The CyberWire Daily Briefing 04.29.16

Cyber Trends

Verizon’s 2016 Data Breach Investigations Report finds cybercriminals are exploiting human nature (Verizon) Cybercriminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, finds the Verizon 2016 Data Breach Investigations Report

Data Breaches Aren’t Just an IT Issue (Harvard Business Review) You don’t see it coming. You don’t know who’s behind it. And you probably won’t even know you’ve been affected until it’s too late to prevent significant damage to your company’s finances, operations, and reputation

The Morning After: What Happens to Data Post Breach? (Dark Reading) We need consumers and businesses to not simply shrug off data breaches but to take active measures to protect their data. We are hopeful that new insights will provide a compelling answer to the question "So what?"

Building a Resilient Cyber Ecosystem to Combat Threats (InfoRisk Today) TCS' Singh on coping with the changing threat landscape

1 in 10 people have posed as someone else online (Help Net Security) Our need for ease and convenience is putting our digital identities and security at risk. A new BehavioSec report finds that 37% of us have shared our personal security data with a friend or partner. Of this group, 87% said that they trust the recipient with this information

Government Cybersecurity Performance, Confidence Bottoms Out (Dark Reading) In the wake of OPM and other big gov breaches, government cybersecurity performance scores and employee confidence ratings sink through the floor

10 Newsmakers Who Shaped Security In the Past Decade (Dark Reading) In celebration of Dark Reading's 10th anniversary, we profile ten people whose actions influenced and shaped the trajectory of the industry - for better or for worse -- in the past ten years

Latin America: The New Frontier for Cyber Attacks (Cipher Brief) Latin America and the Caribbean (LAC) is the new frontier for cyber attacks, a crime that costs the world up to $575 billion a year, according to a joint study by the Center for Strategic Studies and McAfee. In LAC alone, the cost is estimated at about $90 billion per year

Legislation, Policy and Regulation

India has tremendous scope to enhance its cybersecurity readiness (Tech2) Leaders of the world today have an additional challenge to worry about – cybersecurity. With cyber attacks getting bigger, stronger and smarter, no country can afford to ignore this looming threat

IAITAM: U.S. Companies Need to Gear Up Now for New EU Data Privacy Regulations (International Association of Information Technology Asset Managers) Thousands of American companies that do business in Europe directly or online with European customers will need to start reckoning with data privacy regulations enacted this month by the European Union (EU) that are due to go into full effect in just two years, according to the International Association of Information Technology Asset Managers, Inc. (IAITAM)

Top 10 operational impacts of the GDPR (International Association of Privacy Professionals) The new General Data Protection Regulation (GDPR), put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December, is set to replace the Data Protection Directive 95/46/ec. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018. In this 10-part series, the IAPP outlines specific provisions of the regulation

EU National Data Protection Regulators Raise Privacy Shield Concerns (Squire Patton Blogs) The Article 29 Working Party (WP29) has delivered a non-binding opinion on the EU-U.S. Privacy Shield which, though critical of the proposed package, leaves open the possibility that a version of the proposed framework will be blessed by the EU Commission

Councils must prepare cyber security strategies in face of growing attack threats (Public Sector Executive) Hackers will be increasingly likely to target local government, who needs to be involved in preparing national cyber security strategies, Socitm has warned in a new policy briefing

Dem rallies opposition to new fed hacking powers (The Hill) A key senator is trying to block the Justice Department's request to expand its remote hacking powers, after the Supreme Court signed off on the proposal Thursday

Defense authorization bill would elevate Cyber Command (The Hill) A defense authorization bill that cleared a House committee early Thursday would elevate U.S. Cyber Command and launch a review into whether the agency should still be run by the National Security Agency (NSA) head

Long and Matsui Introduce Bipartisan Solution to Improve HHS Cybersecurity (US House of Representatives Energy and Commerce Committee) Legislation empowering top HHS cybersecurity officer follows Committee investigation on agency’s cyber breaches

Senate committee leaders ask OMB to update 15-year-old cyber policy (SC Magazine) In a letter to the Office of Management and Budget (OMB), Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and ranking member Sen. Tom Carper (D-Del.) asked the agency's director Shaun Donovan to complete changes to a privacy and cyber policy framework. The current framework, called Circular A-130, which has not been updated in 15 years, has slowed federal agencies from responding effectively to cyber threats, the lawmakers said

The NSA has no idea how many Americans it’s spying on (Quartz) The National Security Agency (NSA) is watching the electronic communications of hundreds of millions people, allegedly to find foreign threats. But before Congress reauthorizes laws allowing this, it has a question: How many Americans are caught up in the government’s digital dragnets?

Products, Services, and Solutions

Cylance shows first ever live ransomware prevention demo (ETCIO) Ransomware is one of 2016’s most challenging cyber threats and Cylance is demonstrating its anti-ransomware capabilities during the tour

Trend Micro Rated “Best Antivirus Software” by AV-TEST Institute (TechTree) Trend Micro Internet Security 2016 receives Top Product Certificate from AV-TEST Institute

Intelligent automation systems spark Accenture, Splunk pact (TechTarget) Accenture, a global professional services firm, has entered a formal alliance with Splunk to tap the company's operational intelligence products and services

MSPAlliance Names RapidFire Tools Best MSP Solution in the MSPWorld Cup Awards, Recognizing Its Support for the MSP Model (MarketWired) Network Detective Is acknowledged for its ability to help MSPs gain revenues and grow business through effective IT assessments & reporting

IBM MaaS360 bets big in revamp to “massively reimagine EMM” (Apps Tech News) Enterprise mobility management (EMM) provider IBM MaaS360 has announced a revamp of its productivity apps, enabling users to switch seamlessly between email, calendar and documents among others

Palo Alto Networks Named A Leader In Automated Malware Analysis Report (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that its WildFire™ offering was recognized by Forrester® Research as a leader among automated malware analysis providers

Fortinet unveils 'security fabric' for distributed security in an IoT world (ChannelLife) Fortinet has unveiled its security fabric, which it says will arm global enterprises with pervasive, adaptive cybersecurity from IoT to cloud networks

Varonis to Stifle Ransomware With New Threat Models (Cybersecurity Investing News) Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today announced the beta availability of more than 20 new threat models and enhanced discovery capabilities from its behavior research laboratory, allowing organizations to analyze and detect attacks, insider threats, breaches and new variants of ransomware before damage can be inflicted

Microsoft's Azure ML cloud-based machine learning gets security and privacy certifications (V3) Microsoft has declared that its Azure ML service for predictive analytics with machine learning has achieved certification for security and privacy standards including ISO 27001 and the EU Model Clauses, a move designed to reassure potential enterprise users that their data will be safe

Technologies, Techniques, and Standards

Securing NPCI's Unified Payment Service Against Online Fraud (InfoRisk Today) Banking CISOs have a huge task ahead in ensuring seamless secure transactions

How to Distinguish Between Advanced and Garden-Variety Attacks (Recorded Future) The following interview is with Christopher Pierson and is from our Threat Intelligence Thought Leadership Series. Christopher is currently EVP, Chief Security Officer and General Counsel for Viewpost

How To Stay Secure At The Hotel On A Business Trip (Dark Reading) As POS malware attacks on hotels increase and threat actors target executives, traveling for business puts company data at risk

6 Reasons ISPs Must Step Up Defenses Against DDoS Attacks (Dark Reading) Conducting a DDoS attack used to require a significant amount of talent. But today, a high school student with basic hacking skills can access tools that will challenge even the most experienced ISP security teams

Marketplace

BlackBerry's Turnaround CEO Dials Up Cybersecurity, And It Answers (Forbes) BlackBerry executive chairman and CEO John Chen took a battered smartphone brand and turned it into a hot and innovative cybersecurity company

Symantec Slashes Quarterly Guidance; CEO to Step Down (Wall Street Journal) Ajei Gopal named interim president, operating chief

Symantec CEO Mike Brown ousted after nasty numbers (Register) Board says with Veritas gone, its time for pure-play security CEO

Gigamon Reports First Quarter 2016 Financial Results (PRNewswire) Record revenue delivers 43% year-over-year growth. Results driven by strong demand for both Security and Mobility solutions

Evident.io Secures $15.7 Million in Series B Funding (MarketWired) Venrock leads the round; Doug Dooley joins board; Jeff Williams leads sale

Ridge Global and OptioLabs Partner to Offer Effective Cybersecurity Products and Solutions (OptioLabs) Tom Ridge, first U.S. Secretary of Homeland Security and former Governor of Pennsylvania joins OptioLabs Board of Advisors

Research and Development

Computer Scientist Earns Prestigious ACM Award for Encryption Achievement (College of Natural Sciences, University of Texas at Austin) Brent Waters of The University of Texas at Austin has been selected to receive the Grace Murray Hopper Award from the Association for Computing Machinery (ACM). This award recognizes the outstanding young computer professional of the year for a recent major technical or service contribution that was made at 35 years of age or less

NIST Kicks Off Effort to Defend Encrypted Data from Quantum Computer Threat (Imperial Valley News) If an exotic quantum computer is invented that could break the codes we depend on to protect confidential electronic information, what will we do to maintain our security and privacy? That's the overarching question posed by a new report from the National Institute of Standards and Technology (NIST), whose cryptography specialists are beginning the long journey toward effective answers

Why quantum cryptography could be a one-way street (Physics World) A curious type of nonlocal phenomenon known as one-way quantum steering has been demonstrated experimentally for the first time by two independent groups of physicists. This phenomenon is similar to quantum entanglement but applies when one of the two parties sharing a quantum state does not trust the source of quantum particles. The researchers say their work could help to broaden applications of quantum cryptography

Security Patches, Mitigations, and Software Updates

Finance bods SWIFT to update after Bangladesh hack (Register) But infosec folk say full revamp needed

NTP-4.2.8p7 (NTP Support) NTP-4.2.8p7 was released on 26 April 2016. It addresses 11 low- and medium-severity security issues, 16 bugfixes, and contains other improvements over 4.2.8p6. NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38

Cyber Attacks, Threats, and Vulnerabilities

Pro-ISIS hackers: Tactics, methodology and tools (Help Net Security) While the threat that emanates from ISIS-inspired cyber attacks is of high concern, especially in light of the formation of a new United Cyber Caliphate composed of previously disparate pro-ISIS hacking collectives, these hacking groups still operate unofficially and remain poorly organized and are likely underfunded, according to Flashpoint

ISIS cyberattack capabilities are unorganized, underfunded -- for now (IDG via CSO) Pro-ISIS hackers are largely unsophisticated, but they are looking for experts, Flashpoint says

ISIS hacking groups merge as United Cyber Caliphate, but don’t worry too much (Digital Trends via Yahoo! Tech) ISIS is organizing its cyber efforts, and might move on from amateur attacks to serious recruitment of black hat hackers

ISIS and the ‘Loser Effect’ (Atlantic) Could the Islamic State's recent failures signal its demise?

Pentagon Working to 'Take Out' Islamic State's Internet (Agence France Presse via SecurityWeek) The US military's secretive Cyber Command (CYBERCOM) is working to destroy the Islamic State group's Internet connections and leave the jihadists in a state of "virtual isolation," Pentagon chiefs said Thursday

ISIS reveals how Jihadi John evaded security en route from UK to Syria (Fox News) ISIS executioner Jihadi John easily dodged British authorities, riding in the back of a truck to exit the UK before boarding a flight in Belgium -- despite being on a terror watch list -- according to a chilling account by a jihadist who traveled with him through six countries before reaching Syria

Panama Papers: Soon searchable by everyone thanks to the cloud (Computerwoche CSO) How did journalists organize and analyze 2.6 terabytes of data?

Cisco Finds Backdoor Installed on 12 Million PCs (SecurityWeek) UPDATED. Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC

The "Wizzards" of Adware (Talos Blog) Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosure. This software exhibits several questionable behaviors including

Google Play infested with cash-stealing web apps (Register) Simple HTML scams look to be sneaking through the app inspection process

Android infostealer posing as a fake Google Chrome update (Zscaler) Our research team has recently seen a large amount of activity in our cloud related to an Android infostealer disguised as a Google Chrome update

Waze Navigation App Vulnerable, Allow Hackers to Spy on Users (HackRead) Waze is a well-known and widely used navigation app developed and owned by Google. It is in use by literally million of drivers because it helps in identifying the most appropriate, safe and fastest route to any destination. However, according to the latest research by the University of California-Santa Barbara people relying upon this app for navigational purposes might be at the risk of being stalked by malicious actors

Slack API Credentials Left in GitHub Repos Open New Door for Corporate Hacking (Softpedia) Careless developers from companies around the world have forgotten to remove sensitive API access tokens from Slack bots uploaded on GitHub, security researchers from Detectify Labs reported today

Slack bot developers were unwittingly leaking sensitive corporate data (Quartz) Developers at major businesses who build apps for the instant-messaging platform Slack have unwittingly exposed key information like chat logs, direct messages, and passwords by recklessly sharing their programs in public

Slack bot token leakage exposing business critical information (Detectify Labs) TL;DR, Developers are leaking access tokens for Slack widely on GitHub, in public repositories, support tickets and public gists. They are extremely easy to find due to their structure. It is clear that the knowledge about what these tokens can be used for with malicious intent is not on top of people’s minds…yet. The Detectify team shows the impact, with examples, and explains how this could be prevented

Ransomware is everywhere, but even black hats make mistakes (We Live Security) Ransomware is everywhere. At least that might be the impression left by a seemingly endless stream of news reports on recent cyberattacks. Well, there were several (good) reasons why criminals have made it all the way to the front page

Spike in ransomware attacks as malicious code spreads (Charity Digital News) Security firm ESET has revealed that ransomware accounted for a quarter of the threats aimed at UK computer users over the past week

IT Security Firm ESET Issues New Survey Revealing Public's Knowledge and Attitudes About Ransomware (PRNewswire) ESET®, a global pioneer in IT security for more than two decades, released findings from a survey today that illustrates attitudes and knowledge individuals have about ransomware, a proliferating malicious software that holds files hostage until a ransom is paid

Encrypted Network Traffic Comes at a Cost (SecurityWeek) The use of encryption over the Internet is growing. Fueled by Edward Snowden's revelations on the extent of NSA and GCHQ content monitoring, encryption is now increasingly provided by the big tech companies as part of their standard product offerings. It's effectiveness can be seen in the continuing demands by different governments for these same tech companies to provide government backdoors for that encryption. Encryption works: it safeguards privacy

Vulnerability in Java Reflection Library Still Present after 30 Months (InfoQ) In 2013, security organization Security Explorations discovered a security vulnerability in Java 7u25 by which an attacker could completely escape the Java sandbox. Oracle released a patch in update 7u40, but as Security Explorations announced earlier this year, the patch only addressed the proof of concept, and a simple code modification still exposes the vulnerability. Oracle has released three new versions of Java since the vulnerability was rediscovered, but none have addressed the issue, and subsequent investigation has revealed that the vulnerability is even more severe than initially reported

Dental Assn Mails Malware to Members (KrebsOnSecurity) The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide

Understanding EdgeHTML’s Attack Surface and Exploit Mitigations (IBM Security Intelligence) EdgeHTML is the rendering engine of the Edge browser in Windows 10. It is a fork of the MSHTML/Trident rendering engine currently used in Internet Explorer. The forking was done to support modern Web standards and remove legacy code

What the Tech: Cybercrime Black Market (Texoma's Homepage) The place hackers go to buy stolen information is slashing prices

IBM researcher: 'Mobile malware marketplace' is heating up (FierceWireless) But just how big a threat that is to U.S. consumers is still unclear

Security pros concerned about Facebook payment expansion (CSO) Experts have concerns about Facebook's move to allow retail payments

Academia

NSA lauds The Citadel for cybersecurity training (Post and Courier) As a computer science intern at the Department of Homeland Security this spring, Citadel junior cadet Anthony Zovich said he helped make a little tweak that solved a big problem

AFA's CyberPatriot Names Lee's Summit R-7 School District CyberPatriot Center of Excellence (PRNewswire) The Air Force Association's CyberPatriot program has announced Lee's Summit R-7 School District as its eighth CyberPatriot Center of Excellence

Sandia National Laboratory looks for the next cyber warriors (KRQE News 13) Terrorism comes in many forms, one of the most destructive can be in the form of a cyber attack. Sandia National Laboratories in Albuquerque deals with those types of attacks all the time. They’re looking for the next generation of brilliant minds to protect computers, right here in New Mexico

Litigation, Investigation, and Enforcement

Gamekeeper turns poacher? The ex-Tor developer who unmasked Tor users for the FBI (Naked Security) We feel a bit sorry for Matt Edman at the moment. He’s a computer scientist and security researcher currently working in the private sector

Former Tor developer created malware for the FBI to hack Tor users (Daily Dot) How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside

3 Tied to San Bernardino Gunman Are Indicted (New York Times) The investigation into the San Bernardino massacre produced criminal charges on Thursday against the brother of one of the attackers and two other people — not for contributing to the mass shooting, but for their roles in a sham marriage designed to skirt immigration laws

Arrested brother of San Bernardino shooter is decorated Navy veteran (Los Angeles Times) Syed Raheel Farook, a Navy veteran and brother of San Bernardino shooter Syed Rizwan Farook; along with his wife, Tatiana Farook; and her sister Mariya Chernykh were arrested Thursday and charged in a five-count indictment that focuses on allegations of a fraudulent marriage

Three More People Charged With Terrorism Offenses in Britain (Wall Street Journal) Suspects detained in investigation with French and Belgian authorities into possible U.K. links to recent Paris, Brussels attacks

Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ (Politico) Damning report into Belgian response to Paris attacks shows sloppiness and lack of resources

Global Impact: China's ZTE Added to BIS Entity List but Granted Temporary Export License (Lexology) On March 8, 2016, the United States Commerce Department's Bureau of Industry and Security (BIS) published a notice in the Federal Register announcing that China's ZTE Corporation (ZTE), along with three of its affiliates, were added to the Entity List for attempting to circumvent US export control laws and reexporting US origin items to Iran in violation of US law

Estonian man gets over 7 years in prison for role in global DNS hijacking botnet (IDG via CSO) Vladimir Tsastsin was one of seven individuals behind a $14 million click fraud operation that used the DNSChanger botnet

Child porn suspect jailed indefinitely for refusing to decrypt hard drives (Ars Technica) Man to remain locked up "until such time that he fully complies" with court order

Cop Exploited iPhone App to Secretly Watch Mom Breastfeeding (HackRead) Baby monitors have been in trouble lately and this new incident has re-established the fact that one needs to be very careful while using these devices. — In the latest occurring, a cop has been accused of virtually sneaking into the private moments of a mother and her infant while she was busy breastfeeding her newborn

Design and Innovation

The Security Industry Needs Its John Snow (Digital Guardian) The recently released Verizon Data Breach Investigations Report (DBIR) is one of our best sources of information on breaches and other malicious activity – it is also woefully inadequate to the task

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

upcoming Events

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond. Enhancing security, resiliency and reliability of a nation’s / organisation's cyber and communications infrastructure is a challenge that must be met, attendance of the 3rd Annual Cyber Security Convention 2016 will equip participants with a comprehensive range of clarifications and solutions.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect time to take the next step in your career. Cybersecurity is more vital, crucial, and important to the growth of your organization than ever before. Join us at SANS Security West 2016 to gain the skills and knowledge to help your organization succeed

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s trade exhibition will showcase over 300 cutting edge organisations, furnishing attendees with insights into the latest business technology innovations.

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce personnel only. Industry is encouraged to participate through the exposition and on the day of the exposition industry may attend sessions based on availability of space. The 2016 NOAA IT Security Conference will be hosted by the Chief Information Security Officer (CISO) at NOAA. The CISO from Department of Commerce, Mr. Rod Turk will be keynoting this event. The format will include briefings from various NOAA components and industry leaders.

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers.

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May 5th. The Cybersecurity Summit is an opportunity for government and business executives to learn about the threats, vulnerabilities, and consequences related to data security and privacy matters