Non-state actors' homebrew RDT&E. Patching versus weaponization. Zeus remains a POS threat. Rogue insiders sought in the dark web. M&A notes. The continuing FSB purge.
ISIS documents captured in Mosul indicate that the Caliphate is taking an interest in commercial drones as weapons. It's long been noticed that the Internet provides threat actors with a ready-made research, development, and acquisition capability of a calibre formerly accessible only to nation-states. This latest bit of information warrants a look back at a 2008 Naval Research Advisory Committee study that predicted exactly this development, in pretty much exactly this form.
WordPress late last week patched a critical content injection zero-day. It kept the vulnerability under wraps until the patch was ready to avoid tipping off hackers who might have weaponized the exploit.
The venerable Zeus malware continues to successfully infect point-of-sale devices.
The EyePyramid campaign is thought to have been aimed at gaining illicit trading advantages. Such insider information is joining intellectual property as a common criminal goal: reasearchers at RedOwl and IntSights are seeing more cyber criminals attempting to recruit corporate insiders in the dark web. The insider trading racket is lucrative, at least according to the crooks managing the souk: they say their members make more than $5000 a month on illegal trades. Take that with the proverbial grain of salt, but there may be something to is, since the forum managers charge a 1 Bitcoin ($995) cover fee for membership. Companies are advised to look to their insider threat.
In industry news, Visa USA acquires CardinalCommerce (authentication), HPE buys Niara (behavioral analytics), and Radware concludes acquisition of Seculert (automated attack detection).
Russia's FSB purge continues.
Today's issue includes events affecting China, Israel, Japan, Netherlands, Russia, Singapore, Syria, United Kingdom, and United States.
Today's CyberWire daily podcast features Jonathan Katz from our partners at the University of Maryland. He'll discuss searchable encryption (his paper on the topic, "All Your Queries Are Belong to Us," gives a sense of his take on the matter). Our guest is Vadim Vladimirsky from Nerdio, who talks with us about some of the security implications of IT as-a-service.
We've also got a new special edition of the podcast out. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.
Cyber Attacks, Threats, and Vulnerabilities
The Islamic State Is Pioneering a New Type of Drone Warfare - Motherboard (Motherboard) Documents found in Mosul reveal more information about how the group is turning consumer technology into tools of war.
Come Fly with Me: Securing the Drone (Infosecurity Magazine) New report seeks to aid the safe and secure creation and operation of unmanned aircraft systems
Disruptive Commercial Technologies (Naval Research Advisory Committee) Advanced commercial technologies are widely distributed throughout the world and are generally accessible through the internet. Credible threats to Marine capabilities and gaps can be developed from imaginative combinations of commercial products.
Update: PLA Cyber Actor & Mission (Wapack Labs) A review of academic work by members of the PLA revealed certain units publishing an increasing amount of papers on cyber security. One of ...
WordPress Websites Exposed to Severe Content Injection Vulnerability (HackRead) Wordpress is one of the most used content management system (CMS) in the world. So when there is a security flaw in its system, it affects millions of user
WordPress kept users and hackers in the dark while secretly fixing critical zero-day - Help Net Security (Help Net Security) Last week's WordPress update also secretly fixes a bug that allows unauthenticated users to modify the content of any post or page within a WordPress site.
Ultrasonic cross-device tracking (Infosecurity Magazine) The Risk Avengers take a look at the issue of ultrasonic cross-device tracking
Zeus-Derived Malware Continues to Pwn POS Devices (Data Breach Today) Offspring of the Zeus banking Trojan continue to spring to life. Functionally, however, security experts say most POS-infecting banking malware remains almost identical. So why aren't more organizations putting well-known defenses in place?
Hackers are seeking out company insiders on the black market (CSO Online) If you’re the CEO of a company, here’s another threat you need to worry about: hackers trying to recruit your employees for insider-related theft.
Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web (Red Owl, Intsights) Organizations face asymmetric and unprecedented risks from insiders — employees and contractors who have valid access to enterprise networks. Insider risk is on the rise in part due to the growing influence of the dark web, a portion of the internet that enables anonymity. The dark web is being increasingly used by cybercriminals for recruiting insiders to help steal data, make illegal trades or otherwise profit.
EyePyramid clears the way for future malware attacks - Help Net Security (Help Net Security) EyePyramid victims can be victimized by other attackers more easily, as the malware lowers the security posture of affected Windows machines.
Ransomware Turns to Big Targets—With Even Bigger Fallout (WIRED) A new generation of ransomware is wreaking havoc, whether you're directly infected or not.
Phishing test results in a barely-passing grade for users (CSO Online) Diligent recently surveyed 2,000 people to see who got caught hook, line and sinker for the phishing scam.
SANS Internet Storm Center (SANS Internet Storm Center) Researchers from University Alliance Ruhr have announced that they have discovered vulnerabilities in popular laser printers including models from HP, Lexmark, Dell, Brother, Konica and Samsung. The announced vulnerabilities have a range of effects, but could permit the contents of print jobs to be captured, permit delivery of buffer overflow exploits, password disclosure or even damage to the printer.
Spirent Security Experts Predict Greater Risk to Civil and Military Global Navigation Applications In 2017 (Yahoo! Finance) Spirent Communications plc , the leading provider of mobile network, application, services, and device-test solutions, today warned of the increased likelihood of disruptions this year to a wide variety of civil and military applications relying on global navigation satellite systems – GPS, GLONASS,
The NHS says Google mistook its 1.2 million employees for a huge cyberattack and blocked it (Business Insider) The search giant is 'intermittently' blocking Britain's doctors and nurses.
Facebook Warning That Homeland Security Is Sending Standing Rock Protesters Info To FBI Is A Hoax (Business 2 Community) Facebook pop-up windows are warning that the Department of Homeland Security is passing along entire Facebook histories of Standing Rock protesters to the Federal Bureau of Investigation. However, th…
Reddit bans r/altright over doxing (TechCrunch) Reddit has banned the r/altright subreddit for "the proliferation of personal and confidential information." That's a rather clinical way of describing what's..
Come Fly with Me: Securing the Drone (Infosecurity Magazine) New report seeks to aid the safe and secure creation and operation of unmanned aircraft systems
GitLab down after it deletes wrong directory and backups stumble (Graham Cluley) GitLab, which provides a source code version control repository for software developers, has come a cropper after an employee accidentally deleted a directory on the wrong server.
Security Patches, Mitigations, and Software Updates
WordPress patches dangerous XSS, SQL injection bugs | ZDNet (ZDNet) The security release fixes three flaws in the content management system.
Ignorance is Bliss? An Enormous WordPress Zero-Day has Been Secretly Fixed (The State of Security) A severe zero-day vulnerability has been fixed in WordPress, which could allow an attacker to modify the content of any post or page on a WordPress site.
WordPress: Why we didn't tell you about a big zero-day we fixed last week | ZDNet (ZDNet) WordPress has revealed a serious flaw that it secretly fixed in last week's security update.
Netgear Addresses Password Bypass Vulns In 31 Router Models (Dark Reading) Company has made patches, workarounds available to mitigate password bypass threat that potentially impacted 1 million devices, Trustwave says.
Latest Ubuntu Update Includes OpenSSL Fixes (Threatpost | The first stop for security news) Ubuntu users are encouraged to update their operating systems to the latest OpenSSL package versions to address a collection of vulnerabilities.
Why 2017 will be the worst year ever for security (CSO Online) High-profile breaches are just the tip of the iceberg. Many have never been detected or disclosed--and without a major infrastructure changes it's only going to get worse
State of Cybersecurity from the Eye of the Storm (SecureWorks) Our experts dive into the fundamental security challenges organizations face in an ever-evolving threat landscape.
Threat Intelligence by the Numbers (Infographic) (Recorded Future) We’ve organized some intriguing statistics about the cyber landscape to help show why organizations must build an effective threat intelligence capability.
The problem with threat intelligence [Infographic] (CSO Online) 78% of security pros say threat intelligence is essential to their organization’s security, but just 27% say their organizations effectively use threat data. Why the disconnect?
AppSec teams facing resourcing issues that are making them vulnerable - Help Net Security (Help Net Security) A study of one hundred CISOs revealed that 94% are concerned about breaches in their publicly facing assets in the next 12 months.
Only 3% of the Apps on Your Company iPhones are Secure (Panda Security Mediacenter) A recent study has revealed that only 3% of the 200 most downloaded apps for iOS have implemented Apple's latest security protocols.
What would cybercrime figures look like if we reported attacks. (Infosecurity Magazine) Imagine what cybercrime figures would look like if we all reported attacks.
Spam Accounts for Two-Thirds of All Email Volume, and It's Still Going Up (BleepingComputer) Reports released by different security vendors highlight that spam campaigns grew tremendously in 2016, as exploit kit activity fell after the three major players went down.
'Malvertising' Increase 132 Percent in 2016, RiskIQ Study Finds (eWeek) Of the nearly 2 billion pages that RiskIQ scanned, researchers found 7.6 million fraudulent or malicious advertisements.
Machine Learning to Ward off Cyber Threats (ReadITQuik) ABI Research forecasts that spending on big data, analytics and intelligence would touch $96 billion by boosting the adoption of machine learning in cyber security
Does the health data industry prioritize profits or patients? (The Christian Science Monitor Passcode) In his new book about medical privacy, Adam Tanner argues patients are in the dark about a multibillion dollar industry that profits from their medical records.
Tampa, Orlando, and St. Louis had the Highest 2016 Malware Infection Rates in the United States (Enigma Software) Computers in Tampa, Orlando, and St. Louis are more likely than computers in any other city to be infected with malware. That's according to data released today by ESG, makers of the SpyHunter anti-spyware program.
Security Everywhere (Visa USA) Visa completes acquisition of CardinalCommerce
HPE acquires behavioral security analytics firm Niara | ZDNet (ZDNet) Niara's behavior analytics software will be integrated with HPE Aruba's ClearPass network security portfolio.
Radware buys Seculert, adding automated attack detection platform (Infosecurity Magazine) Radware acquires Seculert, adds SaaS automated attack detection platform
In security, should Symantec, Cisco, IBM, Check Point and Intel be worried? (ARN) Incumbents set to be challenged as mid-size vendors come into play.
Symantec CEO Predicts Upcoming Shakeout In Endpoint Security Market (CRN) There's no standing room left in the market for endpoint security, according to Symantec CEO Greg Clark. The ever-acquisitive security giant's CEO says he sees some legacy and startup players getting left behind.
FireEye’s Value Proposition in the Cybersecurity Space (Market Realist) Previously in this series, we discussed FireEye’s (FEYE) recent offerings and the company’s focus on SaaS (software-as-a-service) to generate revenue growth. In this part, we’ll look at FireEye’s value proposition among select US cybersecurity companies.
Browser Isolation Pioneer Light Point Security Posts Over 450% Year-Over-Year Revenue Growth (PRNewswire) Light Point Security, creators of the Light Point Web Full Isolation...
RedSeal Reaches Profitability in 2016 with Strong Year-Over-Year Growth (Yahoo! Finance) RedSeal , the leader in network modeling and cyber risk scoring, today announced its 2016 bookings were up 45 percent compared to the previous year, and the company was cash flow positive nearly $5 million...
Fixing the Nation's Cybersecurity Talent Shortage (Transmosis) Almost weekly, we hear of encroachments into big data systems in government, the military, finance, health, hospitality and retail – to name just some of the affected industry sectors. As awareness of our vulnerability has increased, demand for cybersecurity specialists has risen dramatically.
