Continuing convergence of espionage, crime tools. Malware evolution. Info-sharing questions. Apple-DoJ updates.
The convergence among criminals and nation-state espionage services continues to develop, as US Cyber Command chief Admiral Rogers warned Congress during budget hearings this week. Lest one be tempted to write such warnings off as mere appropriations-driven FUD, compare recent reports of PLA code appearing in ransomware, and of stolen digital certificates used in both espionage and malware campaigns.
The US Department of Justice warns that ISIS is actively seeking cyber attack tools; it's unclear whether the warning derives from specific intelligence or is instead a sensible conclusion drawn from a priori possibility.
Anonymous say it will start hitting US Presidential candidate Donald Trump's online presence on April 1. A10 Networks thinks Trump's campaign unusually well-prepared against such attacks. (We may see, although the activities of any anarcho-syndicalist collective are difficult to predict. Just ask Ghostshell.)
Sophisticated crooks impersonate FinCERT to successfully phish Russian banks.
The Olympic Vision business email compromise campaign continues to hit companies in the Middle Eastern and Asia-Pacific regions.
Several malware developments are worth noting. Palo Alto says malware authors have found ways around iOS defenses with "AceDeceiver." Recorded Future reports upgrades to Hydra, a version of Umbra Loader with Tor-based support. Shape Security describes Sentry MBA, an automated tool for credential stuffing. TeslaCrypt has become harder to break ("unbreakable," according to Cisco Talos). Fortinet finds that Nemucode has added ransomware functionality.
Information sharing remains a vexed issue, especially government-to-corporate sharing, but TruSTAR and others increasingly focus on sharing techniques as opposed to mere threat data.
Notes.
Today's issue includes events affecting Canada, China, Denmark, European Union, Germany, Iran, Iraq, New Zealand, Philippines, Russia, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Top DOJ prosecutor: ISIS 'actively' seeking cyberattack tools (Fox News) The Justice Department’s chief national security prosecutor said Wednesday that the Islamic State is “actively attempting” to possess destructive cyberattack capabilities, adding that the group is intent on causing major damage via cyber means
Cyberespionage groups are stealing digital certificates to sign malware (CIO) The China-based Suckfly group has used nine stolen digital certificates to sign its malicious programs since 2014
Cyber Command chief: Foreign governments use criminals to hack U.S. systems (Baltimore Sun) Foreign governments are building relationships with criminals and other hackers to hide their attempts to break into American computer systems, the head of U.S. Cyber Command told members of Congress on Wednesday
Breaking Down the Malware Behind the Ukraine Power Outage (ThreatTrack Labs) Security researchers recently discovered that the power outage in the Ukraine in December was caused by a malware and identified as an evolved version of BlackEnergy
Anonymous declares cyber war on Donald Trump (The Hill) The hacking group Anonymous is urging its followers to launch a barrage of cyberattacks on April 1 to take down Donald Trump’s websites and expose the “appalling” GOP presidential candidate
Anonymous To Launch Cyberattacks Against Trump Campaign Starting April 1 (Dark Reading) Planned attacks a response to candidate's controversial campaign rhetoric, hacking collective says
Dozens of Russian banks Phished by crooks pretending to be FinCERT (CSO) Campaign was well executed and planned, researchers say
Olympic Vision Business Email Compromise Campaign Targets Middle East and Asia Pacific Companies (TrendLabs: Simply Security) There’s a reason why the FBI estimates that the average loss caused by Business Email Compromise (BEC) to be $130,000 per company
AceDeceiver iOS malware exploits Apple design flaw to infect non-jailbroken devices (Help Net Security) Malware developers have found another hole in Apple’s iOS defenses, and this one, according to Palo Alto researchers, will be difficult to plug
Release the Hydra: Umbra Loader With Tor Support (Recorded Future) The Hydra open source Tor-based botnet (an Umbra Loader variant) recently received an update. Potential to serve as a blueprint for new malware written in Delphi, specifically around ease of Tor integration. Malicious network traffic-based detection becomes more difficult as additional families piggyback on the Tor network
Sentry MBA makes credential stuffing attacks easy and cheap (CSO) An automated attack tool called Sentry MBA makes credential stuffing attacks simple
Security Pros Love Python? and So Do Malware Authors! (Internet Storm Center) Learning how adversaries compromise our systems and, more importantly, what are the techniques they use after the initial compromise is one of the activities that we, Incident Responders and Forensic/Malware investigators, dedicate most of our time to
Large advertising-based cyber attack hit BBC, New York Times, MSN (IDG via InfoWorld) The attack bypassed the security systems of many online advertising companies, putting users at risk of being infected with ransomware
TeslaCrypt ransomware now impossible to crack, researchers say (CSO) Victims can either either restore files from a backup or if that's not possible, pay up
Nemucod Adds Ransomware Routine (Fortinet Security Research) It came to our attention that a new, rather peculiar version of Nemucod has been recently landing on users. Nemucod is a well-known JavaScript malware family that arrives via spam email and downloads additional malware to PCs. Most recently, Nemucod has been known to download TeslaCrypt ransomware variants
Ransomware Will Spike As More Cybercrime Groups Move In (Dark Reading) The lure of easy money attracting organized groups is a trend that spells more trouble for enterprises, researchers say
Carbanak Cyber Thieves Back on the Scene (Infosecurity Magazine) Security researchers are warning of an uptick in activity from the notorious Carbanak cyber bank robbing gang signalling a change of focus to the Middle East, US and Europe
American Express warns customers about third-party breach (CSO) Incident took place in 2013, but the third-party service provider isn't named
Thieves Phish Moneytree Employee Tax Data (KrebsOnSecurity) Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data — including Social Security numbers, salary and address information — was accidentally handed over directly to scam artists
Malware Increasingly Making its Way into Organizations through Social Media (Legaltech News) The Osterman Research survey also found just over half of organizations feature a written policy governing the use of social networks
How do you break into a private network? All it takes is a free dinner (CSO) David Spark asked conference attendees at RSA 2016 how to access their network. What's the secret? The answers might surprise you
Fitness wearables: Who's tracking who? (CSO) They are a hot product, since they can tell you so much about your health. The problem is fitness wearables can tell the same things to a lot of other people, from marketers to identity thieves
Security Patches, Mitigations, and Software Updates
Java vulnerability report strains responsible disclosure (SearchSecurity) A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process
Microsoft drops another big batch of Windows patches (InfoWorld) Third Tuesday patching regime proffers a mystery patch and 46 mildly interesting fixes
VMware Security Advisories: VMSA-2016-0003 (VMware) VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues
TP-Link blocks open-source router firmware to comply with new FCC rules (PCWorld) Other manufacturers are quietly blocking open-source firmware, too
Google starts tracking, encourages worldwide HTTPS usage (Help Net Security) Google has added a new section to its Transparency Report, which will allow users to keep an eye on Google’s use of HTTPS, and HTTPS use of the top 100 non-Google sites on the Internet
Cyber Trends
Opinion: Hacker or hacktivist? In data security, it doesn't really matter (Christian Science Monitor Passcode) Much of the cybersecurity field is too focused on attributing hacks. Instead, companies trying to defend their data should do more to protect their data from any attacker
2016 Cybersecurity Confidence Report: Measuring confidence levels of IT pros and executives (Barkly) How confident are you in the current state of your security? What's working, what isn't, and if you were calling all the shots what would be the first thing you’d change?
As cyber attack surface expands, consumers and companies face more risk than ever (Third Certainty) Everyone, not just IT, must take responsibility for security and protect ‘crown jewels'
White paper: Orgs not doing enough to manage social media content (FierceContentManagement) 43% fail to archive social information
Cybersecurity, Off the Record: Leadership’s Approaches to the Threat Landscape (Legaltech News) Hogan Lovells’ Cyber Summit brought together leaders from businesses and government to discuss how to handle cyber threats
Is Company Data Protected or in Peril? UK Management, Employees Can’t Agree (Legaltech News) There is a wide disconnect between whether companies have formal BYOD policies in place, and whether they are doing enough to educate and train their employees in data protection policies
Marketplace
The IT security industry is not consolidating (CSO) The numbers speak: 1,440 vendors and growing
Why Silicon Valley’s ‘unicorn problem’ will solve itself (TechCrunch) The rise was like a tech startup fairytale. Within three years of founding, this unicorn company had raised more than $1 billion in venture capital
LANDesk To Acquire AppSense (Dark Reading) LANDesk looks to expand endpoint protection across virtual, cloud, physical environments
Why the next wave of cybersecurity talent won’t have a ‘security’ job title (Help Net Security) Over the past five years, we’ve witnessed the state of cybersecurity become chaotic – and, quite frankly, grim – across a variety of industries
Microsoft rescinds mistaken ‘Bitcoin ban’ (IBS Intelligence) Microsoft has revealed that inaccurate information, which had lead people to believe the computing giant had stopped accepting Bitcoin, had been posted on its online store’s FAQ in error
New Relic offers security researchers cred – not cash – for bug reports (Register) The bounty is the exposure. You oughta be grateful!
Ben Horowitz to Take Board Seat at Security Startup Tanium (Re/code) Ben Horowitz, the rap-loving, book-writing co-founder of the big shot venture capital firm Andreessen Horowitz will be joining the board of directors at Tanium, the computer security outfit in which the firm has so heavily invested
Products, Services, and Solutions
Deutsche Telekom ushers in a new era of mobile security (Telekom) "Mobile Protect Pro" can detect even new and unknown types of malware...The new solution, which has been developed by Zimperium, an Israeli-American provider, is based on machine-learning algorithms that can identify even previously unknown attacks
ZeroFOX for HootSuite Finds the Bad Stuff on Social Media (ZeroFOX) Fake accounts impersonate your company and employees in order to distribute fraudulent or offensive content
The power to immediately counter data theft with Matchlight from Terbium Labs (Help Net Security) In June 2015, Terbium Labs launched Matchlight, a first-of-its-kind data intelligence system used to find stolen enterprise data on the dark web within minutes of it appearing
MobSF: Security analysis of Android and iOS apps (Help Net Security) The Mobile Security Framework (MobSF) is an open source framework capable of performing end to end security testing of mobile applications
Security CLTRe Toolkit: Build and improve security culture (Help Net Security) Norwegian security culture startup CLTRe has announced today at CeBIT its Security CLTRe Toolkit
How a digital pathology solution secures patient data (Help Net Security) Dutch tech company Philips recently announced that its digital pathology solutions have been certified for compliance with the U.S. Department of Defense (DoD) security requirements
Kaspersky Lab and WISeKey Launch an Encrypted Vault for All That is Precious on Your Mobile: the WISeID Kaspersky Lab Security App (BusinessWire) Kaspersky Lab and WISeKey, a Swiss based cyber-security company, today announced the release of a special edition of the cyber-resilience app, WISeID Kaspersky Lab Security
File Encryption on Mac OS X Easier Than Ever with Jetico's BestCrypt (Virtual Strategy Magazine) Mac users now have vastly improved options for protecting their data as Jetico, developer of world-class data encryption software, has just released BestCrypt Container Encryption 2.0 - their TrueCrypt alternative
Ixia Partners to Deliver a Full Lifecycle Security Solution Against Cybercrime (BusinessWire) The world’s leading security providers rely on Ixia to train resources; and build and deploy their solutions in the most demanding environments
Thycotic Enables Mobile, Offline Password Resetting (PRNewswire) Password Reset Server 5.0 allows access to password resetting without the need for physical machine login
5nine Software Announces Security Partnership with Bitdefender (Benzinga) 5nine Cloud Security Optimizes the Leading Antivirus Solution for Microsoft Hyper-V
PLDT addresses cyber threats with Akamai tie-up (Business Inquirer) An enterprise unit of the Philippine Long Distance Telephone Co. (PLDT) has rolled out an expanded portfolio of services aimed at providing businesses with more secure Internet solutions
Technologies, Techniques, and Standards
Blog: Are Hackers Honing In On Teleworkers? (SIGNAL) NIST seeks public comment to update guidelines to help organizations secure data
Is The Government Getting Stingier With Cyber Threat Data? (Defense One) Virginia Tech's network security chief thinks so. He says overclassification is making it harder to prep and respond
Suffocating Volume of Security Alerts Challenge Incident Response (SecurityWeek) A new study shows that incident response (IR) has become more difficult over the past two years due to an increasing number of IT activities and security alerts, and the difficulty of extending existing IR processes to new technologies
How can a cyber incident exchange help you avoid the next attack? (LInkedIn) In February, Hollywood Presbyterian Medical Center was hit by a serious ransomware attack placing many patient lives at risk
Evolving Threats: Why Deep Packet Inspection Is Critical for Intrusion Prevention (IBM Security Intelligence) Imagine what would happen if the police in a major city regularly published their plans to stop crime and catch thieves, including where all patrols are every hour
Spring Cleaning: How to Remove Old Software that makes your PC Vulnerable (Heimdal) On today’s episode of „Digital Hoarders”, I share how we can all make our PCs more organized and less insecure
Pwn2Own: Day 1 Recap (Trend Micro: Simply Security) Pwn2Own day 1 is done
Design and Innovation
Solutions emerge at highly anticipated SXSW harassment summit (Christian Science Monitor Passcode) This year's South by Southwest Interactive festival in Austin dedicated a series of panel discussions on how to combat the growing problem of online abuse in social media and gaming
Cybersecurity Needs a Moonshot! (SecurityWeek) Coming out of the 2016 RSA Conference, it is clear we have hit a watershed moment in the history of the IT industry
Legislation, Policy, and Regulation
Canada’s national cyber threat centre looking to expand (ITWorld Canada) Everyone looks forward to April 1 as a sign that spring will really be here. Gwen Beauchemin, director of the federal government’s Canadian Cyber Incident Response Centre (CCIRC) is looking forward to it even more
Denmark's Intelligence Agency Creates 'Hacker Academy' (ABC News) Denmark's military intelligence agency says it's creating "a hacker academy" where to train IT specialists who, if they graduate, will be offered employment
Will the Privacy Shield Truly Redefine International Data Transfers? (Legaltech News) Awaiting confirmation by the EU court, the Privacy Shield details leave some wondering whether it’s the right agreement for their business
Schneck: Critical infrastructure operators should assume malware is there (FierceGovernmentIT) A senior Homeland Security Department official on Tuesday said the department is hoping to turn the recent BlackEnergy malware attack on a portion of the Ukraine's power grid into a teaching moment for U.S.-based critical infrastructure operators
Cyber Command Needs Silicon Valley Input, Official Says (Law360) U.S. Cyber Command's head argued for further cooperation with private sector companies at a House budget hearing Wednesday, saying that as the U.S. Department of Defense ramps up its cyberspace capabilities, it must draw on expertise from companies in Silicon Valley and elsewhere
CYBERCOM gets easiest budget hearing ever (Federal Times) It’s said that cybersecurity is a bipartisan issue. Nowhere was that more apparent than a budget hearing for U.S. Cyber Command
Air Force Cyber Simulation Center preps to meet tighter deadlines (Federal Times) The Air Force is ramping up operations at its Cyber Simulation Center, run by the 90th Information Operations Squadron with contractor assistance from CACI Federal
HHS names members of Health Care Industry Cybersecurity Task Force (Becker's Hospital Review) HHS has announced the members of its Health Care Industry Cybersecurity Task Force, a collaboration of leaders in the public and private sectors that will address cybersecurity issues in healthcare
CIA appoints new CIO (FCW) John G. Edwards, an IT professional with a mix of government and private-sector experience, has succeeded Doug Wolfe as the CIA's CIO, an agency spokesman confirmed
Andrew Hampton to lead New Zealand national security agency (Global Government Forum) Andrew Hampton is to lead New Zealand’s national security agency less than two years after becoming the government’s first ever chief talent officer
Litigation, Investigation, and Law Enforcement
Apple’s Brief Hits the FBI With a Withering Fact Check (Wired) Apple's latest brief in its battle with the FBI over the San Bernardino iPhone offered the tech company an opportunity to school the Feds over their misinterpretation and misquotations of a number of statutes and legal cases they cited as precedent in their own brief last week
The Law is Clear: The FBI Cannot Make Apple Rewrite its OS (Backchannel) Barack Obama has a fine legal mind. But he may not have been using it when he talked about encryption last week
Lavabit's and Snowden's Solos (Metzdowd) As the sysop I feel qualified to clarify. I don't keep up with this list as closely as I should, so Mr Young, thank you for pointing me to this thread
Opinion: Before pointing fingers after cyberattacks, Remember the Maine (Christian Science Monitor Passcode) Without presenting evidence, Justice Department officials have blamed the Iranian government for a digital incursion at a small dam outside Rye, N.Y. But history shows unsupported accusations of that kind are dangerous
Facebook Hate Speech Probe Dropped in Germany (Wall Street Journal) German prosecutors dropped an investigation of Facebook Inc.FB +1.34% managers on allegations the social network failed to remove hate speech from its platform, a spokeswoman for the prosecutors’ office in Hamburg said Wednesday
Ohio Man Pleads Guilty to Trying to Help ISIS (NBC News) An Ohio man who allegedly swore allegiance to the leader of the terror group ISIS and tried to recruit others on Wednesday pleaded guilty to federal charges
Clinton tried to change rules to use BlackBerry in secure facility for classified information (Fox News) Less than a month after becoming secretary of state, and registering the personal email domain that she would use exclusively for government business, Hillary Clinton’s team aggressively pursued changes to existing State Department security protocols so she could use her BlackBerry in secure facilities for classified information, according to new documents released under the Freedom of Information Act
Hillary Faces National Security Establishment ‘Uprising’ Over Emails (Daily Caller) Democratic presidential candidate and former Secretary of State Hillary Clinton is facing an “uprising” in the national security establishment prompted by long-standing anger about her cavalier handling of classified materials and government secrets
MobileIron Announces Dismissal of Class Action Lawsuit by United States District Court (PRNewswire) MobileIron (NASDAQ: MOBL), the leader in mobile enterprise security, announced today that the United States District Court for the Northern District of California has dismissed, with prejudice, the Panjwani v. MobileIron, Inc., et al. securities class action that was filed on May 1, 2015 against the Company and certain of the Company's officers
Court rulings threaten to upset defences against data breach claims (Financial Times) In February, a Los Angeles hospital paid a bitcoin ransom equivalent to about $17,000 to retrieve its medical records after hackers attacked its network
Consumer Data Breach Injury: Not a Guessing Game (Lexology) Big data breaches are all over the news lately, but when is a merchant liable to individuals whose information is breached? Two cases have recently addressed questions relating to the nature of damages needed to sustain a civil claim against a merchant for data breaches
Hospital data breach patients to receive settlement checks (Orange County Register) St. Joseph Health patients whose medical information was released in a 2012 data breach will receive checks for $242 in April as part of a class-action settlement finalized last month
As health data breaches increase, what do you have to lose? (CNBC) A recent ransomware attack that forced a Los Angeles hospital to fork over $17,000 to criminals to get its computer system unlocked might be the most brazen health data crime of 2016 so far
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, Mar 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance. What is needed is a security solution that does not increase latency and is operationally feasible.
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment
Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, Apr 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives
ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education
ASIS 15th European Security Conference & Exhibition (London, England, UK, Apr 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, Apr 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.
Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, Apr 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations
QuBit Conference (Prague, the Czech Republic, Apr 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business
CISO Dallas (Dallas, Texas, USA, Apr 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, Apr 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB.
Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, Apr 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
Security & Counter Terror Expo 2016 (London, England, UK, Apr 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Apr 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, Apr 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more.
Army SIGINT (Fort Meade, Maryland, USA, Apr 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference
CISO San Francisco (San Francisco, California, USA, Apr 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends