Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

The daily briefing.

The NSA mole hunt continues, as the weekend's New York Times piece is still drawing much comment. Observers tend to make a couple of points. First, the leaks that have reached the world through the Shadow Brokers cast doubt on any organization's ability to safeguard sensitive information. Second, every enterprise should bring its patches, particularly patches for mobile devices, up to date, as many fear a wave of mobile system hacking. Suspicion centers on either Russian intelligence services or on some group of disgruntled insiders.

Spain's government has warned the European Union that a disinformation campaign aimed at influencing the Catalan separatist movement appears to originate "in Russian territory," with much of it being repeated "from Venezuelan territory." The Spanish Defense Minister stopped short of formally accusing the Russian government.

IBM X-Force researchers report finding a new banking Trojan, IcedID. It's new, and apparently still under development, but it appears capable of using both redirection and web injection attacks. Until now, Dridex had been the only prominent banking Trojan to employ both kinds of attack. X-Force thinks IcedID is using Emotet's botnet infrastructure to distribute itself.

Commonly used anti-virus software are vulnerable to a proof-of-concept exploit, "AVGater," that bypasses their protections. Emsisoft, Ikarus, Kaspersky, Malwarebytes, Trend Micro, and Check Point have patched.

In other update news, Firefox 57 will introduce more capable sandboxing in its next version, and Google has put Android app developers on notice that it will kick anything found misusing Accessibility services out of the Play Store.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting the European Union, Russia, Spain, and the United States.

Not all intelligence is created equal.

A well-informed cybersecurity strategy is essential to keeping your organization protected, but gathering global intelligence from various sources and locations is difficult. Your organization needs a partner with deep roots in cyber threat intelligence. The LookingGlass digital library (STRATISS) of strategic intelligence reports expands your understanding of the threat landscape and delivers the intelligence your decision makers want to their fingertips. Check out our intelligence here.

On the Podcast

In today's podcast, Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast discusses why generating random numbers is a lot harder than it looks. Our guest, Steve McGregory from Ixia, describes the challenges of dealing with the "virtually infinite" computing power and bandwidth cloud computing offers. 

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Spain warns EU of Russian meddling in Catalan separatist movement (Deutsche Welle) Madrid stopped short of blaming the Kremlin of outright interference in Spain's domestic affairs. But there is growing evidence that the Kremlin feels empowered by sowing divisions in Europe and the United States.

Shadow Brokers cyberattack infiltrated heart of US spy agency (Times) An American cyberspecialist who worked at the National Security Agency has revealed how hackers calling themselves the Shadow Brokers infiltrated one of the most secret units inside the...

How the Shadow Brokers Unleashed the NSA's Powerful Cyberweapons on the World (CyberX) Here's a summary of an in-depth article published yesterday by Scott Shane, Nicole Perloth, and David Sanger of the New York Times.

The NSA's Shadow Brokers Quandary Prompts Top Solution Providers To Warn Customers About Mobile Device Patching (CRN) Kudelski Security CTO Andrew Howard said a zero day attack against a major mobile device platform is likely imminent given a recent cyberweapons theft and disclosure.

New IcedID Banking Trojan Discovered (BleepingComputer) Malware experts have spotted a new player on the banking trojan scene that they named IcedID and which is currently in its first stages of development.

New Banking Trojan IcedID Discovered by IBM X-Force Research (Security Intelligence) IBM X-Force identified a new Trojan, dubbed IcedID, that uses advanced browser manipulation tactics to target financial institutions in the U.S. and U.K.

Security researcher uncovers ingenious exploit compromising Trend Micro, Kaspersky, ZoneAlarm and other anti-virus software packages (Computing) Security flaw requires local administrative privileges

'Highly secure' work tool leaks documents (BBC News) Private files belonging to tax adviser KPMG and the BBC are exposed by Huddle's team-sharing tool.

ZeuS Panda Trojan Spreads Through Google Search (Spyware Techie) The ingenuity of cyber criminals does not seem to stop, as every day they find more ways to infect multiple systems worldwide.

Threat Actors Put a Greek Twist on Ransomware with Sigma (PhishMe) When we think of Greek-themed malware, the trojan family generally comes to mind. Not anymore...

No Platform Immune from Ransomware: Sophos (Enterprise Channels MEA) Enterprise Channels MEA, is a South Asia and Middle East-based leading Media house, specialized in ICT publications, events marketing and communications services.

The modern Gold Mine Rush - Office 365 as a crypto miner’s paradise (Netskope) Netskope Threat Research Labs has detected a browser-based coin miner named Coinhive resident in Microsoft Office 365 OneDrive for Business. The Coinhive miner was installed as a plugin in an SSL website. The tutorial webpage hosted on the website was saved to the cloud and then shared within an organization. The presence of browser-based coin...

Cyber experts say threats to satellites are legion (SpaceNews.com) If your company or organization uses a network, there are people who want to hack it. If you haven’t tried to stop them, those hackers are probably already in your network.

Eavesdropper vulnerability exposes sensitive corporate communications data (Help Net Security) Appthority published research on its discovery of the Eavesdropper vulnerability, caused by developers carelessly hard coding their credentials in mobile a

Data exfiltration tool PTP-RAT encodes data in pixel colour values (Help Net Security) How to exfiltrate data from a machine that doesn't have file transfer capabilities or whose RDP connection has been locked down? Use PTP-RAT.

Voice recognition systems easily fooled by impersonators, claims Finnish university study (V3) Cyber crooks can compromise speech recognition systems with ease, claim researchers at the University of Eastern Finland,Security,Mobile Phones,Hardware ,Hacking,hackers,voice recognition,University of Eastern Finland

Simple exploit can be used to disable Brother printers remotely (Naked Security) The only people who should have access to your printer’s web interface are the people who need it

U.S. Grid Narrowly Escapes Apocalyptic Attack (OilPrice) A new study from IT security consulting firm Symantec shows that the U.S. power grid is at extreme risk of a detrimental cyber-attack

How Twitter outrage hatches in tiny fringe groups on 4chan and Reddit (Naked Security) Communities within 4chan and Reddit are veritable hatcheries for Twitter-borne fakery

Security Patches, Mitigations, and Software Updates

Firefox to offer tracking protection for all in its next update (Naked Security) This next major update, Quantum, is expected to include an option to turn on Tracking Protection during normal browsing

Firefox 57 Brings Better Sandboxing on Linux (BleepingComputer) Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users.

Google will remove apps that misuse Android Accessibility Services from Google Play (Help Net Security) Android Accessibility Services misuse has led Google to make some developers switch to other methods or risk their apps being removed from Google Play.

Google Addresses Android's Biggest Security Problem: Accessibility Services (BleepingComputer) Google has emailed Android app developers and has informed them of plans to remove all apps that misuse the Accessibility service from the Play Store.

Teledildonics maker Lovense fixes bug to delete recordings of user sessions from phones (Help Net Security) A Reddit user noticed that the app that is used to control remote control sex toys made by Lovense "seems to be recording while the vibrator is on."

YouTube to crack down on inappropriate videos targeting kids (Naked Security) The automatic filters are far from foolproof, so YouTube’s investigating other ways to take down the disturbing content.

Cyber Trends

After Equifax: Security Professionals Expect the Worst and Claim They Are Prepared (Varonis) Nearly 50% of IT pros are bracing for a cyber attack, yet 89% profess confidence in their cybersecurity stance.

Tenable CEO doesn't think much of the Equifax, Yahoo cyber breach explanations (Washington Business Journal) Tenable Network Security Inc. CEO Amit Yoran has a visceral SMH reaction to the recent “WTF moment” of Equifax CEO Richard Smith's congressional testimony about the mind-boggling data breach at his credit reporting company, as well as last week's appearance on Capitol Hill by ex-Yahoo chief Marissa Mayer.

Hiding Behind the APT Helplessness Defense...Really? (Tenable™) Former Equifax CEO Richard Smith’s Congressional Testimony was a real

VIDEO: Why We Need to Stop Calling Cybercriminals 'Hackers' (Carbon Black) (Editor’s Note: This article also appears on Cyberscoop.) Carbon Black’s National Security Strategist Eric O’Neill talks about what needs to change in the cybersecurity community if things are going to get better in 2018.

Organisations Urged to Reconsider How They View and Protect Data (BusinessWire) A new IDC Perspective Report, sponsored by Covata, urges organisations to reconsider how they view and protect data.

Request the 2017 Q3 Data Breach QuickView Report (Risk Based Security) Get your complimentary copy of Risk Based Security's Q3 2017 Data Breach Quick View Report, an executive summary of data breaches in the first 9 months of 2017.

GDPR Compliance and Fines May Affect Almost 80% of Organizations Surveyed (PRWeb) HyTrust survey finds most organizations with cloud infrastructure are unprepared for GDPR deadline with less than a year until enforcement

Marketplace

Could cloud vendors dump big customers to avoid shared liability once GDPR is enacted? (Computing) Fieldfisher GDPR expert Kuan Hon explains the possibilities, with potential fines for large firms set to run into billions when the new law comes into force next year

Barracuda Acquires Sonian Inc. (PRNewswire) Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of...

Medigate Announces $5.35M Seed Round to Protect Connected Medical Devices from Pandemic Cyberattacks Threatening Patient Safety and Privacy (BusinessWire) Israeli startup Medigate announces $5.35 million in seed funding for its mission to secure millions of connected medical devices.

Duo Security is hiring more than 50 people for a variety of jobs throughout the company (WXYZ) If you want to work in cyber security with a human-centered approach to developing solutions, Duo Security is hiring dozens of people across the company and at all locations.

A (smart) cybersecurity firm grows in Portland (Portland Business Journal) Technology Association of Oregon President and CEO Skip Newberry chats with security firm Cylance about why it came to Portland

RedSeal Honored with CRN 2017 Tech Innovator Award in Network Security (MarketWired) RedSeal's network modeling and cyber risk scoring platform takes top honors in the 2017 Network Security Category

Products, Services, and Solutions

SentinelOne Transforms Vulnerability Management By Introducing Virtual Patching and Exploit Shield (SentinelOne) Security teams can now shift from passive vulnerability management to active deflection

Forcepoint Enhances Human Point System with Increased Visibility and Enforcement to Protect Critical Data and IP (Business Insider) Global cybersecurity leader Forcepoint today introduced new features across its human-centric security portfolio that deliver critical visibility, efficacy and enforcement capabilities to enterprises and government agencies.

CYBRIC Announces Expansion of Partner Ecosystem (BusinessWire) CYBRIC, provider of the first continuous application security platform, today announced the expansion of its partner ecosystem, integrating WhiteSource

IBM plan to offer quantum computing in the cloud (Computing) IBM wants to make its quantum computing technology commercially available in the cloud by the end of the year

TruNarrative Partners with Credit Bureau Malaysia to Bring a Unified Approach to Financial Crime Management in Malaysia (Payment Week) TruNarrative, the global provider of fraud and compliance risk solutions has entered a collaborative partnership with Credit Bureau Malaysia...

Spirent Earns Global CREST Accreditation, Assuring Highest Standard of Ethical Penetration Testing for Customers around the World (BusinessWire) Spirent's global CREST accreditation for penetration testing assures customers worldwide of best-in-class security testing services.

Tripwire Boosts Cybercrime Detection Capabilities, Focuses on Techniques, Tactics and Procedures (BusinessWire) Tripwire Enterprise leverages MITRE framework, strengthens defense against cybercrime behavior.

CrowdStrike Expands Endpoint Protection Platform with New Vulnerability Management Module - (CrowdStrike) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has expanded the capabilities of the CrowdStrike Falcon® platform by introducing a new vulnerability management module, CrowdStrike Falcon Spotlight. CrowdStrike is the…

SlashNext Launches Revolutionary Internet Threat Protection System to Displace Aging Signature and Sandbox Technologies (PRNewswire) SlashNext, provider of third-generation Internet security solutions,...

Darktrace Industrial Uses Machine Learning to Identify Cyber Campaigns Targeting Critical Infrastructure (Darktrace) New business unit and technology updates launched in wake of warnings and requirements issued by U.S. and EU

The 50 Best Information Security Blogs (Top10VPN.com) Stay up to date on industry news, trends and advancements with our list of the top 50 infosec blogs, including independents, news, podcasts and corporate.

Kaspersky Lab Announces Polys, a Blockchain Based, Secure Online Voting System (Irish Tech News) Earlier today, at Kaspersky Lab’s annual Cyber Security Weekend event in Dublin, Kaspersky announced an innovation from its Kaspersky Lab Business Incubator: a customisable online voting platform for non-commercial organisations, businesses and communities, which uses blockchain technology and is secured with transparent crypto algorithms.

NeuVector 1.3 Improves Container Threat Detection Capabilities (eWEEK) Container security startup NeuVector adds new features to help identify privilege escalation attacks and detect risks hidden within tunneled traffic.

Solve Insider Data Breach Risks With Meridian Technologies' Acceletest (Sys-Con Media) Enterprises work hard to protect their customers' data; however, data breaches – like those at Equifax, Target and Home Depot – still happen regularly and leave both customers and the company at risk.

Technologies, Techniques, and Standards

Johns Hopkins APL and FS-ISAC Operationalize the Integrated Adaptive Cyber Defense Framework to Improve Cybersecurity in Critical Sectors (FS-ISAC) Innovative framework improves how critical sectors share, act on cybersecurity information

FASTR Consortium Announces Release of "Automotive Industry Guidelines for Secure over-the-Air Updates" (BusinessWire) FASTR consortium has released comprehensive, objective guidelines by which to analyze automotive software over-the-air (SOTA) update systems

10 Top Talks and Resources About DevSecOps (Aquasec Blog) To get us all more familiarized with DevSecOps principles, we’ve compiled this is of resources to follow.

Defense Department's vulnerability disclosure program racks up 2,837 security flaws (SC Media US) HackerOne, which operates the VDP, called it

Do Young Humans + Artificial Intelligence = Cybersecurity? (Breaking Defense) The Army is recruiting smart young soldiers to wage cyber war. But human talent is not enough.

Cryptomathic Publishes "Digital Signatures for Dummies" (Cryptomathic) New book offers easy-to-digest guidance and advice on digital signature deployment and management

Research and Development

S&T Reveals A Determined Cyber-Posture For National Cyber Security Awareness Month (Electronic Component News) Throughout October 2017, DHS S&T’s Cyber Security Division (CSD) promoted its role in mobilizing cybersecurity innovation as part of National Cyber Security Awareness Month (NCSAM). With a string of...

Academia

7 Tips and Tools to Protect University Campuses from Cyber Attacks (CIOReview) 7 Tips and Tools to Protect University Campuses from Cyber Attacks By James Tagliareni, CIO, Washburn University - If you are like me, data security is a top priority. A recent report by the Identity Theft Resource Center shows that data...

Phishing emails at Syracuse University are becoming more sophisticated and malicious, officials say (The Daily Orange) Since the beginning of the semester, ITS has sent seven phishing alert notifications, an increase from five during the same period last year.

Legislation, Policy, and Regulation

8 ways the GDPR could impact most organizations (Information Management) All companies that operate in the EU are likely to process at least some personal information as data controllers, if only as it relates to their employees.

US Port Cybersecurity Bill Advances (Port Technology) US legislators have progressed an act requiring the federal government to assess maritime sector cybersecurity risks following this summer’s “Petya” hacks interrupting LA port operations

NDAA pushes more oversight of cyber (FCW) With $8 billion dedicated to improving U.S. cyber capabilities, the NDAA has a host of policies geared toward boosting the cyber workforce and streamlining operations.

It’s the Beginning of the End of the Internet's Legal Immunity (Foreign Policy) Congress is starting to chip away at tech companies’ claims that they're just "platforms".

FBI “should not be reluctant” to challenge encryption in court (Security Boulevard) Deputy US Attorney General speaks out to support encryption backdoors

Litigation, Investigation, and Law Enforcement

What Mueller's org chart reveals about his Russia probe (POLITICO) Workload for the special counsel’s team — now 17 prosecutors — shows how he’s conducting the probe and what may come next.

Data Firm’s WikiLeaks Outreach Came as It Joined Trump Campaign (Wall Street Journal) Cambridge Analytica said it reached out to Julian Assange to share Hillary Clinton-related emails in “early June 2016,” when the company had already started working for the campaign.

The Secret Correspondence Between Donald Trump Jr. and WikiLeaks (The Atlantic) The transparency organization asked the president’s son for his cooperation—in sharing its work, in contesting the results of the election, and in arranging for Julian Assange to be Australia’s ambassador to the United States.

Report: NSA Hunts for Moles Amid Crippling Information Leaks (The Daily Beast) Mysterious hacking group is taunting the agency and investigators don’t know who to blame.

Marissa Mayer admits that Yahoo still hasn't any idea exactly how the company got hacked (Computing) All three billion accounts (most of them unused for years) were compromised in cyber attacks in 2013 and 2014,Security ,Security,security,Marissa Mayer,hack,Yahoo,Ymail

Missouri Attorney General Launches Probe Into Google’s Business Practices (Wall Street Journal) Missouri’s attorney general has launched a broad investigation into whether Google is violating the state’s consumer-protection and antitrust laws, a new front in the internet giant’s regulatory battles.

Malwarebytes wins US case over 'potentially unwanted program' classification of vendor's software (Computing) Enigma Software's case against Malwarebytes thrown out

Finjan's $1.5M IP Damages Request Inflated, Jury Told (Law 360) An expert paid by Symantec unit Blue Coat Systems took the stand Monday in a California federal jury trial over claims Blue Coat is infringing Finjan’s online security patents, testifying that Finjan’s $1.5 million damages estimate is inflated, based on “entirely inappropriate metrics,” and should be closer to $663,000.

FNJN: Still Awaiting Blue Coat Appeal Ruling, Which May Not Be Simple (Zacks) FNJN Finjan (NASDAQ:FNJN) reported Q3 results and updated shareholders on current events. More important that the Q3 results was the discussion of the various outcome possibilities of the two trials that have been completed and have not yet been decided. The first and most important is the Blue Coat appeal. Since hearing from the

Erise gets another big victory against patent troll (Kansas City Business Journal) Overland Park-based Erise IP recently won a case that pitted a Canadian network equipment company against Packet Intelligence LLC.

Ex-Partners in Sex Bias Suit Can Review Chadbourne Leaders' Personal Emails (New York Law Journal) Resolving a discovery dispute in a $100 million gender discrimination case against Chadbourne & Parke a magistrate judge allowed review of certain firm leaders' personal email accounts.

'Day Trader' Indicted in Brokerage Account Hack-and-Trade Scheme (New York Law Journal) A self-described day trader was indicted Wednesday on allegations he conspired to hack into online brokers accounts to conduct coordinated trades that…

Divorce in the Digital Age: A Collision Course in Text, Social Media Discovery (New York Law Journal) The explosion of online data and personal devices is redefining how divorce attorneys work creating new opportunities—and burdens—from everything from research to litigation.

Openbazaar Sees a Variety of New Vendors After Privacy Enhancements (Bitcoin.com) This past September the cryptocurrency-based decentralized marketplace, Openbazaar, launched its 2.0 platform with a slew of new features. Now a couple of months later, the marketplace seems to be seeing some significant growth as vendors from Darknet markets are starting to flock to the protocol’s benefits.

The teen who bought a car bomb on the Dark Web (Naked Security) He was arrested after accepting a package delivered to his home address

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Earn a master’s degree in cybersecurity from SANS
Cyber Security Summit - CYBERWIRE50

Newly Noted Events

The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit (Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in the nation’s capital. This year’s theme will be “Securing High Value Assets in Global Cyberspace.”

Upcoming Events

Second Annual Federal IT Security Conference (FITSC)! (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

2017 Capital Cybersecurity Summit (Tysons Corner, Virginia, USA, November 14 - 15, 2017) Join cyber experts from the FBI, DHS, Palo Alto Networks, Distil, Google, AWS, Tenable and more at the 2017 Capital Cybersecurity Summit. FBI Cyber Division Deputy Assistant Director Howard Marshall and National Security Council Senior Director for Cybersecurity Policy Grant Schneider will provide keynote remarks and top speakers will share unique insights into topics like cloud security, attracting cyber talent, federal cyber acquisition and real-life breach response.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.