be provided
ESET Launches New Version of Secure Authentication Solution (BusinessWire) Mobile two-factor authentication system provides secure connection to company networks
Taking data security to the next level (Philly.com) Tom Patterson, head of global security for Unisys, talks about the company’s Stealth system, which keeps data from unauthorized users
Endgame Unveils Cyber Operations Platform to Automate Attacker Searches, Defense Mechanisms (ExecutiveBiz) Endgame will a release new cyber operations platform to the market March 30 in an effort to help enterprise organizations detect, block and disable cyber threats in the early stages of the attack
South River Technologies Releases Titan FTP Server Version 2016 (MarketWired) South River Technologies, Inc. (SRT), an innovator in secure file transfer, announced today the release of version 2016 of the popular Titan FTP Server. This release includes enhanced security updates as well as a new support structure
Technologies, Techniques, and Standards
How to update Adobe Flash - or uninstall it completely! (Graham Cluley) Friends don't let friends run out-of-date plugins
NIST Issues Data Security Guidelines for BYOD, Telework Devices (ExecutiveGov) The National Institute of Standards and Technology has introduced draft guidelines that seek to help corporate organizations protect networks from data breaches and other cyber attacks as a result of the adoption of bring-your-own-devices and computers for telework
How to respond to ransomware threats (CSO) It all depends upon your level of risk and how badly you want the data returned to you unharmed
Why PCI DSS cannot replace common sense and holistic risk assessment (CSO) Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime
With Legal and Cybersecurity Hurdles, Is Selling Through Amazon as Easy as it Seems? (Legaltech News) Despite ease and potential cost savings, sales via Amazon raise legal and security concerns for entrepreneurs to consider
ASC cybersecurity: Developing an effective breach prevention program (Becker's ASC Review) In February 2015, Anthem, Inc. announced its computer systems were hacked — “a very sophisticated external cyber attack” that sent shockwaves throughout the healthcare industry
The ‘Human Firewall’ Is Dead – Long Live the People (Tripwire: the State of Security) Recently, I read an article that suggested the ‘human firewall’ is broken and that it cannot be fixed
6 Tips for CISOs Selling Security to the Board (eSecurity Planet) Some CISOs may dread presenting to the board of directors. These tips will help ensure it goes well
Design and Innovation
Biometrics Are Coming, Along With Serious Security Concerns (Wired) You're buying a pair of jeans. At the register, instead of reaching for your wallet or phone, you pull back your hair
Research and Development
Cryptography: Attack on the clones (Nature) A method to produce unclonable cryptographic keys based on self-assembled carbon nanotubes (CNTs) has been developed by Shu-Jen Han and colleagues, as they report in Nature Nanotechnology
Academia
National Cyber Intelligence Center at UCCS has interim director (Colorado Springs Gazette) Retired Army Lt. Gen. Ed Anderson has been named interim executive director for the National Cyber Intelligence Center while the national search finds a permanent leader for the Colorado Springs facility scheduled to begin operation April 1
STEM mentors put students on path to careers in security (CSO) Providing training and mentoring to students might be the solution to filling the enormous dearth of skilled candidates needed in cybersecurity
Legislation, Policy, and Regulation
A scheme in India to help the poor raises privacy concerns (IDG via CSO) The government has introduced legislation for a biometrics-based digital identity program
Sophos raises five concerns about snoopers’ charter (ComputerWeekly) As the draft Investigatory Powers Bill takes another step to becoming law, Sophos raises five key concerns that remain even after its revision
Can you strengthen security by weakening it? (Naked Security) You’re in a dilemma: some regulators want stronger security for the data you hold on customers. But other regulators want to make it easier to catch the Bad Guys by weakening the very technologies – such as encryption – that make it easier to protect the Good Guys
New EU Regulation to Standardize E-Signature Processes by July (Legaltech News) eIDAS streamlines the use of new technologies and defines three new levels of e-signatures, though individual countries have discretion on when to use e-signatures
Anti-ISIS-Propaganda Czar’s Ninja War Plan: We Were Never Here. (Daily Beast) Forget Twitter wars with hard-core extremists—the U.S. is going after jihadis the same way Amazon targets your shopping habits
Why the government can’t actually stop terrorists from using encryption (Washington Post) Even if the U.S. government prevails in its quest to compel Apple and other U.S. companies to give the authorities access to encrypted devices or messaging services when they have a warrant, such technology would still be widely available to terrorists and criminals, security analysts say