Rise of the 'accidental' cybersecurity professional - TechRepublic (TechRepublic) To fill cybersecurity job shortages, a number of people, especially women, are entering the field from other careers. Here's why they might be able to help your company.
INSA Announces Recipients of 2017 Achievement Awards | WashingtonExec (WashingtonExec) The Intelligence and National Security Alliance (INSA) announced Jan. 25 the recipients of the 2017 INSA Achievement Awards. The awards recognize outstandi
Products, Services, and Solutions
Webroot Expands Threat Intelligence (Webroot) New products detect and mitigate advanced threats with deep visibility into network and Web
LightCyber Introduces New Tools for Corporate Security Assurance (BusinessWire) New reporting assures boards and executives that networks are free from attackers, and new efficiency metrics confirm operational expense benefits of Magna Platform.
ServiceNow Resolves Real Security Threats Fast (ServiceNow) ServiceNow (NYSE: NOW), the enterprise cloud company, today announced integrations from leading cybersecurity companies into ServiceNow Security Operations solution.
TechDemocracy Introduces Intellicta – the First Platform to Offer Enterprises Holistic Assessment of Compliance, Security, Risk and Governance Tools (GlobeNewswire News Room) Standards-based, framework-driven platform helps companies maximize value from their technology investments
DarkLight Announces Strategic Alliance with Agile Defense, Inc. (GlobeNewswire News Room) Enables integration of next-generation security analytics platform to arsenal of proven IT capabilities
IRONSCALES Launches First Anti-Spoofing Email Security Tool to Combat Phishing Threats in Real-Time at RSA 2017 (PRWeb) Anti-impersonation Outlook plugin, known as IronShield, will serve as a virtual security analyst for employees, inspecting & analyzing all emails at the mailbox level using deep scans & machine learning
Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments (BusinessWire) New Tenable.io cloud platform debuts asset-based licensing, introduces container security and web application scanning
Model N Deploys Egnyte Connect to Build a Secure Digital Workplace for Global Collaboration (IT Business Net) Egnyte, the leading cloud provider of smart content collaboration and governance for the enterprise, today announced Model N, a leader in revenue management solutions, has deployed Egnyte Connect as their company-wide solution for global content collaboration and management.
Calctopia Announces Launch of The Secure Spreadsheet™ (Yahoo! Finance) Calctopia announces the launch of The Secure Spreadsheet™, the first computer program for cryptographic secure computation aimed at a general public: now two parties, empowered by the latest advancements in cryptography research, will be able to keep their data private.
Fortinet FortiGate Enterprise Firewalls Approved by Defense Department’s Top Cybersecurity Authority as a Solution for Classified Networks (Yahoo! Finance) Philip Quade, chief information security officer, Fortinet“ US Federal customers require the industry’ s most advanced commercial technologies to deliver the best security...
Are you often the victim? (iTWire) Sophos has released an online Phish Threat Tester – security awareness testing and training for end users whose behaviour is responsible for ove...
Imperva Incapsula Now Available in the Microsoft Azure Marketplace (Yahoo! Finance) Imperva, Inc., committed to protecting business-critical data and applications in the cloud and on-premises, announced that the Imperva Incapsula solution is available...
Waverley Labs Announces Software Defined Perimeter (SDP) for Distributed Denial of Service (DDoS) Attacks (Marketwired) Waverley Labs, a pioneer in software defined perimeters (SDP) and digital risk reduction solutions, today announced availability of a Software Defined Perimeter (SDP) engineered to eliminate distributed denial of service (DDoS) attacks. A demo of the SDP for DDoS can be seen here
Farsight Security Joins New ThreatQuotient Partner Integration Program (WebWire) Today Farsight Security, Inc., the worlds largest provider of real-time and historical DNS intelligence, announced that the company has joined the new ThreatQuotient Partner Integration Program and successfully integrated the Farsight DNSDB solution into the ThreatQ threat intelligence platform.
Technologies, Techniques, and Standards
Why GDPR may inhibit privacy and security-enhancing technologies (Computing) By sticking rigidly to 1970s definitions of 'processors' and 'controllers', GDPR may hinder the growth of decentralised peer-to-peer alternatives.
Is America Prepared for Meme Warfare? - Motherboard (Motherboard) Memes function like IEDs.
Is Wi-Fi secure enough for the federal government? (FederalNewsRadio.com) Jon Green, chief technology officer for Aruba Government Solutions, explores why mobility and Wi-Fi access in the federal government is not a security risk.
DDoS Protection: 14 Unique Ways to Protect Yourself from DDoS Attacks | Rivalhost (RivalHost) DDoS attacks have increased by 250% over the past 3 years. Learn how to keep your business protected today!
Don't Speak Wookiee to the Board (RiskLens) Discover what two beloved Star Wars heroes can teach us about our communication of cyber risk to the business and the board.
MDM technologies 'misunderstood' - Malwarebytes (Channelnomics) Channel should focus on security training, exec tells Channelnomics
What’s an adaptive security architecture and why do you need it? (Vectra) Network-based malware detection addresses increasing complexity of malware ecosystem but doesn’t make attribution a key priority.
Surviving a cloud-based disaster recovery plan (Ars Technica) Getting data offsite is easier today, but what happens when the Internet isn’t there?
10 Essential Elements For Your Incident-Response Plan (Dark Reading) The middle of a DDoS attack or ransomware infection is hardly the time to start talking about divisions of labor, or who should do what when.
How to keep children safe on Facebook and other online dangers (CSO Online) Keeping children safe online presents a real challenge for parents today. Whether you're worried about what they might see on YouTube or who they might speak to on Facebook, we have the best tips for security settings as well as ground rules that can help you protect kids from the nasty side of the internet.
Design and Innovation
Ignorance is not bliss: Why security must never be an afterthought for our smart cities (Security Brief) APAC nations take note: Our smart cities may be more efficient, but they could also be crippled by a cyber attacks.
Research and Development
NTU Singapore, BGU Israel team up on cyber project (The Times of Israel) Singapore’s NTU and Ben-Gurion University seek to fight complex cyberthreats by using the human body as a model
2017 Japan Prize Honors Trailblazers in Life Science and Cryptography (PRNewswire) Central to its deep commitment to honor the most innovative and meaningful...
Law school starts cybersecurity project as field's popularity grows (The GW Hatchet) Faculty working with the program said it will bring law scholars, students and the public together for discussion about the intersection of law and technology.
Legislation, Policy, and Regulation
Influencers: US should hit Russia harder for political hacks (The Christian Science Monitor Passcode) The US should retaliate more strongly against Russia for its digital attacks on American political organizations, more than three-quarters of Passcode’s Influencers said.
Cyber-spying, leaking to meddle in foreign politics is the New Normal (Register) Ah, kids today! Nope, nope, this is governments we're talking about
Trump and Putin's Game Theory (Foreign Affairs) A rational Trump could never believe that Putin will stick to his word, just as a rational Putin could not believe that Trump would stick to his.
House Passes 17 Sweeping Bipartisan Bills To Enhance Homeland Security (Homeland Security Today) Assuring that the “House Committee on Homeland Security continues its efforts to shield the homeland and protect Americans right out of the gate in the 115th Congress,” committee chairman Michael McCaul’s (R-TX) office said Tuesday “the House passed 17 Committee bills that touch on a wide array of homeland security issues—from the security of our border, transportation and cyber networks, to counterterrorism, first responder capabilities and ensuring the Department of Homeland Security [DHS] runs efficiently.
The private sector is the key to success for the Department of Homeland Security (CSO Online) Infrastructure protection is a shared responsibility that cannot be met by government alone.
Van Hollen, former NSA director discuss government, private sector collaboration (Capital Gazette) U.S. Sen. Chris Van Hollen and the former director of the NSA talked Wednesday in Linthicum about the importance of the government working with the private sector to improve the country's cyber security.
Battle Staffs Need More Cyber Training, Leaders Say (GovTechWorks) Military cyber operations capabilities are developing faster than planners and commanders can use them on the battlefield. This reality prompted a fresh look at classification and training to ensure battle staffs know how and when to employ cyber effects.
Netherlands Opts For Manual Vote-Count Amid Cyberattack Fears (Dark Reading) Ballots will be counted by hand in the March 15 election after doubts surface over the safety and security of electronic system.
Litigation, Investigation, and Law Enforcement
Фигурирующий в деле о госизмене сотрудник ФСБ в прошлом был хакером (РБК) Третий фигурант дела о госизмене, по которому проходят сотрудник «Лаборатории Касперского» и офицер ФСБ, оперативник Дмитрий Докучаев, ранее был хакером. По этой причине его завербовали в ФСБ, говорят источники РБК
In treason case, Russia alleges security experts aided US (CSO Online) Two officers of the Russian Federal Security Service, the FSB, and a cybercrime investigator from Kaspersky Lab have reportedly been charged with treason for allegedly helping U.S. intelligence services.
Russian spy purge after suspected leaks to U.S. intelligence (CNN via Gant Daily) There’s a purge of spies underway in Moscow, where two high-ranking Russian security service agents, a cybersecurity expert and a fourth man have been charged with treason for passing along secrets to American intelligence, according to a lawyer defending one of the men.
Treason Through the FSB Looking Glass (Moscow Times) Why 'espionage' arrests at the heart of Russia’s security services are not all that they seem
FBI Continues To Demand Far More Info Than It's Supposed To With Its National Security Letters (Techdirt.) Mike covered Twitter's release of two FBI NSLs it had received in the last few years -- more evidence that the USA Freedom Act, if nothing else, has made review of NSL gag orders more timely and the orders themselves more easily...
Cops May Get Location Data Without Warrants. That Has to End (WIRED) Opinion: Lawmakers should craft privacy regulations to ensure protection of citizens’ Constitutional rights.
Conflicting Reports Suggest Phineas Fisher (HackBack) Arrested in Spain (HackRead) Spanish police have arrested three suspects for their alleged involvement in data breach against Catalan police Mossos D’Esquadra server in 2016. Germany-b
Hacker Phineas Fisher arrested in Spain? - Help Net Security (Help Net Security) Has Phineas Fisher, the person (or group) behind the Gamma International and Hacking Team breaches and data leaks, been arrested?
Brit arrested after hacking into US CCTV days before Donald Trump's inauguration (The Sun) A Brit was arrested after a crippling attack on Washington DC’s CCTV network just days before Donald Trump’s inauguration. Cops swooped on a South London address after computer criminals disabled...
Spoofed Grindr Accounts Turned One Man’s Life Into a ‘Living Hell’ (WIRED) When someone started making fake Grindr profiles for Matthew Herrick, more than 700 men came to his home and work.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Second Annual International Security Conference (Riyadh, Saudi Arabia, Feb 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.
Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, Feb 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.
Insider Threat Program Development Training For NISPOM CC 2 (Toms River, NJ, USA, Feb 6 - 7, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 6-7, 2017, in Toms River, NJ. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.
The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, Feb 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.
SANS Southern California - Anaheim 2017 (Anaheim, California, USA, Feb 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.
Cyber Protect Conference (Nottingham, England, UK, Feb 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's Police and Crime Commissioner Paddy Tipping and Nottinghamshire Police, and will include presentations from cyber security experts. The event, which takes place on Thursday, February 9, at The Atrium in Nottingham, is free of charge and open to small and medium-sized enterprises (SMEs) across the county.
Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, Feb 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.
RSA Conference 2017 (San Francisco, California, USA, Feb 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.
Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, Feb 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.
Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, Feb 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.
Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, Feb 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.
Risky Business (London, England, UK, Feb 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.
The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, Feb 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.
SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.
Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.
The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers
International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.
SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.
15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.
Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.