
#RSAC2017: reflections and preoccupations. France warns Russia to stay out of its elections. Windows-based botnet spreads Mirai. "Kingslayer" supply-chain attack. FTP protocol injection vulnerabilities. IE 11 JavaScript attack. EA gaming server outage. Orthanc rising in downtown Palo Alto?
RSA 2017
As attendees look back at RSA, they seem prepared to award the mindshare prize to Internet-of-things security. (We would say that artificial intelligence, workforce development, and endpoint security gave the IoT a run for its money.) Over the next two days we'll look at some of the splashier IoT hacks, trends, and warnings, a lot of which involve increasingly smart cars.
As US investigation of Russian influence operations proceeds, France warns Moscow to stay out of upcoming French elections.
Kaspersky Lab researchers are tracking an evolved Windows-based botnet that's spreading Mirai malware. The emerging Mirai variant under examination also seems able to migrate to Linux systems.
KrebsOnSecurity reviews a low-key, ambiguous vulnerability disclosure of a supply-chain exploitation attack RSA calls "Kingslayer." The software affected is EVlog, by Altair Technologies. Altair has, since the KrebsOnSecurity post, released more information about the issue. RSA's report on the attack discerns similarities between this exploit and work by threat actors Shell_Crew and Codoso. Codoso has also been investigated by Palo Alto and ProofPoint.
Researchers report unpatched FTP protocol injection vulnerabilities in Java and Python.
Bleeping Computer offers notes on Internet Explorer 11's susceptibility to an "unstoppable" JavaScript attack that enables ad fraud, tech support scams, and vulnerability to various zero-days. The good news is that the problem seems confined to IE 11; the bad news is that IE 11 retains significant browser market share: 10.46%, according to Bleeping Computer.
Gamers were distressed by an outage affecting Battlefield 1 servers. It's unclear whether the outages were due to attacks or bugs.
The Intercept has a long piece on Palantir's aspirations to become a primary contractor serving the US Intelligence Community, and the progress it made toward that goal over the last few years. Here's a short version: Peter Thiel is Féanor; James Clapper Saruman. (We're just spitballing here, but we're pretty sure about that Féanor attribution.)
Notes.
Today's issue includes events affecting France, Iraq, Philippines, Russia, United Arab Emirates, United Kingdom, and United States.
Today's podcast features our partners at the Johns Hopkins University: Joe Carrigan will talk us through privacy tools being recommended by the Electronic Frontier Foundation. Our guest is Endgame's Mark Dufresne, who discusses in-memory fileless exploits.
Give the special prognostication edition of our podcast a listen: industry experts and editors covering the cyber beat give their take on cyber in 2017.
San Francisco: a look back at RSA 2017
RSA Conference 2017 Closes With Record Attendance (RSA Conference) RSA Conference, the world’s leading information security conferences and expositions, today concluded its 26th annual event in San Francisco. A record number of more than 43,000 attendees experienced keynotes, peer-to-peer sessions, track sessions, tutorials and seminars.
RSA Wrap-Up: Top Stories From the 2017 RSA Conference (Security Intelligence) For our RSA wrap-up, we summarized some key points and takeaways about emerging trends such as the IoT, security analytics and the IT skills shortage.
RSAC 2017 Roundup: Smart & IoT Security Dominate (ABIresearch) The RSA Conference is one of the largest conferences globally for the cybersecurity industry (if not the largest), and I attended this year’s event with interest once more.
2017 Is a Transformative Year for Security (Tenable Network Security) For organizations around the globe, security is evolving from a technology issue to a business issue.
Where Do Venture Capitalists See Security Opportunities? (eSecurity Planet) VCs from Trident Capital Cybersecurity, Elephant, Glasswing Ventures and Ten Eleven Ventures discuss where they see the opportunity to profit.
How a dynamic range of authentication can open doors for trusted customers (Help Net Security) Michael Thelander, Director of Product Marketing at iovation, talks about lessons learned from bringing authentication technology out to customers.
RSA Trend: Cloud, IoT Cybersecurity Skills Gap Drives Security Services Demand (Channel Partners) The cybersecurity trends that stood out this year were cloud and container security, machine learning, securing the Internet of things, rugged DevOps and
The Cyber Threat Alliance is a real “Thing” now (LinkedIn) As many of you know, a small group of security vendors have been working on building the first real security vendor sharing organization similar to the ISAC or ISAO model.
NTT Security: Delivering cyber resilience (Help Net Security) Garry Sidaway, SVP of Security Strategy & Alliances for NTT Security, talks about the formation of NTT Security and how they deliver cyber resilience.
Cyber Attacks, Threats, and Vulnerabilities
France Warns Russia To Stay Out Of Its Presidential Election (NPR) The French government warned the Kremlin not to interfere in its presidential vote after signs of a disinformation and hacking campaign against a rising candidate who is not sympathetic to Russia.
Donald Trump Website Hacked by Iraqi Hacker (HackRead) An Iraqi hacker going by the online handle of Pro_Mast3r ~ hacked and defaced a server associated with presidential campaign fundraising for Donald Trump.
Advanced Windows botnet spreads Mirai malware (Help Net Security) Experts are analyzing the first Windows-based spreader for the Mirai malware as part of a concerted effort to close down Mirai botnets in the wild.
Windows Botnet Spreading Mirai Variant (Threatpost) A Windows-based botnet is spreading a Mirai variant that is also capable of spreading to Linux systems under certain conditions, Kaspersky Lab researchers said.
How to Bury a Major Breach Notification (KrebsOnSecurity) Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.
Kingslayer - A Supply Chain Attack (RSA) RSA Research investigated the source of suspicious, observed beaconing thought to be associated with targeted malware.
Java and Python Contain Security Flaws That Allow Attackers to Bypass Firewalls (BleepingComputer) Both Java and Python contain similar security flaws that allow an attacker to bypass firewalls by injecting malicious commands inside FTP URLs.
Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks (BleepingComputer) Argentinian security expert Manuel Caballero has published new research that shows how a website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute his very own persistent JavaScript code while the user is on other domains.
Security Alert: TeamSpy Malware Spammers Turn TeamViewer into Spying Tool in Targeted Attacks (Heimdal Security Blog) This infection compromises your TeamViewer application to gain full control of your system and steal your private data. Here are the details:
RAMNIT: The Comeback Story of 2016 (TrendLabs Security Intelligence Blog) Earlier this year, Action Fraud, the UK’s fraud and cybercrime reporting center, issued a warning that cyber criminals were taking advantage of generous individuals by sending phishing emails purportedly from Migrant Helpline, a charity organization dedicated to assisting migrants across the country.
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol (The Duo Security Bulletin) A security researcher on the Duo Labs team details how he found several vulnerabilities in a wireless physical security system.
Firefox Users Fingerprinted via Cached Intermediate HTTPS Certificates (BleepingComputer) The way in which Firefox caches intermediate CA certificates allows a third-party to deduce various details about website visitors and also link advertising profiles to private browsing sessions.
Anatomy of a cyber attack explained at HIMSS17 (Health Data Management) Children’s hospitals cannot assume they are immune from hackers, Daniel Nigrin says.
Big Blue's big blunder: IBM accidentally hands over root access to its data science servers (Register) Private Docker Swarm keys leak into public containers
Do Software-Defined Data Centers Pose Security Concerns? (Dark Reading) SDDC adoption is likely to trigger widespread data security governance programs, with 20 percent of organizations considering them necessary to prevent data breaches.
Ransomware attacks growing rapidly, organizations are struggling (Help Net Security) The percentage of ransomware attacks increased from 5.5%, to 10.5% of all recognized malware attacks from July to December 2016, according to Check Point.
Social Media Impersonators Drive Security Risk (Dark Reading) A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.
EA Servers Go Down; Battlefield 1 Servers Facing Outage (HackRead) If you are wondering what is going on with Battlefield 1 then you are not alone, EA servers are down impacting Battlefield 1’s players in the United States
U.S. Homeland Security employees locked out of computer networks: sources (Reuters) Some U.S. Department of Homeland Security employees in the Washington area and Philadelphia were unable to access some agency computer networks on Tuesday, according to three sources familiar with the matter.
Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED (WIRED) Israeli researchers show that innocent LED indicator on your computer can leak your deepest secrets.
Security Patches, Mitigations, and Software Updates
Microsoft pushes out patches for critical Flash Player vulnerabilities (Help Net Security) Microsoft skipped its February 2017 Patch Tuesday, but there are security holes in Adobe Flash Player that must be plugged now.
Microsoft issues critical security patch, but leaves zero-day flaws at risk (ZDNet) Windows users will have to wait another three weeks to patch two serious vulnerabilities with exploit code when Microsoft's regular patching schedule resumes.
Cyber Trends
Threat of Cyber Attack Is Biggest Fear for Businesses (Bloomberg.com) The threat of cyber attacks and political instability resulting from rising populism are among the biggest worries for businesses around the world, according to a study of companies in 79 countries.
Hacks, lean IT teams push SMEs towards next-gen cybersecurity tools (Channel NewsAsia) Phoon Huat, a homegrown baking supplies company, was hit by ransomware last August, which prompted the SME to deploy a cybersecurity tool with machine learning built into it.
PH among Top 10 countries under malware threats -- report (InterAksyon) Of the top five locations across the globe most at risk of infection by malicious software, two are located in Southeast Asia
Medical device security reaches a tipping point (Healthcare IT News) Hospitals have recognized the need to fix flaws in connected devices but solutions will require a sustained effort.
Is healthcare industry's security spending focused on the wrong technologies? (Help Net Security) Global healthcare IT pros are confronting a changing, challenging landscape, with 66% experiencing a data breach and 88% feeling vulnerable as a result.
Marketplace
Trend Micro: Why Most Cybersecurity Startups Won't Survive (BankInfoSecurity) The honeymoon period for smaller players in cybersecurity is nearing an end, predicts Trend Micro CTO Raimund Genes. Achieving profitability has proven to be
Cyber attack remains top business continuity concern, preparedness for all threats urged: Horizon Scan Report (Canadian Underwriter) Cyber attack, data breach and unplanned IT and telecom outages are the greatest concerns among business continuity professionals, concludes the sixth annual Horizon Scan Report, released Tuesday.
Healthcare Cybersecurity Increasingly Key Issue in C-Suite (HealthITSecurity) KLAS Research and CHIME showed in a survey that healthcare cybersecurity is an increasingly hot topic at the board level and in the C-suite.
Why Verizon is still buying Yahoo on sale, despite that epic security breach (Washington Post) The two companies agreed to a $350 million discount on the price.
How Peter Thiel’s Palantir Helped the NSA Spy on the Whole World (The Intercept) Documents provided by NSA whistleblower Edward Snowden reveal Palantir’s role in creating the U.S. government’s international spy machine.
Apple buys Israeli firm RealFace for facial-recognition tech (Computing) Could be added to iPhone 8
Microsoft CEO says artificial intelligence is the 'ultimate breakthrough' (Mashable) Nothing beats the understanding of natural language.
Malwarebytes to enter 'next wave' of expansion as it gears up for partner programme launch (Channelnomics) Nordic and southern Europe office openings earmarked for the end of this year,Security,Vendor ,Southern Europe,The Nordics,Malwarebytes,vendor,security
Harris wins big to build battle management system for UAE (Defense News) Harris has won a $189 million contract to provide an integrated battle management system to the United Arab Emirates armed forces, the company announced Monday.
Blue Cedar Continues to Fuel Growth Momentum With New Executive Hires (Yahoo! Finance) Blue Cedar, the leader in enterprise mobile app data security, today continued its growth momentum with a trio of new hires. Chris Ford came aboard as chief product officer, Jeanne Angelo-Pardo joined as chief financial officer and Pam Brodt enlisted as vice president of global sales.
Veteran Software and Cybersecurity Executive, Ed Hammersla, Joins Utilidata as CEO (Yahoo! Finance) Utilidata, Inc. announced today that Ed Hammersla, a software and cyber security executive with over 40 years of experience, has joined the company as Chief Executive Officer.
Products, Services, and Solutions
Connected cars: Rohde & Schwarz Cybersecurity now provides dedicated security solutions for IoT automotive telematics (ipoque) Building a secure automotive telematics platform to achieve a profitable business model for automakers and ecosystem partners is a challenging task for mobile network operators. As the platforms lack detailed security specifications and a standardized framework, they become an attractive target for cybercriminals.
Zentera Systems Announces CenturyLink as First Telecom Integration for Its Cloud over IP Platform (Crossroads Today) Zentera Systems, Inc., the leader in multicloud security and networking, today announced that its infrastructure security solution for the multicloud ecosystem now integrates with telecommunications industry cloud service providers, delivering defense-in-depth that secures production workloads across managed service datacenters, as well as multiple clouds, without requiring changes to existing infrastructure.
AlgoSec Launches New App for Cisco ACI to Monitor and Assess Risk and Compliance Across the Enterprise Network (Marketwired) First security policy management app on the newly launched Cisco ACI App Center, app complements AlgoSec's full-scale integrated sSolution for Cisco ACI
Oxygen Forensic® Detective 9.2 Offers Mobile Forensics Experts Ability to Organize WebKit Data on iOS and Android Devices (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that its flagship product, Oxygen Forensic® Detective 9.2, now features the ability to organize WebKit data from iOS and Android devices, saving critical time in accessing webmail and the content of visited pages.
Focal Point Launches ForceID Audit to Measure IAM Maturity (Focal Point) ForceID draws on Focal Point’s unmatched identity and access management experience to deliver secure identity controls as agile as today’s businesses.
LockPath Included in Gartner’s Market Guide for Audit Management Solutions (LockPath.com) LockPath has been included as a Representative Vendor in Gartner Inc.’s February 3, 2017 Market Guide for Audit Management Solutions
Viptela Receives NFV Certification on ADVA Ensemble Orchestrator (BusinessWire) Viptela SD-WAN platform has been certified with ADVA Ensemble Orchestrator for network functions virtualization.
illusive networks Adds Kill Switch Capabilities to its Deceptions Everywhere Cybersecurity Platform with Integration of Cisco pxGrid (PRNewswire) illusive networks, the leader in Deceptions Everywhere®...
Gemalto and Microsoft join forces to provide seamless connectivity for Windows 10 devices (Yahoo! Finance) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows...
IBM joins government’s secure cloud list (Computerworld) Infrastructure as a service and platform as a service offerings from IBM have been added to the government’s Certified Cloud Services List (CCSL), which is maintained by the Australian Signals Directorate.
VMware, Intel collaborate on healthcare security (iTWire) Virtualisation company VMware is collaborating with Intel Health and Life Sciences in an initiative it says is designed to help global healthcare orga...
Mullvad delivers faster VPN connectivity with regional expansion (News Powered by Cision) Mullvad has expanded its offering of region-based VPN
AdaptiveMobile launches Open Platform Initiative (Telecompaper) AdaptiveMobile launched its Open Platform Initiative to provide availability to its Network Protection Platform (NPP) converged carrier security platform to cloud communication companies and OTT messaging applications.
Dashlane Banks on Smartling to Translate its Secure Password Management into 15 Languages (Yahoo! Finance) As today's connected consumers continue to create more and more online accounts, many are finding it difficult to balance security with simplicity when protecting their personal information. Smartling, ...
Russian security company to compete with Microsoft via new OS (TechRadar) Kaspersky’s OS is built from scratch for top-notch IoT security
Kaspersky: No whiff of Linux in our OS because we need new start to secure IoT | ZDNet (ZDNet) While Linux might be on millions of IoT devices, Kaspersky says there's no trace of it on its new secure OS.
Core Security Continues to Lead Identity Management Innovation with Introduction of New Toolkit (Yahoo! Finance) Core Security ®, a leader in Identity and Access Management, Vulnerability, and Network Detection and Response, today announced the release of Core Connector API, ...
Lattice Engines Improves SaaS Security and Compliance Reporting with Tenable Network Security (BusinessWire) Tenable announced today that Lattice Engines, a leading provider of predictive analytic solutions, has simplified reporting and reduced cyberthreats w
Wombat Security Technologies Expands Healthcare Security Awareness Training Program, Launching at HIMSS17 in Orlando (Yahoo! Finance) As news of data breaches and phishing scams circulate, healthcare professionals may be more aware of cybercrime, but cyber attackers are becoming equally savvy. ...
ESET looks to deepen enterprise penetration with new threat intelligence service - ChannelBuzz.ca (ChannelBuzz) ESET is taking the intelligence grid that it uses internally in its cloud protection system, and making it available to customers as a service.
RedOwl Enters Agreement with immixGroup to Reduce Insider Threat Risks for Government (Yahoo! Finance) RedOwl, the leading provider of insider risk solutions, today announced an agreement with immixGroup, an Arrow company that helps technology companies do business with the government. Through immixGroup ...
Waratek Offers $10,000 No False Positive Guarantee (Yahoo! Finance) Waratek, a pioneer in the next generation of application security solutions, has announced a new false positive guarantee tied to the Waratek Application Security Platform. For every instance of a false positive generated for the Open Web Application
Technologies, Techniques, and Standards
Detecting PLC malware in industrial control systems (Help Net Security) How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems detect it?
DHS offering GPS resiliency tests for critical infrastructure devices (TheHill) Tests will check if GPS devices can withstand jamming and fake signals, called spoofing.
How to leverage intelligent deception to detect cyber attacks (Help Net Security) Yoel Knoll, VP of Marketing for TopSpin Security, talks about how you can leverage intelligent deception in order to detect cyber attacks.
The value of sharing threat intelligence (Information Age) Sharing threat intelligence is not common practice, but it can serve as a valuable asset in the fight against malicious cyber attacks
How to leverage intelligent deception to detect cyber attacks (Help Net Security) Yoel Knoll, VP of Marketing for TopSpin Security, talks about how you can leverage intelligent deception in order to detect cyber attacks.
PHP Becomes First Programming Language to Add Modern Cryptography Library in Its Core (BleepingComputer) The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default.
Border Digital Safety for Journalists (Errata Security) The CPJ, the "Committee to Protect Journalists", offers some horrible advice [ * ] on Digital Security, especially when crossing the border....
Design and Innovation
Google and Bing plan to bury pirated content (Naked Security) From 1 June 2017 Google and Bing will to de-prioritise unlawful sharing sites
Homeland Security Wants To End The Scourge Of DDoS Attacks (Forbes) In 2017, Homeland Security has as much to do with securing digital borders as it does geographical ones. One push the DHS is leading to make cyberspace safe for Americans is the DDoSD project.
Research and Development
Forcepoint™ Research Shows Understanding People’s Behaviors and Intent Critical to Future of Cybersecurity – But Significant Gaps Exist (Forcepoint) Nearly 80 percent of cyber professionals say enterprises must understand behaviors and intent as people interact with critical data and IP; today, less than a third are able to do so effectively.
What chess players can teach us about intelligence and expertise (Phys.org) Are experts more intelligent than non-experts or do they just work harder? And why do some people reach high levels of expertise, while others just remain amateurs? These are some of the questions that cognitive scientists have tried to answer for more than a century. Now our new research on chess players has started untangling the problem.
Academia
These college students invent things for the Pentagon, and maybe find a business (Washington Post) Defense Dept. scales up its Hacking for Defense program at more than a dozen universities.
APSU offering undergrad and grad programs in cybersecurity | ClarksvilleNow.com (ClarksvilleNow.com) Recent survey shows 64 percent of Americans have personally experienced a major data breach.
Legislation, Policy, and Regulation
India's cyberspace intelligence agency to be functional from June (The Economic Times) Sector specific computer emergency response teams (CERT) for industries such as power, communications etc, will also be created, Ravi Shankar Prasad, Union Minister for Electronics and IT said.
Government Needs Tougher Cyber Defence, Warn MPs - Acumin (Acumin) A new Public Accounts Committee report suggests that there has been a lack of cyber defense strategy coordination in the public sector.
Defense chief asks for plan on cyber reform (TheHill) New memo highlights organizational reforms
Mattis mulls consolidation in IT, cyber (FCW) In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.
The future of U.S. Cyber Command (Government Matters) Michèle Flournoy, CEO at the Center for a New American Security and former under secretary of defense for policy. They discussed the future of U.S. Cyber Command, cyber rules of engagement, and the cyber human capital pipeline.
Information Warfare: HVIs Wanted Dead Or Alive (Strategy Page) The U.S. Air Force recently revealed that during 2016 its component of U.S. Cyber Command (USCYBERCOM) conducted 4,000 Cyber War operations to obtain useful information (often about location) on more than 100,000 targets.
For the Navy, cyber defense has effects well beyond cyberspace (C4ISRNET) Cyber defense is more important than offensive action, according to the commander of Fleet Cyber, as it affords commanders trust in their data and decision making.
Navy Cyber Chief: Network Protection, Data Assurance Top Priorities (USNI News) The military services must deliver information and data to warfighters, from fleet commanders to pilots, that's timely, accurate, secure and not compromised by the growing threats from network intruders and attacks, the Navy's top cyber official told a San Diego defense conference.
Trump national security adviser will face Senate vote (Defense News) The president’s national security adviser doesn’t need Senate confirmation, but for President Trump’s pick, Lt. Gen. H.R. McMaster, it will be different.
The warrior-thinker Trump picked for national security adviser (Defense News) President Donald Trump named Lt. Gen. H.R. McMaster — considered to be one of the smartest strategists in the military today — as his national security adviser.
Obama officials: There's hope for cybersecurity under Trump (The Christian Science Monitor Passcode) At the Beat the Breach event during the RSA Conference in San Francisco this week, current and former US government officials expressed optimism about the state of cybersecurity under President Trump.
Federal Officials Should Disclose Vulnerabilities for Security’s Sake (FedTech) When feds discover a loophole, they need to weigh whether to share that information — or exploit it for intelligence on the perpetrator behind the threat.
Cybersecurity Requirements for Financial Services Companies (New York State Department of Financial Services) I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the authority granted by sections 102, 201, 202, 301, 302 and 408 of the Financial Services Law, do hereby promulgate Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York, to take effect March 1, 2017, to read as follows...
Litigation, Investigation, and Law Enforcement
Trump administration expands social media checks to cover Chinese visitors (South China Morning Post) US Department of Homeland Security proposes asking Chinese 10-year visa applicants for details of social media presence
Facebook fails in bid to get lawsuit over 'stolen' data centre designs thrown out (Computing) Facebook alleged to have stolen data centre intellectual property - and given it away to the Open Compute Project
Microsoft's Windows 10 privacy policies questioned by EU Article 29 Working Party (Computing) Microsoft asked to explain how private data from Windows 10 users is processed
Prison for former sysadmin who hacked industrial facility and... (HOTforSecurity) Are you a sysadmin who left your last job under a cloud? My advice is don't try and seek revenge by hacking into the company that fired you. You might end up with a lengthy prison sentence.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?
21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, Jun 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.
Upcoming Events
Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, Feb 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.
Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, Feb 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.
Risky Business (London, England, UK, Feb 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.
The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, Feb 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.
Second Annual International Security Conference (Riyadh, Saudi Arabia, Feb 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.
SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.
Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.
The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers
International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.
SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.
15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.
ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.
Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.