
ISIS inspiration & "jihadi cool." Rooting app targets Nexus Androids. Insurance & cyber standards of care.
Investigations into yesterday's jihadist massacres in Belgium are still in their early stages, and the command-and-control mechanisms the killers may have used remain matters of speculation. Newsweek describes "jihadi cool," and cautions against attributing attacks to ISIS. But ISIS has long operated, in the West, through inspiration, not direction.
Anonymous-affiliated crews New World Hacking and AnonCorruption claim they downed NASA email servers to punish NASA for keeping secrets about ISIS. But there's little evidence an attack actually occurred, and there's some possibility the hacktivists may have confused "NASA" with "NSA."
Finland's Defense Ministry sustained a distributed denial-of-service attack yesterday as Finnish President Niinistö and Russian President Putin met to discuss issues of mutual concern.
The campaign targeting Indian military personnel, "Operation C-Major," is again attributed to Pakistan.
RedTeam Pentesting reports a cross-site-scripting vulnerability in Securimage's CAPTCHA software. Securimage has patched the bug.
Zimperium finds a rooting application targeting Nexus Android devices in the wild.
Palo Alto tracks Darkleech through its evolution into Pseudo-Darkleech and beyond. Sucuri discovered Darkleech infecting WordPress sites in 2015.
Several sources report a disturbing trend—ransomware that spreads through networks to infect peripherals, including devices used to back up files.
Analysts hope cyber insurance will drive better practices and establish standards of care, but the sector remains too immature, with premiums set by the market as opposed to the risk.
It's too early to tell if Brussels killers used encrypted comms, but the November jihadists who murdered many in Paris appear not to have done so.
Notes.
Today's issue includes events affecting Belgium, Finland, France, Germany, India, Iraq, Russia, Nigeria, Pakistan, Singapore, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Jihadi Cool: Belgium’s New Extremists are as Shallow as They are Deadly (Newsweek) Anyone surprised by the murderous attack in Brussels has not been paying attention
Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers (Hack Read) Anonymous-linked hackers attack NASA’s system for allegedly keeping a huge secret
Indian Military Personnel Targeted by “Operation C-Major” Information Theft Campaign (TrendLabs Security Intelligence Blog) Are cyber-militant groups in Pakistan targeting the Indian military?
Finnish defence ministry website targeted by cyber attack (Reuters) Finland's Defence Ministry said on Tuesday its website had come under a cyber attack that forced it divert web traffic to a temporary site
Nexus Android Devices Vulnerable to Rooting Application, Permanent Compromise (Threatpost) A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android
Attackers could use Securimage CAPTCHA vulnerability to inject arbitrary JavaScript code, researchers warn (FierceITSecurity) German penetration testing firm RedTeam Pentesting has discovered a cross-site scripting (XSS) vulnerability in the Securimage CAPTCHA software, which could enable an attacker to inject arbitrary JavaScript code via a crafted URL, according to a post Tuesday on the Full Disclosure mailing list
Campaign Evolution: Darkleech to Pseudo-Darkleech and Beyond (Palo Alto Networks Blog) In 2015, Sucuri published two blog posts, one in March describing a pseudo-Darkleech campaign targeting WordPress sites, and another about its evolution the following December
Beware of Samas Attacks that Try to Encrypt an Entire Network (Legaltech News) Under this scheme, hackers break into a network, eliminate backups, and spread the infection
The Crypto Crunch – Ransomware Run Amok (South Bay Internet Solutions) The Crypto Virus is unique. It is unlike anything you have encountered in the past. Sure, other forms of malware can disrupt your Web browsing, slow your machine to a crawl or pop up an endless stream of annoying ads
Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection (KrebsOnSecurity) A Kentucky hospital says it is operating in an “internal state of emergency” after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up
Cybercriminals use FedEx delivery scam to infect victims' computers with malware, warns Comodo (FierceITSecurity) Cybercriminals have been carrying out a spear-phishing attack using malware-laden fake emails targeted at businesses that use FedEx for shipping, warned Comodo Threat Research Labs in a Tuesday blog post
CyberheistNews Vol 6 #12 Scam Of The Week: TurboTax Phishing Attack (KnowBe4) It's tax season and the bad guys are in full swing. They try to get your Accounting or HR team to send over the W-2s of all employees, but they also target employees in the office and/or at the house
Flipkart CEO's Email Spoofed, But Fraud Attempt Fails (InfoRiskToday) Report: fraudsters tried to trick CFO into transferring funds
NY: Treasure trove of Grand Street Medical Associates patient data exposed and indexed (Office of Inadequate Security) Grand Street Medical Associates is a multi-disciplinary practice in Kingston, New York. At some point, what appears to be a vast amount of their patients’ protected health information was left exposed on an unsecured FTP server
Hacker breaches USA Cycling, personal information at risk (Graham Cluley) "Umm.. Please don't mix up our password reset email with a phishing attack"
Organic Denial of Service, When DoD Isn’t an Attack (Information Security Buzz) Denial of service attacks are so common now that “DoS attack” hardly needs explanation, even to the lay person
Malicious domain name service infrastructure rebounds to near-record levels (ComputerWeekly) Infoblox calls for the US, Germany and other sources of malicious domain name service (DNS) infrastructure to improve processes for removing the threat
Cybercriminals can't find good help these days (Tech Republic) The security skills gap isn't just affecting legitimate businesses; it's also impacting the recruiting efforts of cybercriminals
Time to stash your keyless car-entry fob in with the frozen pork chops (Naked Security) If you drive a keyless car that lets you in when it picks up on your key fob’s radio signal, you’d be wise to push aside the ice cream and make room in your freezer to stash that fob
Security Patches, Mitigations, and Software Updates
Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware (Softpedia) How-to guide also included, showing sysadmins how to protect their enterprises from malicious macro malware
Cyber Trends
9 biggest information security threats through 2018 (CIO via CSO) Each year, the Information Security Forum, a nonprofit association that researches and analyzes security and risk management issues, releases its 'Threat Horizon' report to provide a forward-looking view of the biggest security threats over a two-year period. Here are the top nine threats to watch for through 2018
Loss of Customer Trust and Decreased Revenues Most Damaging Consequences of DDoS Attacks According to IT Security Pros and Network Operators (NewsChannel10) What is the most damaging consequence of DDoS attacks to businesses? Losing the trust and confidence of your customers, according to nearly half of IT security professionals participating in Corero Network Security’s (LSE: CNS) second annual DDoS Impact Survey, which was released today by the company
Employees are a huge security problem, but IT built the monster themselves, SailPoint survey says (FierceCIO) The biggest threat to a company's digital security seems to be its employees, according to the 2016 Market Pulse Survey, sponsored by SailPoint Technologies. But before the finger pointing gets underway, it appears IT departments built that monster themselves.
Ninety-seven per cent of IT professionals think standard antivirus software will stop zero-day attacks (Computing) A staggering 97 per cent of IT professionals surveyed by Computing are using standard antivirus software to stop zero-day attacks
Company policies curbing threat intelligence sharing (IT Pro Portal) Businesses love the idea of sharing information regarding data breaches among themselves, but rarely do so. Those are the results of the latest McAfee Labs Threat Report, published by Intel Security
Enterprise Cloud App Use Growing, Running Towards Compliance, Security Collision (Legaltech News) The average amount of cloud apps a global business uses rose almost 50 percent over 2015 to 917 applications
Bruce Schneier on the Integration of Privacy and Security (Threatpost) Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance
Singapore: An Emerging Target for Cyberthreats and Banking Trojans (IBM Security Intelligence) IBM X-Force researchers continuously monitor and track the activity and migration of malicious banking Trojans around the world, and they recently observed that Singapore is becoming a rising target for cybercrime
Marketplace
Bombs Exploded in Brussels as In-House Lawyers Arrived (Corporate Counsel) There were some anxious CEOs around Europe Tuesday as a group of 108 in-house counsel and compliance officers were arriving in Brussels this morning just as deadly terrorist bombs went off at the airport and a subway station, killing at least 30 and injuring at least 200
Cyber Insurance Could Drive Better Security Practices (MeriTalk) The fledgling cyber insurance industry may hold the key to improving cybersecurity practices across the nation, according to a panel of experts who testified Tuesday before a House subcommittee
Advisen Cyber Risk Panel at RSA 2016 (The CyberWire) There's a gap in knowledge and standards between the information security and insurance communities. What must happen before the cyber insurance market matures sufficiently to drive practices that reduce risk?
Execs cite regulatory change and scrutiny as greatest risk (Business Insurance) Regulatory change and scrutiny, economic conditions and cyber threats are the top risks that concern executives, according to a survey released Tuesday.
Malware explosion fuels rapid increase in network advanced-threat-protection market, says IHS (FierceITSecurity) Fueled by the marked increase in malware attacks against enterprises, the network advanced-threat-prevention market is forecast by IHS Technology to reach $1.6 billion by 2020, up from around $1 billion this year
Now Is The Time To Buy IBM Shares (Seeking Alpha) In 2016, IBM is due for a re-rating. Investors will start valuing the company as a software leader rather than a legacy hardware player. Thematically, it will become a leader in artificial intelligence, Big Data, cybersecurity and the cloud
ANALYST: Palo Alto Networks Inc (PANW) Stock Has 29% Upside (Investor Place) PANW will emerge as a dominant player in cybersecurity, says Bernstein
1 Speculative Cyber Security Stock for You to Buy (Guru Focus) Company may be good idea for long-term investors
Uber offers hackers 'treasure map' to find computer flaws (Business Insurance) Uber Technologies Inc., the high-flying transportation firm, is releasing a technical map of its computer and communications systems and inviting hackers to find weaknesses in exchange for cash bounties
MobileIron earns security certificates, FedRAMP on the way (FedScoop) The enterprise mobility management company expects the FedRAMP certification to come by the end of the year
FireEye exec defects to Cylance to lead EMEA charge (Channelnomics) New Cylance EMEA boss talks about first two weeks on the job
Products, Services, and Solutions
Cryptzone Unveils New Features of Compliance Sheriff, Enabling Accessibility Validation for Dynamic and Mobile Websites (Cryptzone) Dynamic web content, mobile web best practices, modern user interface empower companies to better manage compliance
Yahoo! JAPAN Selects A10 Networks Thunder ADC for Fast, Reliable Streaming Video (MarketWired) Leading technology company installs A10 Thunder Application Delivery Controllers for video delivery service GYAO!
Chubb launches a service to assist with ransomware attacks (Business Insurance) Chubb Ltd. said on Tuesday that its global cyber risk practice has launched a service to assist policyholders with ransom ware attacks
Facebook engages Safety Check after Brussels attacks (CSO) Tools helps users let friends know they’re safe after emergencies
Google gives away its internal $200 patch analysis tool for free (Register) BinDiff price falls and falls
Webroot's machine learning and cloud mix evolves threat intelligence (Inquirer) Clever computers can sniff out cyber threats
Ixia Announces Active Network Assessment and Monitoring Platform (BusinessWire) Hawkeye enables enterprises to maintain a high quality user application experience
Wall Streeters be warned: A CIA-backed startup could be listening to your calls (Business Insider) If you're a Wall Street trader, you'll want to be extra careful about what you say on calls and in emails going forward
Technologies, Techniques, and Standards
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous (Part 1) (Legaltech News) The threat demands action and policies consistent with the corporation’s profile and its sector's norms
Ethics: Choosing the Cloud (Legaltech News) Exploring the three main areas of ethical obligation, cost, competence, and security, and how they apply to cloud computing
Cyber Security Agency of Singapore holds first multi-sector cyberattack exercise (Straits Times) The Cyber Security Agency of Singapore carried out its first multi-sector exercise on Tuesday (March 22), in conjunction with the opening of the agency's new Cyber Forensics Laboratory
5 Ways to Ensure Secure Executive Communication (IT Business Edge) As you work to create a strong information security posture for your organization, it is important to consider the security framework surrounding executive communication with each other, the board of directors and even third-party partners
Design and Innovation
With Machine Learning, Microsoft Takes Holistic Approach to Security (Redmond Channel Partner) CEO Satya Nadella's $1 billion security initiative yields fruit with the Azure Security Center, powered by the technology behind Azure Machine Learning
Blockchain on the government horizon (GCN) Blockchain technology, which promises a radically new way of securely completing transactions between various parties, is starting to attract government’s attention after industry moves to build a base for future applications that use the technology
Tor Project exploring ways to keep its software and users safe (Help Net Security) In view of the recent legal battle between the FBI and Apple regarding phone encryption, and this article revealing that there have been many instances where the US Department of Justice demanded source code and private encryption keys from tech companies, the Tor Project decided to voice their support for Apple, and to outline their current protections against their software being backdoored, as well as their active work on adding new ones
How manufacturers can improve the security of Internet of Things devices (Beta News) The security of the Internet of Things is fundamentally broken
Legislation, Policy, and Regulation
Belgium faces renewed questions on backing for security services (Financial Times) In January last year, Belgium’s politicians were poised again to squeeze the intelligence service’s budget
Brussels attacks show how presidential candidates differ on security (Christian Science Monitor Passcode) Statements made after the Brussels attacks by Ted Cruz, Bernie Sanders, and others give insight into their vision for fighting terrorism
The Investigatory Powers Bill - it's time to take a closer look (Graham Cluley) The so-called 'Snooper's Charter' is being rushed through the UK Parliament
Collaboration Critical to Fight Cyberwar (InfoRiskToday) Risk Resources' Varshney on importance of public, private partnership
PM's cyber security plan to target terrorists, criminals and spies in cyberspace (Financial Review) An aggressive new plan to deter the escalating rate of criminal and state-sponsored cyber attacks targeting Australia's critical infrastructure will be launched within weeks
Nigeria’s “frivolous” anti-social media bill just won’t go away (Quartz) Facebook, Twitter and other social media platforms, played an influential role in driving transparency and change during Nigeria’s elections last year, as citizens shared images of verified results from polling units around the country ahead of formal results being announced
NSA is not 'intentionally looking' for Americans, says agency's privacy officer (SC Magazine) The National Security Agency's privacy and civil liberties director Rebecca Richards said the agency is not “intentionally looking for U.S. persons”
Blog: Air Force 'Already at War in Cyber' General Tells Symposium (SIGNAL) While technology helped propel the U.S. military to outshine just about every adversary, failing to safeguard key developments just might lead to its downfall, warned Maj. Gen. Jerry Harris, USAF, vice commander of Air Combat Command at Langley Air Force Base in Virginia
Blog: There's Money to Fund Cyber-For Now (SIGNAL) Cyber right now is the the cat’s meow—a notion sure to keep funding flowing for technological solutions, at least in the near term, to counter the emerging threats, according to Col. Gary Salmans, USAF, senior materiel leader of the Cryptologic and Cyber Systems Division within the Air Force Materiel Command
New Freedom of Information Act Request Documents Released by ODNI (IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available to the public, as reflected in the recently released Third National Action Plan for Open Government
Litigation, Investigation, and Law Enforcement
What Role, If Any, Did Encrypted Communications Play in Deadly Brussels Attacks? (Legaltech News) After several recent attacks, federal officials and police officers have repeated requests that they be given access to encrypted communications
Brussels attacks show that terrorists can strike with impunity (Financial Times) The surveillance problems can no longer be described as Belgian alone, writes Raffaello Pantucci
Report: Encryption wasn't key to carrying out Paris attacks (FierceGovernmentIT) The still-locked, encrypted iPhone of the terrorist in the San Bernardino attack has become the star of the encryption debate – not to mention the legal battle between Apple and the FBI – but it turns out that extremists aren't just using readily available, legal encryption technology on mobile devices to conceal messaging
French Police Report On Paris Attacks Shows No Evidence Of Encryption... So NY Times Invents Evidence Itself (TechDirt) Over the weekend, the NY Times ran a big article providing a bunch of details about the Paris attacks from last year, now that the lone surviving member of those attacks has been captured in Belgium
If the FBI found its own iPhone backdoor, should it show Apple? (ZDNet) Analysis: Using a zero-day flaw to bypass an iPhone's security is still a backdoor. With the potential to affect hundreds of millions of iPhone owners, will the FBI keep the flaw to itself?
Anonymous's 'total war' on Trump raises questions of jurisdiction (Federal Times) On March 15, the group known as Anonymous declared cyber war on the Donald Trump campaign
U.S. charges three suspected Syrian Electronic Army hackers (Washington Post) The U.S. government has brought criminal charges against three alleged members of the Syrian Electronic Army — a hacking group that supports embattled Syrian President Bashar al-Assad — for a years-long campaign of digital attacks. One of them is now in German custody
Former State Dept. employee sentenced for hacking, cyberstalking, 'sextortion' (FierceGovernmentIT) 36-year-old Michael C. Ford of Atlanta, Ga., was sentenced yesterday to 57 months in prison for a far-reaching scheme that involved email phishing, hacking and cyberstalking. The case involved hundreds of victims both in the United States and internationally
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
SANS Boston 2016 (Boston, Massachusetts, USA , Aug 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Upcoming Events
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
SANS Atlanta 2016 (Atlanta, Georgia, USA, Apr 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment
Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, Apr 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives
ISC West 2016 (Las Vegas, Nevada, USA, Apr 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education
ASIS 15th European Security Conference & Exhibition (London, England, UK, Apr 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, Apr 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.
Rock Stars of Risk-based Security (Washington, DC, USA, Apr 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.
Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, Apr 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations
QuBit Conference (Prague, the Czech Republic, Apr 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business
CISO Dallas (Dallas, Texas, USA, Apr 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, Apr 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.
Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, Apr 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB.
Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, Apr 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
Security & Counter Terror Expo 2016 (London, England, UK, Apr 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Apr 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, Apr 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more.
Army SIGINT (Fort Meade, Maryland, USA, Apr 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference
CISO San Francisco (San Francisco, California, USA, Apr 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
CISO Houston (Houston, Texas, USA, Apr 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends