current issue – 5.27.16

Greetings!

Special Section: news from the Georgetown Cybersecurity Law Institute (our regular summary appears below)

We were pleased to be able to cover Georgetown University's annual Cybersecurity Law Institute this week. Expert panels gave advice on incident response, regulatory agencies and law enforcement authorities, communicating with (and translating for) boards and C-suites, planning and preparation, privilege, and the sometimes surprising national security dimensions of corporate cyber security. Our full report is linked below.

You'll find the Institute's website here. The CyberWire's report on the Institute's main sessions can be found here.

Today's regular daily summary starts here.

THE CYBERWIRE (Friday, May 27, 2016) — The official website of South Korea’s Air Force, now restored, was shut down for some two weeks. No attribution, but a priori probability points to Pyongyang.

More banks worldwide are investigating potential fraudulent activity enabled by their links with the SWIFT funds transfer network. Most reports suggest Southeast Asia is most affected, with the Philippines and New Zealand also noting suspicious activity. SWIFT continues to work on upgrading security.

DDoS and ransomware continue to circulate. DNS-provider NS1 was hit by a series of attacks that affected DNS delivery in four continents. With respect to ransomware, a Javascript exploitation campaign is distributing Locky.

An Office bug Microsoft patched last year continues to yield opportunities for cyber espionage. CVE-2015-2545 is being exploited by Danti (active against the Indian government), Platinum, APT16, Ke3chang, and SVCMONDR. Unpatched systems afford an uncontested attack surface.

The hybrid war Russia continues to wage against Ukraine prompts some hesitant movement toward sanctions in Europe, and inspires Ukraine’s Army to take its information operations to radio (they’re looking for an appealing DJ—Russia media have considerable reach into Ukraine).

Legislation in the US Senate that would weaken encryption seems to be stalling in the face of increased opposition.

In industry news, Palo Alto’s results disappointed investors last night, as did Splunk’s (which, in fairness, weren’t a loss). But analysts as a group seem disposed, again, to view cyber as a story-stock sector: witness Sophos, whose shares saw a small gain even after reporting a loss.

Scotland’s apparently using Stingrays.

A note to our readers. We'll be observing Memorial Day on Monday, and so will place the CyberWire on hiatus. We'll resume our regular publication and podcasting on Tuesday. Enjoy the holiday, if you observe it where you live, and, wherever you are, spare a thought for the fallen and their families.

Today's edition of the CyberWire reports events affecting Belgium, Brazil, Canada, China, the European Union, Germany, India, Iraq, Japan, the Democratic Peoples Republic of Korea, the Republic of Korea, Malaysia, New Zealand, the Philippines, Russia, Syria, Turkey, Ukraine, the United Kingdom, and the United States,.

On the podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Accenture's Malek Ben Salem, who'll share some insight into the security implications of artificial intelligence and machine learning. And we're pleased to offer our interview with Brent Waters, of the University of Texas at Austin, who's recently been honored with an early career award from the Association of Computing Machinery for his contributions to encryption. He'll be telling about one of those contributions: his work in functional encryption. (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)

Dateline Georgetown Cybersecurity Law Institute (2)

Cyber Events (21)

Dateline Washington, DC: the latest from the Georgetown Cybersecurity Law Institute

Cybersecurity Law: Advice for Corporate Counsel, a Perspective on Regulatory Agencies, National Security and the Corporation, and Incident Response (The CyberWire) Georgetown's annual Cybersecurity Law Institute offered its customary mix of expert presentations and panels. Here’s a summary of the two-day event, which took place on May 25 and 26, 2016…

Cybersecurity Law Institute (Georgetown University Law Center) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies…

Cyber Attacks, Emerging Threats, and New Vulnerabilities

South Korean Air Force Website Faces Cyber Attack (HackRead) The official website of South Korean Air Force (airforce.mil.kr) was shut down for two weeks after a massive cyber attack hit its server…

Up to a dozen banks are reportedly investigating potential SWIFT breaches (IDG via CSO) The incidents are part of a larger trend of cybercriminals targeting financial institutions directly instead of customers…

Symantec Says SWIFT Malware Is Linked to Cyber Attack in the Philippines (Fortune) Symantec suggests recent success could prompt more attacks…

SWIFT Proposes New Measures For Bolstering Its Security (Dark Reading) Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network…

DNS provider NS1 hit with multi-faceted DDoS attacks (Help Net Security) Early last week, DNS and traffic management provider NS1 was hit with a series of DDoS attacks that lasted several days, and managed to impact DNS delivery in the European, American and Asian region…

Ultimate Guide To DDoS Protection: DDoS Is A Business Problem (Dark Reading) In the first of a two-part series, we examine the impact DDoS attacks have on business continuity - and why it is so much more than a network security problem…

Why you can’t trust things you copy and paste from web pages (Naked Security) Put away your wget and curl, your SOAP clients and WSDLs, WebDAV servers, REST APIs and JSON callbacks; when it comes to moving data off websites and on to your computer the sticky stuff that greases the wheels is copy and paste…

One Microsoft Office Exploit Has Become Very Popular with Cyber-Espionage Groups (Softpedia) CVE-2015-2545 is the identifier of a security bug in Microsoft Office that has become very popular with many cyber-espionage groups around the world, such as Platinum, Danti, APT16, Ke3chang, and SVCMONDR…

Kaspersky spots patched Microsoft Office vulnerability risk (ITPro) The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines…

Symantec probe exposes how high profile Twitter accounts were hacked (Big News Network) A new probe by cyber-security firm Symantec has revealed that about 2,500 high profile Twitter accounts were compromised and malicious tweets were sent out from the hacked accounts…

High-Tech Bridge Uncovers Large Number Of Fraudulent Cybersecurity Company Domains (RushPRNews) Research into the proliferation of fraudulent domains affecting the cybersecurity industry by web security experts High-Tech Bridge has uncovered some startling results, with a string of household names being impersonated online…

New JavaScript spam wave distributes Locky ransomware (IDG via CSO) European countries are the most affected, but detections have also been recorded in the U.S. and Canada…

Most of PC users still don’t know how dangerous ransomware is (2-Spyware) Though cyber criminals have been on a roll releasing various ransomware viruses in recent years, surprisingly, there is still a significant number of Internet users who are not aware of this type of threat at all…

Companies could use 'intermediate' web security certificates to spy (Engadget) Intermediate certificate authorities are just as potent as the root CAs that form a secure web…

Quiet cryptologist Bill Duane's war with Beijing's best (Register) The co-developer of RSA's SecureID explains how he fought against Chinese crack…

A hacker explains why US nukes controlled by ancient computers is actually a good thing (Business Insider) A new government report on Wednesday revealed that America's nukes are still being controlled by antique computers with 8-inch floppy disks, but a former white hat hacker says that's not necessarily a bad thing…

This Map Tracks Where Governments Hack Activists and Reporters (Wired) In an age when spies carefully hide their tracks through layers of obfuscation and proxy servers, locating the perpetrators of online surveillance is often nearly impossible. But the victims of these spying campaigns can sometimes be easier to place. And one open-source initiative has set out to map cases where state-sponsored malware campaigns target members of civil society, in an effort to show how governments use digital intrusions to control and disrupt their enemies around the globe…

Cyber Trends

Brazilian companies rank worst among major economies on cyber security: report (Reuters) Companies based in Brazil scored “significantly poorer” in aggregate on a variety of cyber security indicators than those based in other major world economies, such as the United States and China, according to a report released on Thursday…

MESA: Collaborative Approach is Critical (InfoRisk Today) Keynote lays emphasis on a strong public-private partnership model…

Marketplace

Cyber attacks against our critical infrastructure are likely to increase (Business Insider) The threat of more cyber attacks is very real, according to the U.S. Department of Homeland Security. The number of cyber attacks that target industrial control systems for automated industrial machines has been on the rise, according to the department. This increase will likely pick up speed in the next few years, according to Yoni Shohet, the co-founder and CEO or SCADAfence, a startup that provides a system to monitor industrial control systems for cyber threats…

Cyber Security Firm Palo Alto Network's Third Quarter Loss Widens (Fortune) The company spent more on marketing its products…

It's been a breach-tastic year. And Sophos sales were good, apparently (Register) But first public outing reveals slimmer wallet…

Splunk Takes a Breather After Another Beat and Raise (Motley Fool) Sometimes, great just isn't good enough…

Is Booz Allen Hamilton Holding Corp (NYSE:BAH) Well Tailored for Your Portfolio? (Street Report) Booz Allen Hamilton Holding Corp (NYSE:BAH)(TREND ANALYSIS) announced it was one of the awardees of pool 3 in support of 18F, a civic consultancy for the government within the U. S. General Services Administration (GSA), as they look to improve how the government works with citizens online…

FireEye Inc: Look to FEYE for Threat Prevention in Your Portfolio (Investor Place) Cybersecurity firm FireEye quickly positioned itself as a leader in the industry…

OpenDNS buy is feeding security insights to Cisco's threat-intelligence efforts (CSO) Visibility of online activities paints clearer picture of changing threat climate…

Egnyte wants to see more commitment from the UK (MicroScope) Vineet Jain, founder and CEO of Egnyte says it’s hard to get UK resellers to commit to the US cloud model – but are there historical reasons for this caution?…

Cybersecurity experts hunting cyber threats from home in Mississippi (Mississippi Business Journal) A network of cybersecurity experts working from their homes in South Mississippi are on the hunt for cyber threats IN a multitude of industry environments…

Radical transition for testing equipment provider Ixia (IT Brief) Ixia started as a manufacturer of testing & measurement hardware. The type of boxes that networking vendors like Cisco, Juniper, HP & Dell, would use to test their switches, routers and other networking equipment before releasing them…

BAE Systems expands cyber collaboration in Malaysia (IHS Jane's 360) BAE Systems and CyberSecurity Malaysia, a government agency, have agreed to extend their collaborative arrangement for a further two years, it was announced on 26 May…

Startup tech companies seek savvy channel partners (TechTarget) Early-stage companies participating in the 2016 MIT Sloan CIO Symposium's Innovation Showcase are pursuing relations with channel partners that can incorporate their products into broader offerings…

IT security skills remain in high demand (Help Net Security) IT security tops the list of the skills that IT decision-makers say they want their team members to have, according to a new report by Global Knowledge, based on input from more than 10,000 IT and business professionals in North America…

Tenable Network Security Wins Award for Organisational Excellence in Information Security at the 2016 AusCERT Awards (CSO) Tenable Network Security®, Inc., a global leader transforming security technology for the business needs of tomorrow, has been recognised for Organisational Excellence in Information Security at the 2016 AusCERT Awards…

London-based cybersecurity firm adding office in Dallas and looking to hire (Dallas Morning News) Digital Shadows, a London-based cybersecurity firm with $22 million in backing, is opening an office in Dallas and looking to hire technology workers in the rapidly growing industry…

Barracuda Networks brings back old head to head channels (ChannelBiz) Barracuda Networks has strengthened its executive leadership team with the appointment of Hatem Naguib as senior vice president and general manager, security business, and Ezra Hookano as vice president of channels…

RBI Seeks Four VPs for New IT Arm (InfoRisk Today) But shouldn't the Regulator appoint a CEO for the Group first?…

Products, Services, and Solutions

Level 3 Takes Security to the Network and Leverages the Cloud to Defend Customers (Yahoo! Finance) Level 3 Communications, Inc. (NYSE: LVLT) launches Enterprise Security Gateway (ESG), a cloud-based network security solution that reduces the cost and complexity of security without sacrificing performance…

IoT security testing and certification program (Help Net Security) To help companies mitigate risks associated with an increasingly connected world, ICSA Labs, an independent division of Verizon, is rolling out a new security testing program to provide assurance testing for Internet of Things (IoT) devices and sensors…

Review: ProtonMail (Help Net Security) ProtonMail is an email service developed by a team of scientists who met while working at the European Organization for Nuclear Research (CERN) in Switzerland. The idea behind ProtonMail is to provide an easy to use email service with built-in end-to-end encryption and state-of-the-art security features…

PopMarker Integrates Forensiq To Ensure Ad Traffic Quality (Globe Newswire) PopMarker as a publisher network, started to fight against ad fraud and nonhuman traffic…

BluVector Awarded SAFETY Act Designation by the Department of Homeland Security (BusinessWire) Malware detection and cyber hunting solution achieves DHS SAFETY Act designation…

Lieberman Software and Core Security Form Strategic Alliance (MarketWired) New partnership creates holistic solution for managing privileged identities and governing access control for all users…

Silicon:SAFE launches Password Protect to stop bulk password thefts from organizations (CIO Today) Digital hardware vault gives secure mass storage of users’ account passwords for enterprises…

RedOwl Adds Voice Capability to Regulatory Surveillance Platform Using Verint Risk and Compliance Analytics Solutions (BusinessWire) RedOwl, the leader in human risk analytics, today announced a global partnership with Verint® Systems Inc. (Nasdaq: VRNT). The technology integration is designed to enable organizations to proactively detect and deter unwanted and/or illegal insider behavior, improve the effectiveness of front-office reviews, and reduce response times for regulatory requests and audit…

Technologies, Techniques, and Standards

SANS Maps SAP Cybersecurity to Top Twenty CIS Critical Security Controls for Effective Cyber Defense (BusinessWire) Following on recent cyber attacks aimed at SAP systems, SANS maps SAP cybersecurity to the Critical Security Controls list for the first time…

How security standards help companies prioritize data protection (TechTarget) In part one of this blog post, John Pescatore, director at the nonprofit cybersecurity training provider SANS Institute, delved into the legal challenges companies face as they strive to secure consumer information. Here, Pescatore discusses how companies can use various security standards available to create their unique set of security policies…

Trend Micro lays out layered approach to defeating ransomware (Channelnomics) Ransomware isn’t just a consumer threat anymore – a successful attack can cripple a company…

Strengthen security during production and development (Help Net Security) Applications have become the heart of many businesses, with millions of dollars allocated to their development and millions of dollars in revenue associated with their success. And in the rush to release these applications as quickly as possible, many businesses are sacrificing on security. This is a dangerous misstep…

C4ISR Conference: How virtualization lowers the cyber risk of enterprise migration (C4ISR & Networks) The Department of Defense is currently striving to combine its information technology systems through an enterprise architecture, but as the project advances, so does the cybersecurity risk…

Cyber security in aviation: The woman who saw the tsunami coming (Runway Girl Network) As a forensic chemist dealing in explosives and crime scene investigation, Boeing’s Faye Francy spent the first half of her career analyzing the ugly aftermath of malicious attacks on aviation. Now, in a parallel role as executive director of the recently formed Aviation Information Sharing and Analysis Center (A-ISAC), she’s making it her goal in the second half to stop, or at very least mitigate the impact cyber attacks on industry stakeholders…

Japan ATM Cash-Out Scheme: Lessons for India (InfoRisk Today) Vigorous fraud detection, transaction anomaly monitoring needed…

Research and Development

Podcast: Steve Weber on why hackers may start targeting your emotions (Christian Science Monitor Passcode) In this episode of The Cybersecurity Podcast, UC Berkeley's Steve Weber outlines his team's research into the possible futures of the Internet and cybersecurity in 2020…

Academia

University of North Georgia cited as a national leader in cyber security education (PRNewswire) The University of North Georgia (UNG) recently earned designation as a National Center of Academic Excellence in Cyber Defense (CAE-CDE)…

Legislation, Policy, and Regulation

Germany: EU faces ‘difficult’ talks on Russia sanctions (Euractiv) Germany said on Thursday (26 May) that the EU is facing difficult talks on extending sanctions against Russia over the conflict in Ukraine due to the increased resistance of some member states, and denied that a new Cold War was afoot…

Good Morning, Ukraine! Army Radio Seeks Colorful DJ to Mock Russians (Wall Street Journal) Army FM hopes a ‘cooler vibe’ will drown out pro-Russian broadcasts…

Why India is Still Not Ready for Breach, Privacy Laws (InfoRisk Today) Security leaders debate potential influence of EU's GDPR…

Health Secretary: ‘NHS Still Not Trusted on Data Security’ (Infosecurity Magazine) The NHS has been told that it needs to improve data security from a tech, governance and training perspective ahead of two new reviews set to land in the coming year…

US Aims to Boost Cyber Command in Preparation for Digital Warfare (Sputnik News) The White House has looked to reposition the American security apparatus toward facing 21st century battles, and the US Senate now agrees that upcoming conflicts may include those that take place online…

Senate proposal to require encryption workarounds may be dead (IDG via CSO) Opposition may doom effort to require tech vendors to assist law enforcement with unlocking devices…

Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records (Intercept) A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy…

Obama's cyber 'state of emergency' yields no quick sanctions (FCW) In April 2015, President Barack Obama declared foreign cyber threats a national emergency and gave the Treasury Department enhanced powers to target adversaries in cyberspace. Yet in the first five months with that greater authority, Treasury had yet to use it, according to a newly released report…

Coordination key to state cyber responses (GCN) Several state officials came to Capitol Hill on May 24 to discuss their cybersecurity challenges and provide Congress with insights into their practices and successes…

Litigation, Investigation, and Law Enforcement

Islamic State Executioner Linked to Belgian Arrestees (Wall Street Journal) Terror group operative Hicham Chaib was in communication with Belgians arrested this week for alleged terror plot, officials say…

Leaked Islamic State files reveal the 'borders chief' who helped funnel terrorists into Syria (Telegraph) eaked Isil files have revealed the group’s so-called “borders chief”, a senior leader responsible for recruiting thousands of foreign jihadists and funnelling them into Syria…

In a First, UK Authority Admits to Using IMSI Catchers for Surveillance (Motherboard) While the US has seen a vibrant debate around the use of IMSI catchers (commonly known as Stingrays), the position of UK authorities has been to consistently neither confirm nor deny use of the technology…

Surveillance technology has advanced far beyond the laws that govern it (Ars Technica) Ars Technica Live #2: Law professor Elizabeth Joh predicts the future of high-tech policing…

Judge Deals Blow to Secret FBI Hacking (US News and World Report) The FBI wouldn’t divulge covert details, and now evidence in a child porn investigation has been tossed…

Did the Clinton Email Server Have an Internet-Based Printer? (KrebsOnSecurity) The Associated Press today points to a remarkable footnote in a recent State Department inspector general report on the Hillary Clinton email scandal: The mail was managed from the vanity domain “clintonemail.com.” But here’s a potentially more explosive finding: A review of the historic domain registration records for that domain indicates that whoever built the private email server for the Clintons also had the not-so-bright idea of connecting it to an Internet-based printer…

Hillary Clinton Wasn’t Adept at Using a Desktop for Email, Inquiry Is Told (New York Times) Hillary Clinton and her advisers have offered a series of explanations over the last year for her decision to use a private email server as secretary of state, a decision that she said again on Thursday had been “a mistake”…

Could Romanian hacker ‘Guccifer’ assist FBI’s probe of Clinton? (The Hill) A Romanian hacker’s plea deal to cooperate with the government is raising questions about whether he might be called upon to assist in the FBI’s investigation of Hillary Clinton…

Clinton’s inexcusable, willful disregard for the rules (Washington Post) Hillary Clinton's use of a private email server while secretary of state from 2009 to 2013 has been justifiably criticized as an error of judgment. What the new report from the State Department inspector general makes clear is that it also was not a casual oversight. Ms. Clinton had plenty of warnings to use official government communications methods, so as to make sure that her records were properly preserved and to minimize cybersecurity risks. She ignored them…

FBI raids dental software researcher who discovered private patient data on public server (Daily Dot) Someone alerts you to exposed, unencrypted patient information on your FTP server. Is the correct response to thank them profusely or try to have them charged as a criminal hacker?…

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Remaining This Month:

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more.

Coming Next Month:

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.

SecureWorld Atlanta (Atlanta, Georgia, USA, June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers.

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA,, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers.

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

SANSFIRE 2016 (Washington, DC, USA, June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker's viewpoint.

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA, June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!.

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

the cyberwire
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.