The CyberWire Daily Briefing 05.17.16

Summary

By The CyberWire Staff

The US General Services Administration publishes an IG report detailing what it calls a mistake, not a breach. A Slack misconfiguration could potentially have exposed personally identifiable information and contractor proprietary information, but GSA says such data appear not to have been compromised.

ISIS shifts its online recruiting strategy in Central Asia, and continues to draw information ops fodder from Sykes-Picot.

FireEye warns that maliciously crafted Microsoft Office files are serving as vectors for the recently patched Flash zero-day.

A Google Project Zero bug hunter reports a memory exploitation vulnerability in Symantec’s core Antivirus Engine.

Clickjacking, says Skycure, afflicts most older Android devices. Privilege escalation is among the risks the vulnerability poses.

A click-fraud botnet, Btidefender reports, is using the Redirector.Paco Trojan to afflict “AdSense-like programs.” The principal victims of clickfraud are, of course, advertising budgets and the companies who burn through them on the strength of bogus interactions.

enSilo analyzes “Furtim,” “stealthy,” “paranoid” malware now circulating in the wild. The exploit was recognized by a researcher known by the handle “@hFireFox.” Furtim is noteworthy for the large number of checks it makes for AV measures. Its servers also send the malicious code only once. (The payload has three elements: a power configuration file, Pony infostealer, and a third, as yet unknown bit of malware.)

Observers continue to look at the SWIFT funds transfer system. Some conclude its security procedures need an overhaul.

Barron’s suggests Cisco’s forthcoming guidance may disappoint. Avanan and illusive both announce new rounds of venture funding.

Notes.

Today's issue includes events affecting Afghanistan, Algeria, Australia, Brazil, Germany, Greece, India, Iraq, Italy, Kyrgyzstan, Kazakhstan, Malaysia, New Zealand, Nigeria, Pakistan, Russia, South Africa, Syria, Tajikistan, Turkmenistan, United Kingdom, United States, and and Uzbekistan.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our research partners at Level 3, whose Dale Drew talks about what can be seen from a backbone provider's vantage point. And we'll also speak with Yong-Gon Chon, CEO of Cyber Risk Management, who describes the ways in which many companies tend to overreact to a security incident. (Remember, if you like what the Podcast, please consider giving it an iTunes review.)

Sponsored Events

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

Top 20 risk factors for retailers (Help Net Security) According to BDO’s analysis of risk factors listed in the most recent 10-K filings of the 100 largest US retailers, risk associated with a possible security breach was cited unanimously by retailers, claiming the top spot, up from the 18th spot in 2007

Security spending rises in areas ineffective against multi-stage attacks (Help Net Security) Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR). This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances

Most organizations can’t protect digital information in the long-term (Help Net Security) New research has revealed that the majority of organizations do not have a coherent long-term strategy for their vital digital information even though virtually all of them (98%) are required to keep information for ten years or longer

Tech Trends: Cyber Vulnerabilities Galore (Security Info Watch) In March I attended for the first time in five years the RSA Conference, the world’s largest cyber security conference, with nearly 40,000 people attending. Sadly, representation from our industry was noticeably lacking and many security people I have spoken to have never even heard of this important event

Taking no compromises when it comes to security (IT Pro Portal) Security stories are everywhere at the moment, so we spoke to Mark Valentine, head of information at car dealership Lookers, to discuss the current security landscape and issues around data protection

It's about time Australian businesses invested in cyber security (Security Brief) Cyber crime costs Australia upwards of a billion dollars every year, and many large companies have been the target of malicious attacks, including Kmart, David Jones, the Australian Bureau of Meteorology, The Royal Melbourne Hospital and Australian Government Parliamentary Services

Legislation, Policy and Regulation

The Cyber Threat: Government Debates Cyber Counterattacks as Chinese Attacks Continue Unabated (Washington Free Beacon) Recent talks with Chinese delegation achieve little progress

DOD report on China details escalation in the cyber domain (Defense Systems) The United States has put a lot of emphasis lately on the importance of cyberspace as a domain of warfare. China is doing the same

British Spy Agency GCHQ Joins Twitter (PC Magazine) The Government Communications Headquarters is the first UK Intelligence Agency to join the social network

Presidential Cybersecurity Panel Hears Blockchain Testimony By IBM (CoinDesk) A panel on national security and cyberspace appointed by President Barack Obama heard testimony on blockchain technology from a representative of IBM earlier today

Needed: More Snowdens - Ex-intel analyst (USA Today) He made my job harder and most of my military colleagues hated him. But he did the right thing

Cyber Command Focused on ‘Speed, Agility and Precision’ (Seapower) Commanders know they no longer should assume that they possess a cyber capability greater than their potential adversaries. Less clear is how they should adapt to this change. The Fleet Cyber Command has the answer

Products, Services, and Solutions

Trusona Announces World's First Insured Authentication (Marketwired) Trusona, the category-defining identity and authentication platform for the world's most critical and sensitive Web and mobile transactions, today announced that its unique authentication platform and federated identity solution for the enterprise is now insured by an A+ Rated insurance carrier. The insurance approval of Trusona's technology follows rigorous and broad security testing conducted by one of the world's premier cybersecurity and forensics firms, Stroz Friedberg. Insurance for Trusona's solution is available for up to $1,000,000 coverage per transaction

EventTracker Adds Unlimited Acquisition Model for Log Manager (Virtual Strategy Magazine) EventTracker, a leading provider of comprehensive and co-managed SIEM solutions, today announced a new unlimited acquisition model for its EventTracker Log Manager offering. Available immediately, customers can now purchase EventTracker Log Manager for an unlimited number of log sources per year

Digital Shadows Helps Organizations More Quickly Identify and Mitigate Systemic Security Weaknesses (KTVN) Credential compromise and typosquatting identification, and new topical research reports, provide security teams with relevant analysis critical to security decision making

Microsoft Broadens Preview of Windows 10 Security Service (Redmond Channel Partner) Windows 10's new Windows Defender Advanced Threat Protection service, which Microsoft unveiled in March, is now available to a larger audience to try out

Kaspersky launches new solution to combat targeted attacks (Khaleej Times) The Kata Platform analyses data collected from different points of the corporate IT infrastructure

BAE Systems and Fujitsu Collaborate on Cyber Threat Intelligence Sharing (BusinessWire) BAE Systems and Fujitsu of Japan have implemented a new cyber threat intelligence sharing solution that will enable company analysts to easily review intelligence, modify their security settings to their respective networks, and adjust what types of intelligence they wish to share with their partners

Equifax and BAE Systems launch anti-financial crime package (Finextra) Business insights expert Equifax and BAE Systems, cyber security and anti-financial crime specialists, are launching the Equifax Watchlist Check to help companies fight money laundering and terrorist financing

NeverBounce.com Introduces a System to Avoid Information Hacking (Digital Journal) According to NeverBounce.com, protecting email and social networking accounts is an easy task. However, the large majority of email users opt to take it for granted. To aid with this, NeverBounce.com simplifies the methods that they find useful and divide it into two steps: to test email address and to use virtual private network (VPN)

Invincea Debuts New Invisible Endpoint Security Agent (eWeek) X was developed independently to secure enterprise endpoint devices by combining deep learning with behavioral monitoring in one lightweight agent

PhishMe Helps SMBs Avoid Falling Victim to Ransomware (IT Business Edge) By now, most organizations are at least familiar with the concept of “ransomware”: cybercriminals using social engineering to fool unsuspecting end users into downloading malware that winds up encrypting all of their data and then demanding a ransom in return for the keys needed to de-encrypt that data

Security vendor offers free checkup (Business IT) If you've ever wondered whether your business's IT security practices are adequate, Check Point will set your mind at ease or indicate where improvements are needed

Technologies, Techniques, and Standards

Cyber attack attribution: Strategies and tools for business organizations (Economic Times) Attack Attribution is all about finding out the entity that has successfully breached your cyber defences. This is an important consideration for forensic investigators, intelligence analysts, and national security officials

Giving Red-Teamers the Blues (Threatpost) Pen-testing engagements are generally a breeze for most red-teamers; roadblocks are few, despite the ones in place being expensive and often paid for by very large companies

My anti-virus is up to date so I am protected, right? (Naked Security) The world of malware was a lot simpler 20 years ago

What’s The Deal With Scanning Engines? (F-Secure) People (such as tech journalists and product reviewers) often ask us how our scanning engines work, and what the difference is between signature engines and other types of scan engines. In fact, we were asked such a question just last week. So, let’s explore the topic in-depth

Interconnectivity Put to Good Use (Security Info Watch) As security professionals continue to evolve systems and operations from being reactive to proactive, the concept of predictive analytics is quickly gaining traction

Common Misconceptions About Machine Learning in Cybersecurity (Information Management) Machine learning has never been more accessible than it is right now. Amazon utilizes it to uncover shopping habits and Netflix uses it to propose personalized movie selections

A Holistic Approach to Cybersecurity; Technologies, Process, & People (Bizcatalyst 360) In the past, much of the cybersecurity focus and activities by both industry and government have been reactive to the latest threat or breach. That trend appears to be changing from reacting to being more proactive. That is a good thing

Marketplace

Cisco Systems Could Disappoint With Guidance (Barron's) The networking company has been executing well but in a mixed spending environment it could guide below consensus estimates

Avanan Raises $14.9 Million Series A Financing Round (BusinessWire) Avanan, a cloud security innovator, today announced that it has raised $14.9 million in Series A financing. Greenfield Cities Holdings, L.P. (GFC), a TPG Growth portfolio company, led the round, with participation from both of Avanan’s existing investors, Magma VC and StageOne Ventures. The round brings the company’s total capital raised to $16.4 million and will allow Avanan to support its rapidly growing customer base and the fast pace of market adoption

illusive networks Announces Series B Funding Extension (Broadway World) illusive networks, a cybersecurity company at the forefront of deception technology, today announced extending the Series B funding to $25M by investors New Enterprise Associates (NEA), Bessemer Venture Partners, Cisco Investments, Marker LLC, Citi Ventures, and Eric Schmidt's Innovation Endeavors

Portland tech firm Galois spins out new company to make elections more secure (Portland Business Journal) Portland computer science research and development firm Galois is taking aim at election security with its latest spin-off, Free & Fair

Q&A: Driving growth in the application security market (IT Pro Portal) WhiteHat Security – an ethical hacking company – is 15 years old this year and is now experiencing something of a teenage growth spurt, both in terms of customers and headcount

Verizon Communications Inc Gets Sandwiched Between On-Strike and Shadow Workers (Business Finance News) Verizon agreed to renegotiate with the unions upon the request of Department of Labor Secretary Thomas E. Perez

CYREN Announces Office Expansion and Executive Management Appointments (PRNewswire) CYREN (NASDAQ: CYRN) today announced the expansion of its sales and support footprint with additions to its executive management team and a new enterprise sales office

Cybersecurity Firm Pwnie Express To Expand in Boston and Burlington (Seven Days) Protecting customer and employee data against cyber attacks is increasingly challenging. That’s bad news for the government and for corporate America, but good news for Boston-based Pwnie Express

Kroll Appoints Four New Directors in Growing Cyber Practice (BusinessWire) Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of four new Directors in its Cyber Security and Investigations practice – Devon Ackerman, Mari DeGrazia, Ron Dormido, and Ray Manna

Tempest Security Intelligence expands London office (Channel Biz) Company already supports customers like Tesco and Guardian News & Media

Ignition turns key on three more security channel partners (Channel Biz) Cato Networks, Digital Guardian and WhiteHat Security now join the distie’s fold alongside growing firm Cylance

INSA Names Suzanne Wilson-Houck Organization’s First COO (Washington Exec) Intelligence and National Security Alliance (INSA) announced May 13 the appointment of Suzanne Wilson-Houck as the company’s first Chief Operating Officer

Research and Development

MIT, Lockheed Martin launch long-term research collaboration (MIT News) Initial focus will be on transformative technologies, autonomy, and robotics

Security Patches, Mitigations, and Software Updates

OS X 10.11.5 and iTunes 12.4 updates bring security and usability fixes (Ars Technica) El Capitan receives what will likely be its last major update ahead of WWDC

iOS 9.3.2 is here, fixes iPhone SE Bluetooth problems and other bugs (Ars Technica) tvOS 9.2.1 and WatchOS 2.2.1 are also here

Motorola Droid Turbo Awaits Android Marshmallow While Verizon Pushes Out a Minor Update (MobiPicker) If you are using the Verizon Motorola Droid Turbo, then you should check your phone for an update notification. But before you get all excited, let us tell you that the 18 months-old device hasn’t received the Android Marshmallow update yet and is still on Android Lollipop. Instead, Verizon has rolled out a minor update

Cyber Attacks, Threats, and Vulnerabilities

GSA says cyber ‘mistake’ was ‘no breach'; others investigate (Washington Post) A Government Services Administration office known as 18F functions as a computer consultancy for federal agencies and says it was “built in the spirit of America’s top tech startups.” But this government tech start-up had a technical slip-up of its own

How 18F handles information security and third party applications (18F GSA) Today the General Services Administration’s Office of Inspector General (an independent part of our agency, entrusted with carefully inspecting agency operations) published a report on a mistake made in the configuration of Slack, an online chat tool we use

Management Alert Report: GSA Data Breach (GSA OIG Office of Inspections and Forensic Auditing) During the course of an ongoing evaluation, the OIG Office of Inspections and Forensic Auditing identified an issue that warrants immediate attention. Due to authorizations enabled by GSA 18F staff, over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information

ISIS and Central Asia: A Shifting Recruiting Strategy (Diplomat) The region’s leaders must ask themselves if they are ready to deal with new threats tailored to recruit the discontented

Why Islamic State Militants Care So Much About Sykes-Picot (Radio Free Europe/Radio Liberty) One hundred years ago, on May 16, 1916, representatives from the United Kingdom and France (with the agreement of Russia) met in secret and signed what has come to be known as the Sykes–Picot Agreement. The pact, signed amid World War I, divided the Ottoman Empire into spheres of imperial control, and is often held responsible for establishing the current borders of the Middle East

Latest Flash 0day exploit delivered via booby-trapped Office file (Help Net Security) Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details about the attacks and the exploit used

Flash zero day phished phoolish Microsoft Office users (Register) If you 'must' run Flash, run EMET, hacker begs

Symantec antivirus bug allows utter exploitation of memory (Register) Cross-platform nasty is simplicity itself to exploit, so get patching peeps

Symantec/Norton Antivirus ASPack Remote Heap/Pool memory corruption Vulnerability CVE-2016-2208 (Chromium) When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products. The problem occurs when section data is truncated, that is, when SizeOfRawData is greater than SizeOfImage

95.4% of All Android Devices Are Susceptible to Accessibility Clickjacking Exploits (Skycure) This is a follow up to our blog post during RSA (https://www[dot]skycure[dot]com/blog/accessibility-clickjacking/), where we explained how a hacker, by combining two features of Android, Accessibility Services and the ability to draw over other apps, may gain control of the mobile device, including acquiring elevated privileges and exposing the content of all apps on the device

An HTTPS hijacking click-fraud botnet now infects almost 1M computers (Computerworld) The malware replaces search results with ones from an affiliate program

Inside The Million-Machine Clickfraud Botnet (Bitdefender Labs) Online advertising is a multi-billion dollar business mostly ran by Google, Yahoo or Bing via AdSense-like programs. The current generation of clickbots such as the Redirector.Paco Trojan have taken abuse to a whole new level, burning through companies’ advertising budget at an unprecedented pace

Furtim: The Ultra-Cautious Malware (enSilo) Furtim is the latest stealthy malware, found in the wild, and its discovery is credited to @hFireF0X. Clearly, Furtim’s developers were more interested in keeping their malware hidden from security’s prying eyes than hitting more targets. With stealth a key component, we code-named this downloader Furtim, the Latin translation for “stealthy”

Analyzing Furtim: Malware that Avoids Mass-Infection (Breaking Malware) Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of discovery, it was not detected by any of the 56 anti-virus programs tested by VirusTotal service

Paranoid Furtim Malware Checks for 400 Security Products Before Execution (Softpedia) Malware most likely used in cyber-espionage campaigns

Vietnam: Bank Said They Stopped Cyber Attack via SWIFT Messaging System (OCCRP) Cybercriminals tried to use fake transfer requests to steal more than US$ 1.1 million from a bank in Vietnam, a similar technique to that used to steal millions from the central bank of Bangladesh earlier this year

Inter-bank system SWIFT on security? User manual needs 'revamp’ (Register) Call for, er, tailored action

Five Necessary Improvements to the SWIFT (not Taylor Swift) Security Model (Skyport Systems) @securiTay – Taylor has better security than some banks transferring millions using SWIFT. Recently there has been what is likely the beginning of a wave of break-ins and financial exfiltrations via the SWIFT Alliance. Reports vary a bit, but between vendor/operator mistakes, weak security controls, lack of integrated forensics, and some not-so-best practices we have ended up witnessing the theft of over $80 million dollars. (It could have been over $950 million dollars but for the successful identification of typos by some astute bank operators)

AppRiver warns of PayPal themed Phishing making the rounds (IT Security Guru) Leading provider of email messaging and web security solutions, AppRiver, has warned of an ‘old fashioned’ but equally effective phishing campaign currently circulating that is impersonating PayPal

Web2py 2.14.5 CSRF / XSS / Local File Inclusion (PacketStorm) Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities

Runkeeper: A fitness app or a tracking app? (Help Net Security) Popular fitness app Runkeeper tracks users even when not in use, does not delete personal data when users stop using it, and shares users’ personal data with an advertising company in the US, the Norwegian Consumer Council (NCC) says in a complaint lodged with the Norwegian Data Protection Authority

Gboard enhances your keyboard, but what about your privacy? (Help Net Security) Gboard is a Google app for your iPhone that lets you search and send information, GIFs, emojis and more, right from your keyboard. You can search and send anything from Google, including news, articles, videos, images, etc

Hacker fans give Mr. Robot website free security checkup (Ars Technica) Days after USA Network patches XSS bug, hacker finds a way to inject SQL code

John McAfee claims to have hacked WhatsApp encrypted messages on Android (Computer Business Review) Cybersecurity expert John McAfee and his team claim to have hacked an encrypted Whatsapp message, using their servers located in remote areas in the mountains of Colorado

Academia

Partnership prepares undergraduates to tackle cybersecurity (Globe Newswire) In a time when million-dollar security breaches of major corporations regularly make headlines and complicate lives, computer science undergraduates at America's universities remain surprisingly underexposed to basic cybersecurity tactics

NYIT Designated as National Center of Academic Excellence in Cyber Defense Education (Newswise) The National Security Agency (NSA) and the Department of Homeland Security (DHS) have designated New York Institute of Technology (NYIT) as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through academic year 2021. NYIT is the first university on Long Island to receive this designation, and one of only eight in New York State

Creating a digital career path for Native Americans (Federal Times) Native American contributions to U.S. national security hasn’t been widely appreciated. The Navajo Code Talkers of World War II played an amazing role in helping the U.S. and its allies achieve victory

Waikato University takes the lead in cyber security research (Scoop) Waikato University takes the lead in cyber security research and education

Litigation, Investigation, and Enforcement

How the Government Monitored Twitter During Baltimore's Freddie Gray Protests (Vice) After Freddie Gray died from injuries he sustained while in police custody, citizens of Baltimore took to the streets. The death of the 25-year-old African American man in April 2015 sparked many peaceful demonstrations throughout the city, but when riots broke out, the Department of Homeland Security (DHS) monitored Twitter and other social media platforms for "intelligence" about the protests and the protesters

When Do Law Firms Have to Disclose a Data Breach? (Wall Street Journal) Cyber attacks against some of the country’s top law firms are reigniting concerns about the legal industry’s handling of data breaches

Supreme Court sides with search engine (CNET) The high court rules in favor of Spokeo, a people-search company that a man accused of displaying inaccurate information about him

Top programmer describes Android’s nuts and bolts in Oracle v. Google (Ars Technica) On cross, Dan Bornstein is asked about scrubbing the "J-word" from source code

Design and Innovation

Is the enterprise ready to automate security operations? Splunk makes the case (Diginomica) We sat down with chief security evangelist at Splunk, Monzy Merza, who argued that enterprises are ready to give some control over to the machines

Slow, sluggish mobile money uptake (National) Some years back, the Central Bank of Nigeria (CBN) licensed some firms to offer mobile money services. The most successful model is the telco-led, but Nigeria has chosen the bank-led model which appears to be slowing down uptake

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

upcoming Events

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration between the United-States and Israel in cybersecurity. The summit is supported by Israel state agencies alongside companies and corporation across the United-States and Israel and is free of charge for registrants. DCOI 2016 will present best technological and creative skills, industry leaders and some of the most innovative entrepreneurs in the world.

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisers; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information. Training and Reception on Thursday - Forums and Sessions on Friday.

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

GSA says Slack misconfiguration didn't result in data loss. Malicious Office files spread Flash 0-day. AV vulnerability reported. Clickjacking and clickfraud. Furtive "Furtim."