National debate over encryption seeps into SXSW Interactive (My Statesman) A former lawyer for the National Security Agency was bickering with one of the world’s leading cryptographers in a panel discussion Tuesday at the South by Southwest Interactive Festival
3 realistic solutions to prevent another FBI-Apple fight over encryption (Los Angeles Times) Since the 1990s, U.S. law enforcement has expressed concern about "going dark," defined as an inability to access encrypted communications or data even with a court order
Lawmakers blast 'sluggish' response by HHS on HIPAA technical guidance (FierceMobileHealthcare) Lawmakers say the U.S. Department of Health and Human Services' progress on promised updated technical compliance guidance for HIPAA has been "sluggish" and "disappointing"
Can Army Cyber Command change the military’s way of thinking? (C4ISR & Networks ) At the Defense Department, a common catchphrase, “boiling the ocean,” is often used as a euphemism for over-exerting time or resources to fix a given problem
Litigation, Investigation, and Law Enforcement
Apple fires back: “Government is adept at devising new surveillance techniques” (Ars Technica) In final filing before hearing, Apple says gov't hasn't shown "necessity"
Apple: “Government misunderstands the technology” involved in demanding they decrypt an iPhone (TechCrunch) On March 22nd, Apple and the FBI will head to federal court to determine whether or not the government can force Apple to open up an otherwise deeply-encrypted iPhone used by terrorist Syed Rizwan Farook leading up to the San Bernardino shootings
FBI v. Apple is a security and privacy issue. What about civil rights? (Ars Technica) Jesse Jackson: "Activities of civil rights organizations and activists" at stake
Legal group submits plan to depose 7 top Clinton, State Dept. aides in email battle (Washington Post) A conservative legal advocacy group submitted plans Tuesday to question under oath seven current and former top State Department officials and aides to Democratic presidential contender Hillary Clinton
Local authorities, feds investigating alleged ISIL 'kill list' for Minnesota law enforcement (Minneapolis Star-Tribune) Caliphate Cyber Army released names; FBI is investigating threat
Home Depot deal may set standard for cyber breach settlements (Business Insurance) The $19.5 million settlement Home Depot Inc. was able to reach in connection with its massive 2014 data breach was relatively low, which can be attributed to the difficulty plaintiffs in many related cases have had in successfully claiming damages, say experts
China's ZTE said to appeal U.S. export ban after lobby efforts fail (Reuters) China's ZTE Corp will appeal tough U.S. export restrictions imposed last week, according to a person familiar with the matter, after the telecom equipment maker's costly lobbying effort failed to allay concerns about its business
Teens arrested for hacking hundreds of key Instagram users (SC Magazine) Police say two teenagers made tens of thousands of euros by hacking 'big' Instagram users with many thousands of followers
Celebgate hack: Man to plead guilty to nude photos theft (BBC) A man has been charged with hacking the Apple iCloud and Gmail accounts of celebrities and stealing nude photos and videos from them
Prosecutors find that ‘Fappening’ celebrity nudes leak was not Apple’s fault (TechCrunch) Hacker Ryan Collins pleaded guilty to stealing a number of nude photos — including ones of Jennifer Lawrence — from Apple’s servers
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, Mar 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance. What is needed is a security solution that does not increase latency and is operationally feasible.
Upcoming Events
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment
Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, Apr 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives
ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education
ASIS 15th European Security Conference & Exhibition (London, England, UK, Apr 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, Apr 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.
Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, Apr 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations
QuBit Conference (Prague, the Czech Republic, Apr 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business
CISO Dallas (Dallas, Texas, USA, Apr 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, Apr 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB.
Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, Apr 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
Security & Counter Terror Expo 2016 (London, England, UK, Apr 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Apr 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, Apr 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more.
Army SIGINT (Fort Meade, Maryland, USA, Apr 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference
CISO San Francisco (San Francisco, California, USA, Apr 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends