Buhtrap raked in the rubles. Dridex is back. Stagefright and Rowhammer are back, too.
The Russian cyber mob that impersonated FinCERT now has a name, "Buhtrap," and a tally sheet: thirteen banks hit since August, with their biggest single take being 600 million rubles ($8.65 million). Other banking threats remain active. Carbanak is back, and Dridex is, too.
Various outlets say that FireEye has given the Indian government a report detailing extensive cyber espionage campaigns by actors based in Pakistan. Whether state-run (or inspired), hacktivist or criminal, or some mix of all of these is unclear from media reports. The campaign is said to involve distribution of Seedor malware through email attachments. The targets are reported to be Indian military and government personnel as well as Pakistani dissidents.
Stagefright may prove realistically exploitable, according to NorthBit, which describes a proof-of-concept attack the security company says could readily work in the wild. Google closed Stagefright in response to Zimperium research, but unpatched devices remain vulnerable.
AceDeceiver may affect non-jailbroken iPhones, but Wired puts the issue into perspective with a quotation from security researcher Jonathan Zdziarski. “In its current form, this isn’t dangerous except to the exceptionally stupid.”
Rowhammer, another vulnerability from the past, may also be riskier than long thought. Third I/O research suggests that bitflipping might indeed work against dual in-line memory modules.
Ready availability of cheap Steam stealers drives a long-running uptick in Steam gaming account hijacking.
Observers think the FBI is more worried about precedent than a single iPhone's contents in the dispute with Apple.
Notes.
Today's issue includes events affecting Canada, China, Cuba, European Union, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Netherlands, Pakistan, Russia, Sudan, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Cyber security firm FireEye reveals Pak modus operandi against India (SIR) Hackers from Pakistan have been waging war against India in the virtual world, according to cyber security firm FireEye
Pakistan-based cyber espionage group allegedly targeting Indian military and government personnel since 2013: FireEye (GCONew) Security company FireEye has made a possibly damaging revelation today. A cyber espionage group possibly based out of Pakistan, has been targeting Indian military and government personnel, as well as, Pakistan dissidents since 2013. According to the company, the group sent emails about military issues and India-Pakistan relations that hid malware inside
New Russian Hacker Cell Hit 13 Banks Since August, Group-IB Says (Bloomberg) A newly discovered Russian-language hacker group known as Buhtrap has attacked 13 Russian banks since August using malware that infiltrates their gateway to the central bank, according to Moscow-based cybersecurity company Group-IB
Online Banking Threats in 2015: The Curious Case of DRIDEX’s Prevalence (TrendLabs Security Intelligence Blog) The thing about takedowns is that these do not necessarily wipe out cybercriminal operations
Trump's Social Security, phone numbers released by Anonymous hacker group (AOL News) Hacker group Anonymous released phone numbers and a Social Security number allegedly belonging to Republican presidential candidate Donald Trump on Thursday
Cyber espionage groups grow more insidious (FierceCIO) Symantec has issued the unsettling reminder that the code-signing certificates organizations use to secure their files and software might not be as safe as their IT teams think
Adult themed Android SMS Stealer Trojan (Zscaler Threat Lab) During our continued efforts to protect our customers against the latest mobile threats, we came across another malicious app that used pornography to attract users
Even for Companies that Don’t Pay, Ransomware Attacks Prove Costly: Survey (Legaltech News) Employees are usually locked out for days after an attack, and often the cleanup process means the loss of essential files
New Stagefright exploit threatens unpatched Android devices (Graham Cluley) One of Android's biggest security scares is back for an encore
Metaphor: A (real) reallife Stagefright exploit (NorthBit) In this paper, we present our research on properly exploiting one of Android’s most notorious vulnerabilities--Stagefright--a feat previously considered incredibly difficult to reliably perform
AceDeceiver Malware Can Infect Non-Jailbroken iOS Devices (Intego) I've said it before, and I'll no doubt say it again — if you care about your iPhone or iPad's security, then you won't resort to jailbreaking
Hack Brief: No Need to Freak Out Over That Chinese iPhone Malware (Wired) The security track record of Apple’s locked-down mobile operating system has been so spotless that any hairline fracture in its protections makes headlines
Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” (Ars Technica) New research finds "bitflipping" attacks may pose more risk than many admit
Spammers Abusing Trust in US .Gov Domains (KrebsOnSecurity) Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in”usa.gov”
The FBI Warns That Car Hacking Is a Real Risk (Wired) It's been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee as I drove it down a St. Louis highway
Motor Vehicles Increasingly Vulnerable to Remote Exploits (IC3) As previously reported by the media in and after July 2015, security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles
Google, university team reveal the farce of 100% 'secure' HTTPS browsing (FierceCIO) In case you thought all the Web browsing your people do on the job is secure, please allow us to burst your bubble
McAfee uses web beacons that can be used to track and serve advertising to users (Help Net Security) A test of seven OEM laptops running Windows has shown consistent privacy and security issues, including an interesting revelation that the McAfee Antivirus running on six of them is using web beacons to serve ads and possibly even track users online
How your data is collected and commoditised via “free” online services (Troy Hunt) I get a lot of people popping up with data breaches for Have I been pwned (HIBP). There’s an interesting story in that itself actually, one I must get around to writing in the future as folks come from all sorts of different backgrounds and offer up data they’ve come across in various locations. Recently someone sent me a list of various data breaches they’d obtained, including this one
What your encrypted data says about you (Naked Security) You’ve probably heard of metadata, which is a fancy name for “data about data"
Boom in Steam account hijacking is due to cheap Steam Stealers (Help Net Security) With over 125 million active users, Valve’s Steam is the most popular online gaming platform in the world and, consequently, forms a huge pool of targets for cyber crooks and scammers
Where cyber space meets the Wild West (Financial Times) The baddies behind botnets have an endless supply of cheap guns while citizens have only barricades
Confidential Ohio medical records exposed (Newsnet5 Cleveland) Cuyahoga County man stumbles upon breach
Security Patches, Mitigations, and Software Updates
Symantec warns of serious security holes – in Symantec security kit (Register) Even the gatekeepers need patching
Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Security Issues (Symantec) Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client
Windows users getting unwanted prompts and upgrades to Windows 10 (FierceCIO) Reports of an excess of unwanted Windows 10 upgrades have popped up over the past week, an article at CIO noted. However, an analyst from IT consultancy Directions on Microsoft said users – not just Microsoft – can share the blame
Cyber Trends
IT is getting cloud storage security all wrong (CIO via CSO) Two recent reports confirm that your greatest security threat is your users, not outside hackers
Companies still lack adequate data privacy tools (Help Net Security) 93 percent of IT professionals agree that customer data privacy concerns are a critical issue at the C-level. Yet, only 9 percent percent believe current privacy and consent methods are adequate
Insight into critical data remains limited (Help Net Security) SANS surveyed 829 IT professionals with endpoints located around the globe to explore how IT professionals monitor, assess, protect and investigate their endpoints
Alarming gaps in cyber security identified by a new survey of Canadian energy companies (Oilweek) Only one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general
Third of UK universities victimised by cyber-attacks (SC Magazine) Over one-third (36 percent) of universities in the UK are hit by cyber-attacks every hour
Marketplace
Cyber-security ethics: the ex-hacker employment conundrum (SC Magazine) The hiring of a former Lulzsec hacker by a respected cyber-security company has raised some interesting questions as to the role of former black hats in the white hat's world
SINET targets Sydney debut to channel Australia's “hunger” for commercialising security innovation (CSO) The impending emergence of security incubator Security Innovation Network (SINET) in the Australian market will tap into what the multinational organisation's founder calls “a definite hunger for cybersecurity innovation” amongst Australian businesses keen to share ideas and build businesses in the fast-expanding global security market
Thales Closes $424M Buy of Vormetric in Cyber Market Push (GovConWire) Thales Group has closed its acquisition of San Jose, California-based data protection technology vendor Vormetric after the French conglomerate obtained regulatory clearance for the estimated $424 million transaction
CSC acquires UXC security partner Dalmatian Group (CRN) Australia’s largest IT services provider has just become a little bigger after completing its second acquisition in a month
LANDesk To Acquire AppSense (Dark Reading) LANDesk looks to expand endpoint protection across virtual, cloud, physical environments
Bernstein has 5 reasons for you to own Palo Alto (Seeking Alpha) Palo Alto Networks (NYSE:PANW) shares ended the day down slightly despite a bullish note from Bernstein analyst Pierre Ferragu which highlighted 5 reasons to own the shares
Mimecast Climbs Back From Post-IPO Swoon (Seeking Alpha) Revenue and cash flow are steadily growing. Mimecast is rolling out security suite extensions. Hedge fund has acquired 46% of share float
Cyber security is becoming a Dutch export (ComputerWeekly) IT security is about to rival cheese, tulips, windmills and flood defences as an export from the Netherlands
Hootsuite deal means big exposure for Baltimore's ZeroFOX (Baltimore Business Journal) A new partnership with social media management company Hootsuite will mean big exposure for Baltimore’s ZeroFOX
An airline disaster gave Stuart McClure the genesis for his Irvine cybersecurity company (Orange County Register) An airline disaster gave Stuart McClure the genesis for his Irvine cybersecurity company
With little time to react, staying ahead of threats is top-of-mind for C-level execs (CSO) As he settled into his seat, preparing for an hourslong flight, Stuart McClure made a seemingly insignificant decision that likely saved his life and those of his mother and little brother
Neustar hires security sales veteran from Cyphort (Telecompaper) Neustar said it has hired security sales veteran Denise Hayman, who will join the Neustar sales team to focus on the high-growth enterprise security market
Products, Services, and Solutions
Customer Authentication: Multi-factor security from iovation (Help Net Security) Customer AuthenticationWith most transactions now happening online, providing customers with a frictionless online experience that’s also highly secure is critical for today’s businesses
NTT, Microsoft to share info on cyberattacks (Nikkei) Japan's Nippon Telegraph & Telephone group and Microsoft will share information on threats to cybersecurity in an effort to better protect clients
Technologies, Techniques, and Standards
Mitre Takes on Critics, Set to Revamp CVE Vulnerability Reporting (Threatpost) Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization
Considering Docker? Consider Security First (OpenDNS Blog) Containers started making a big splash in IT and dev operations starting in 2014. The benefits of flexibility and go-live times, among many others, are almost undeniable. But large enterprises considering using a container platform for development or IT operations should pause and consider security first
What is an SQL Injection Cheat Sheet? (Netsparker) An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability
A management guide to becoming cyber-attack resilient (South China Morning Post) Financial services firms need to step up their cyber-attack readiness plans
Does a smartphone make two-factor authentication? (CSO) Is a cell phone a suitable second factor for two-factor authentication? Several infosec pros had a lively debate about this topic on Twitter recently
Paranoid or Cautious? Protect Your Data Like Everyone’s Watching (Cause They Might Be) (Heimdal Security) Most of my friends think I’m paranoid because of my security measures
VIDEO: What is a VPN, and why should you be using one? (Graham Cluley) WTF are you doing not running a VPN?
Pwn2Own: Day 2 and Event Wrap-Up (Trend Micro: Simply Security) The second and final day of the 2016 Pwn2Own competition wrapped up today
Design and Innovation
Secure, user-controlled data (MIT News) Cryptographic system would allow users to decide which applications access which aspects of their data
Academia
New academy will train the cyber security experts of the future (Wales Online) A new academy that will train the cyber security experts of the future will be launched in Newport today
Legislation, Policy, and Regulation
Beyond Back Doors: Recalibrating The Encryption Policy Debate (Dark Reading) Three compelling reasons why access to back doors should not be the intelligence and law enforcement community's main policy thrust in the fight against terrorism
How the ‘wonks’ of public policy and the ‘geeks’ of tech can get together (TechCrunch) Technology innovates and disrupts, while public policy regulates and controls — at least according to conventional wisdom
Why You Can't Ignore Privacy Shield (Dark Reading) Trans-Atlantic transfer of Europeans' personal data might not have concerned you in the past, but here are eight things you need to know now
The Snoopers’ Charter – a tipping point (Data Center Dynamics) The government’s Investigatory Powers Bill, or “The Snoopers’ Charter” as it’s been dubbed in the press, has sparked debate over the balance between privacy concerns and national security.
India Looks to Establish Itself as an Influential Geopolitical Voice in Cyberspace (Cyveillance) As leading global powers seek to have a hand in influencing Internet governance, India is slowly emerging as a potential key player and ally
DHS begins sharing cyber threat data with businesses (The Hill) The Department of Homeland Security (DHS) has begun sharing cyber threat data with federal agencies and private companies in accordance with a major cybersecurity bill passed last year
Investments in Cyber Command reflect evolving nature of threats (Federal News Radio) Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency, told a congressional subcommittee that increased investments in cybersecurity are a reflection of the world we live in and the evolving nature of cyber threats
House committee rejects Obama cyber proposal (The Hill) The House Budget Committee late Wednesday voted down an amendment that would have funded the White House’s proposal for a $3 billion technology modernization initiative
FTC warns app developers against using audio monitoring software (IDG via CSO) A dozen developers appear to have packaged TV tracking software into their products, the agency says
Navy's Information Warfare Officers Get New Job Title (Military.com) The Navy's information warfare experts are taking on a new name. As of this month, information warfare officers responsible for signals intelligence, cyber operations and electronic warfare ops will be known as cryptologic warfare officers
Why large parts of the internet have suddenly vanished for millions of users (Quartz) For the past six weeks or so, internet users in Syria, Cuba, and Iran have seen blank pages when they access websites hosted by Softlayer, IBM’s cloud infrastructure unit
Litigation, Investigation, and Law Enforcement
The FBI has a big ulterior motive in its fight against Apple (Quartz) When a public interest group wants to create new legal precedent, its first step is to find a client with sympathetic facts
Tim Cook to Time: 'I feel like I'm in this bad dream' (MacWorld) Before the Apple-FBI fight gets its first day in court, Tim Cook recaps the struggle in a new interview
Sen. Cotton: Apple’s Brand Is Not Worth America’s Safety (Time) Apple CEO Tim Cook recently explained his decision to refuse a court order to unlock the iPhone of a deceased ISIS terrorist
Gov’t accidentally publishes target of Lavabit probe: It’s Snowden (Ars Technica) No surprise, "Ed_snowden@lavabit.com" was what investigators were after
NSA: Fallout From Snowden Leaks Isn't Over, But Info Is Getting Old (NPR) The fallout from Edward Snowden's 2013 spying revelations is not over yet, according to Richard Ledgett, who ran the National Security Agency's investigation into Snowden's leaks
NSA denied Hillary’s 2009 request for secure smartphone (AP via New York Post) Newly released emails show that a 2009 request to issue a secure government smartphone to then-Secretary of State Hillary Clinton was denied by the National Security Agency
This is the phone NSA suggested Clinton use: A $4,750 Windows CE PDA (Ars Technica) SME PED devices were only NSA-approved mobile phones for classified communications
Exclusive: DOJ probes allegations that Tiversa lied to FTC about data breaches (Reuters) Federal agents are investigating whether cyber-security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection services, according to three people with direct knowledge of the inquiry
Fearing no punishment, Denver cops abuse crime databases for personal gain (Ars Technica) A nurse complained she got a phone call from an officer at a hospital crime scene
F5 ordered to compensate Radware on patent violation (GLOBES) The jury's unanimous verdict awarded Radware $6.4 million in damages, which could rise to $19.2 million
New York state man gets longest-ever sentence for supporting Islamic State (Reuters) A New York state resident was sentenced on Thursday to 22-1/2 years in prison for trying to recruit fighters to join Islamic State in Syria - the longest prison term handed out yet to an American convicted of supporting the militant group
May I Attack the Attacker? Limitations in Israeli Law on Counteroffensive Cybersecurity (Lexology) Organizations are constantly exposed to cyber-attacks
PlayStation thief busted after keeping it connected to victim’s Wi-Fi (Naked Security) A US man in Madison, Tennessee got home after a vacation last week and found his apartment had been ransacked
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, Mar 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance. What is needed is a security solution that does not increase latency and is operationally feasible.
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment
Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, Apr 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives
ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education
ASIS 15th European Security Conference & Exhibition (London, England, UK, Apr 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, Apr 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.
Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, Apr 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations
QuBit Conference (Prague, the Czech Republic, Apr 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business
CISO Dallas (Dallas, Texas, USA, Apr 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, Apr 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB.
Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, Apr 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
Security & Counter Terror Expo 2016 (London, England, UK, Apr 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Apr 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, Apr 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more.
Army SIGINT (Fort Meade, Maryland, USA, Apr 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference
CISO San Francisco (San Francisco, California, USA, Apr 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends