skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

FireEye is describing an Iranian threat group, "APT33," which has been operating since 2013, and which FireEye has been tracking since May 2016. The news is that APT33, which had hitherto been principally an espionage operation, appears to be running a new destructive malware campaign similar to the Sandworm effort that's been associated with Russia.

The Russian dog German authorities have been listening for still hasn't barked in the run-up to Sunday's German elections.

UpGuard has discovered another unsecured AWS S3 bucket, this one belonging to Viacom, and exposing the company's IT infrastructure.

Barracuda is tracking an "aggressive" ransomware campaign operated principally from Vietnam. It's using a variant of the tried-and-true Locky ransomware.

Check Point warns that DU Antivirus Security, a free security app available in Google Play, is in fact harvesting user data and sharing them with other apps.

SfyLabs, poking into a Russian criminal forum, has found a new banking Trojan, "Red Alert 2.0." It's worth noting the increasing commodification of malware. Google says this trend puts attack capabilities not only in criminal hands, but in the hands of poorly resourced rogue governments as well.

Reports yesterday that Equifax had sustained an earlier breach that was only now being disclosed turn out to be only partially true. The credit bureau did indeed sustain a breach in March, well before the incident disclosed on September 14, but the company did in fact disclose that breach in a relatively timely manner. The industry press picked it up; big media didn't.

Notes.

Today's edition of the CyberWire reports events affecting Colombia, European Union, Iran, Israel, Greece, Kenya, Russia, Singapore, Turkey, United Kingdom, United States, and Vietnam.

Worried About Third Party Data Breaches?

We all know the consequences of a third party data breach; one vulnerability can cost your organization millions. But do you know what security measures to implement to successfully reduce your attack surface and prevent third party risk? Learn how in LookingGlass Cyber Solutions' webinar featuring VP of Intelligence Operations Eric Olson and Forrester Senior Analyst Nick Hayes on Wednesday, October 18, 1:30pm ET. Sign up now.

In today's podcast we talk with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin tells us about time the FBI raided the wrong house based on Wi-Fi router information. Our guest, Eddie Habibi from PAS, debunks some industrial control system security myths.

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Cyber Attacks, Threats, and Vulnerabilities

New Group of Iranian Hackers Linked to Destructive Malware (WIRED) A suspected Iranian government hacking team known as APT33 may be planting computer-killing code in networks around the world.

Rogue governments using ‘off the shelf’ hacks, Google warns (Financial Times) Smaller states able to launch cyber attacks inexpensively, security chief says

UK Biggest Market in Europe for Jihadist Web Content (Infosecurity Magazine) UK Biggest Market in Europe for Jihadist Web Content. May to ramp up pressure on internet giants

Germany sees no sign of cyber attack before Sept. 24 election (Reuters) German government officials and security experts say they have not seen signs of hacking or suspicious news leaks ahead of the Sept. 24 election despite months of warnings about possible foreign meddling.

Political Campaigns Ramp Up Cybersecurity Efforts Before Elections (Newsmax) Political campaigns from both parties are working on enhancement of their cybersecurity, by using encrypted messaging applications instead of email and trying to help new campaigns with advice and strategies to keep their operations secure before they are targeted,...

Democrats scrambling to protect data from election hackers — but there’s no road map (Raw Story) While the hackers that attacked the Democratic National Committee dropped a lot of information and documents, more is coming.

Viacom AWS Misconfig Exposes IT Infrastructure (Infosecurity Magazine) Viacom AWS Misconfig Exposes IT Infrastructure. Attackers could have used it for phishing and botnet building, warns UpGuard

Barracuda Advanced Technology Group monitoring aggressive ransomware threat (Barracuda) The Barracuda Advanced Technology Group is actively monitoring an aggressive ransomware threat that appears to come in the largest volume from Vietnam.

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns (CSO) In the beginning of September, a sizeable spam campaign was detected distributing a new Locky variant. Locky is a notorious ransomware that was first detected in the early months of ...

Financial attractiveness of ransomware ensures it remains growing threat (SC Magazine) Mobile devices under increasing attack from malware, including ransomware, which has seen a 122 percent increase in variants as it becomes an increasingly attractive option for criminals.

Check Point Research calls out DU Antivirus Security (Enterprise Times) Check Point mobile threat researchers have called out DU Antivirus Security for stealing user data and then using it in another app 

Researchers Discover New Android Banking Trojan (BleepingComputer) Security researchers have detected a new Android banking trojan by the name of Red Alert 2.0 that was developed during the past few months and has been recently rolled out into distribution.

Show Me The Money: Cybercriminals Deploying Diverse Range of Banking Trojans and Ransomware, says Check Point (GlobeNewswire News Room) Check Point’s August Global Threat Impact Index shows Roughted remained the top malware, followed by Globalimposter and HackerDefender in third place

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed (Bloomberg) Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

Earlier Equifax breach was no secret (TheHill) A Bloomberg story claiming that Equifax did not notify the public of a breach in March appears to be inaccurate about one of its central tenets.

Equifax says 100,000 Canadians affected by breach (TheHill) Equifax’s Canada division has revealed that as many as 100,000 Canadian consumers may have had their personal information compromised by hackers.

Inside the massive Equifax hack attack (Australian) On March 8, researchers at Cisco Systems reported an online security flaw that allowed hackers to break into servers around the internet. Cisco urged users to upgrade their systems immediately with a newly issued fix.

Analysis | Equifax’s security chief had some big problems. Being a music major wasn’t one of them. (Washington Post) Why nontechnical degrees in technology aren't a sign of incompetence or weakness.

What's that, Equifax? Most people expect to be notified of a breach within hours? (Register) Go on, you're the breach expert

Equifax breach indicates need to evolve cyber security thinking (Security Brief) The Equifax breach has underlined the problem with security testing.

Apache “Optionsbleed” vulnerability – what you need to know (Naked Security) Remember Heartbleed, where servers could be tricked into letting other people’s data slip? “Optionsbleed” is an Apache bug that’s similar.

Risks Limited With Latest Apache Bug, Optionsbleed (Threatpost) The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions.

Avast opens up about CCleaner hack and outlines how it will protect users (BetaNews) When news broke yesterday that CCleaner had been hacked and a dangerously modified version had been available to download for a number of weeks, there were understandable concerns from the program's large userbase. And the concern is well-placed -- some 2.27 million machines are thought to have installed the infected software.

LiteBit Bitcoin Exchange Hacked Twice in Two Months (BleepingComputer) LiteBit.eu — a multi-currency exchange based in the Netherlands — has suffered data breaches two months in a row. According to emails sent to affected customers after each event, no Bitcoin or altcoin funds were stolen in any of these two incidents.

PyPI Python repository hit by typosquatting sneak attack (Naked Security) Imposters posing as popular packages were found to contain malicious code

Casting a Light on BlackEnergy (ThreatConnect) A look into BlackEnergy malware and using ThreatConnect to aggregate and memorialize the identified intelligence.

3 Personas of DNS in Cyber Security (BlueCat) Cyber attackers leverage DNS differently for different outcomes: DNS as Facilitator, DNS as Hostage and DNS as Weapon. How is your DNS being hijacked?

BeyondTrust Survey Reveals the "5 Deadly Sins" That Increase the Risks of a Data Breach (BeyondTrust) Despite prioritizing privileged access management, a majority of enterprises fail to prevent the abuse or misuse of privileged credentials

Cyber attack, hurricane weigh on FedEx quarterly profit (Reuters) Package delivery company FedEx Corp (FDX.N) said on Tuesday a June cyber attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast.

Revenge Hacking Is Hitting the Big Time (The Daily Beast) Companies are hacking back against cybercriminals to try to prevent—or at least limit the damage of—Equifax-style disasters. One problem: It’s not all that legal.

Security Patches, Mitigations, and Software Updates

Apache bug leaks contents of server memory for all to see—Patch now (Ars Technica) Optionsbleed is especially threatening for people in shared hosting environments.

Apple releases iOS 11 (Help Net Security) iOS 11 is performance optimised for 64-bit apps. 32-bit apps will need to be updated by the app developer to work with this version of iOS.

iOS 11 Update includes Patches for Eight Vulnerabilities (Threatpost) Apple released a number of patches, including a security update for iOS 11, which is available today.

Steam has a “review bomb” problem—but will today’s new feature fix it? (Ars Technica) Follows a September 2016 overhaul that aimed to remove fraudulent reviews.

Cyber Trends

Barracuda Research Confirms U.S. Companies Doubling Down on Public Cloud, Customers' Security Responsibilities Still Unclear (PRNewswire) Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of...

September 2017 - Netskope Cloud Report (Netskope) Little change in GDPR-readiness levels with May 2018 deadline looming.

BSIMM8 Study Reinforces Benchmarking as a Critical Exercise in Early Stages of Software Security Initiatives (PRNewswire) Synopsys, Inc. (Nasdaq: SNPS) today released BSIMM8, the latest...

Spyware rampant, emails could be compromised (AJP) Cyber criminals are becoming ever more sophisticated, and security experts say they’re alarmed Cisco has released its Midyear Cybersecurity Report for 2017, in which it ...

The three least effective enterprise security measures (Help Net Security) Hackers identified phishing as the best data exfiltration strategy, and also pointed out the three least effective enterprise security measures.

Number of lost, stolen or compromised records increased by 164% (Help Net Security) According to Gemalto's Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017.

1.9 Billion Data Records Exposed in First Half of 2017 (Dark Reading) Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.

Cyberattacks cost US enterprises $1.3 million on average in 2017 (CSO Online) IT security budgets as well the costs of data breaches are up for North American enterprises and SMBs.

Marketplace

Equifax's Data Breach Should Prop Up These Cybersecurity Stocks (NASDAQ) Betting on cybersecurity stocks has been a profitable trade in 2017. Thanks to the number of high-profile hacking-related headlines that have hit retailers and corporations, both the First Trust Nasdaq Cybersecurity ETF (CIBR) and ETFMG Prime Cyber Security ETF (HACK) — up 11% and 14%, respectively -- have padded many portfolios.

Threat Stack Announces $45M in Series C Funding (BusinessWire) Threat Stack, provider of the industry’s most comprehensive intrusion detection platform for cloud, hybrid-cloud, and on-premise environments, t

Aqua Secures $25M in Series B Funding (Aqua Blog) With the exciting news of Aqua securing $25 Million in series B funding, Aqua says it will invest heavily in growing their sales and marketing teams in order to meet the growing demand as container adoption is becoming more mainstream.

10 Hot Cybersecurity Funding Rounds in Q3 (Dark Reading) The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.

SecureAuth and Core Security Announce Merger Plans (Infosecurity Magazine) The two orgs will combine security operations and identity and access management

Checking In on FireEye Inc.'s Turnaround (The Motley Fool) Five metrics show the progress FireEye is making on its turnaround.

Elbit Systems restructuring cyber subsidiary (Globes) Cyberbit's defense business is being transferred to the parent company.

Threat Sketch Named Startup to Watch (Business Insider) Threat Sketch was recently named one of seven startups to watch in North Carolina's Triad region by Exit Event, an organization providing news, information and tools for startups and emerging companies.

SecureRF is bringing crypto to the embedded world (Stacey on IoT | Internet of Things news and analysis) SecureRF makes software that gets embedded onto microprocessors that allows them to perform impressive feats of security in milliseconds, not minutes. Since security is one of the current challenge…

LookingGlass Cyber Solutions and Brookcourt Solutions Announce Strategic Partnership (BusinessWire) LookingGlass Cyber Solutions and Brookcourt Solutions announce strategic partnership to deliver unified threat protection against strategic attacks.

Siemens and PAS Announce Global Strategic Partnership to Provide Essential Industrial Control System Cybersecurity (BusinessWire) Siemens and PAS Global announced an agreement to provide fleet-wide, real time monitoring for control systems in utilities and oil and gas sectors.

Samsung Electronics Joins the OPC Foundation to Accelerate Enabling Interoperable Industrial IoT Edge Platform (Presse Box) Samsung Electronics, as one of the biggest manufacturers in the world, becomes a Corporate Member for a goal of interoperable Industrial IoT edge platform powered...

PrecisionLender Joins Cloud Security Alliance (Broadway World) PrecisionLender Joins Cloud Security Alliance

Cylance beefs up local partner focus and skills (ARN) ​Since launching full throttle into the A/NZ marketplace, Cylance has been on a mission to propel its growth in the market through its channel network.

FourV Systems Appoints Two New Senior Advisors to Company Board (BusinessWire) FourV announces the addition of two senior officers to its Board of Advisors: David Neuman of Rackspace and Jerry Archer of Sallie Mae.

CrowdStrike Appoints Lisa McGill as Chief Human Resources Officer (CrowdStrike) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that the company has appointed Lisa McGill as chief human resources officer (CHRO). McGill will lead CrowdStrike’s Human Resources organization to steer the…

Products, Services, and Solutions

Nehemiah Security Releases New Version of AtomicEye RQ (Nehemiah Security) AtomicEye RQ Delivers Security Risk Management Platform Capable of Identifying Exploitabilities and Prioritizing Actions on an Automated, Continuous Basis Tysons, VA – September 20, 2017 – Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, today announced major upgrades to their security risk management platform, AtomicEye RQ (Risk …

Neustar WAF Helps Organizations Combat Growing Application Layer Threats (BusinessWire) Neustar, Inc., a trusted, neutral provider of real-time information services, today introduced its new Web Application Firewall (WAF). It combines the

Ethical Security Research on SecureDrop (SecureDrop) The SecureDrop engineering team welcomes the contributions of security researchers.

Microsoft extends Office bug bounty program (ZDNet) The company is offering up to $15,000 per bounty.

Quest Expands Security Software Solutions for Microsoft Office 365 (BusinessWire) Quest announces new solutions that make it easy for IT teams to manage and secure Office 365 and Azure AD environments

China Telecom utilises Versa Networks for SD-WAN service (Telecom Tech News) Versa Networks has been chosen as a primary vendor for software-defined WAN (SD-WAN) and security (SD-Security) by China Telecom to cater the needs of its global customer base.

Aruba rolls out security fabric for IoT and the digital era (TechCentral.ie) Aruba, a Hewlett Packard Enterprise Company, is best known for its business-grade Wi-Fi products. What is less well known about Aruba is that it has always had excellent security products. In fact, the company has often been described as a security vendor dressed up as a Wi-Fi maker. However, Aruba’s security positioning has always been [&hellip

ThreatMetrix and Nok Nok Labs partner on FIDO-compliant solutions (Security Document World) Digital ID firm ThreatMetrix has announced a new partnership with authentication suite developers Nok Nok Labs.

Apple’s new tracking protection is “sabotage”, claims ad industry (Naked Security) The ad industry is not happy with Apple’s latest move to limit how we get tracked around the web.

Infinite Group, Inc. Launches New Version of Nodeware Cybersecurity Solution, Now Available as Virtual Machine (Infinite Group Inc.) Infinite Group Inc., or IGI (OTCBB:IMCI), announces a new and improved release of the Nodeware™ vulnerability management system, now with options for both virtual machine and hardware deployment.   ­Nodeware 2.0 offers new features that improve the user experience, including enhanced vulnerability data, simple API integration, improved performance,

Quann partners with Claroty to protect Singapore’s critical infrastructure from cyberattacks (Quann) Powered by Claroty’s innovative technologies, Quann’s advanced OT security solution enables full visibility to all assets and traffic and provides actionable alerts for critical infrastructure

Thales delivers trust and security to internet-based Kakao Bank (Business Insider) Thales, a leader in critical information systems, cybersecurity and data security, announces Kakao Bank, Korea's digital-only bank, is deploying Thales nShield hardware security modules (HSMs) to secure the foundation of its banking systems.

Anomali Launches its First Threat Intelligence Sharing Group for Banks in the United Arab Emirates (Marketwired) Partners with major banking federation to encourage cybersecurity intelligence sharing amongst banks, including Barclays, HSBC, Citibank and others

Carlo Minassian returns to security with a hacker trapper (CRN Australia) The man who sold Earthwave to Dimension Data is rethinking how to ambush hackers from the inside.

Dashlane Gets Down To Business 2.0 (PRNewswire) Dashlane announces Dashlane Business 2.0, the only enterprise password...

Google Chrome most resilient against attacks, researchers find (Help Net Security) Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks.

Technologies, Techniques, and Standards

Enhancing Resilience of the Internet and Communications Ecosystem (National Institute of Standards and Technology) Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” was issued May 11, 2017. In Section 2 (d), the executive order requires the Secretaries of Commerce and Homeland Security to “jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”

Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats (National Institute of Standards and Technology) Comments received in response to the Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats

Banks to adopt new cyber security rules in November (Business Daily) Move to mitigate growing risks of attacks in face of increasing online exposure

Part I: An Overview of Firmware Storage Options (Context Information Security) How firmware is commonly stored on embedded devices, and the techniques for extracting it:

How Windows Active Directory is failing User Logon Security (IS Decisions) Native Windows Active Directory can be the root cause of many logon security headaches. Improve the way you manage user access to avoid data breaches.

Cybersecurity Tools in Financial Services Have Become Part of the Problem (Bricata) Big banks are besieged by cybersecurity alerts. Some alerts might point to threats that are real, but the challenge is distinguishing the signal from the noise. In fact, some 60% of banks deal with 100,000 or more alerts a day, according to reporting by Penny Crosman of the American Banker, a financial services industry trade publication.

3 Crucial Cybersecurity Reporting Methods To Begin Using Today (BitSight) Innovative methods of reporting allow you to communicate cyber risk in the best way, for the best audience. Consider these three options.

How to Freeze Your Credit After the Equifax Breach (Moving FC) A step-by-step guide on freezing your credit in the wake of the Equifax breach. Don't take any chances, especially with your credit history in stake.

Why companies need to get serious about privileged account security (Singapore Business Review) CyberArk VP of sales for APAC and Japan Vincent Goh warned of the rising insider threat amongst corporates.

Get Serious about IoT Security (Dark Reading) These four best practices will help safeguard your organization in the Internet of Things.

Are you ready for ‘Moneyball’ security? (CSO Online) Mike McKee, CEO of ObserveIT, discusses the benefits of an evidence- and data-based approach to security.

Design and Innovation

GDPR: Privacy must be designed in to every system, says Chef (Computing) Chef encourages IT leaders to automate GDPR automation, and break the cycle of ensuring compliance at the time of every audit, and forgetting about it the rest of the time

Leading The Pack: How The U.S. Government Is Out-Innovating The Fortune 500 (Forbes) The federal government is rarely seen as innovative these days, but in the area of cybersecurity, it has been further ahead of the curve than most people give it credit for. By adopting vulnerability disclosure and bug bounty programs, the U.S. government is acting on its belief that engaging with independent security researchers is an effective way of improving its cybersecurity posture.

Hacker-turned-CEO brings digital currency offline (Korea Herald) While cryptocurrency exchanges among those in their 40s and 50s deal with larger volumes, the older generation more often than not face inconveniences in trading their digital currencies.“Some traders often found themselves in trouble,” Kevin Cha, founder and chief executive of ...

Academia

Singapore to have new academy to train cybersecurity professionals (Channel NewsAsia) The new academy will partner FireEye, its first industry partner, to train those in government and critical information infrastructure sectors, Deputy Prime Minister Teo Chee Hean says.

UK education system exacerbates cyber skills gap (ComputerWeekly) Security industry needs to get involved to raise awareness of cyber security career opportunities, say commentators.

Legislation, Policy, and Regulation

Important Information on New EU Regulations (Infosecurity Magazine) Failure to comply with new guidelines will result in significant financial penalti

Evolution of Cyber Requires Change As Normal Concept, Rogers Says (U.S. Department of Defense) The cyber world will look different in the future and the Defense Department must become used to change as a normal component of the cyber mission set, commander of U.S. Cyber Command and director of

CYBERCOM and NSA leadership needs to evolve and that may mean a leadership split (FederalNewsRadio.com) U.S. CYBERCOM and National Security Agency Director Adm. Mike Rogers seems open to the idea of changing the leadership structure he currently heads.

What Cybercom's independence means (FCW) Is the next step for Cybercom as a unified combatant command to split off from the National Security Agency?

91st Cyber Brigade activated as Army National Guard’s first cyber brigade (DVIDS) The Virginia National Guard activated the Bowling Green-based 91st Cyber Brigade as the Army National Guard's first cyber brigade at a ceremony Sept. 17, 2017, at Fort Belvoir, Virginia. The new brigade provides training and readiness oversight for cyber units across 30 states and deploys personnel to meet the demands of growing cyber mission sets throughout the U.S. Army and Department of Defense.

Board Expected To Back Cyberspace Security Proposals (Lake Elsinore-Wildomar, CA Patch) The board is being asked to endorse both Senate bill No. 412 and House of Representatives bill No. 1344.

Litigation, Investigation, and Law Enforcement

AG Presses TransUnion, Experian for Cyber Security Details (WWNY) New York Attorney General Eric Schneiderman is pressing TransUnion and Experian to explain what cyber security they have in place to protect sensitive consumer information following a recent breach...

Massachusetts attorney general sues Equifax after hack (TheHill) Massachusetts Attorney General Maura Healey filed suit against Equifax on Tuesday, alleging that the credit reporting company ignored obvious cybersecurity vulnerabilities for months before hackers accessed the

Court dismisses lawsuits over OPM data breach (TheHill) Class-action suit brought by largest federal workers union dismissed by D.C. court.

Plaintiffs Take Just 1 Hour to Appeal Dismissal of Suit Over OPM Data Breach (National Law Journal) The district court in Washington, D.C., on Tuesday dismissed a consolidated class action over the 2015 hack of the U.S. government’s Office of Personnel Mana...

Manafort Calls On DOJ To Release His Intercepted Communications With Foreigners (The Daily Caller) Former Trump campaign manager Paul Manafort is calling on the Justice Department to release transcripts of any intercepted communications he may have had with foreigners. Manafort, a longtime Repub

Fake: Susan Rice not arrested for unmasking Trump officials (@politifact) A fake news story that said former national security adviser Susan Rice had been arrested for her "failed attempt to stage a coup" against President Donald Trump is actually a post by a self-described liberal troll looking to fool conservatives.

Senators question whether Dragonfly hacks hit Maryland power companies (Baltimore Sun) Maryland Sens. Ben Cardin and Chris Van Hollen are asking the Department of Homeland Security whether any power companies in Maryland were hit by a recent cyber attack.

We need more bobbies online to tackle abuse (Times) Lorin LaFave was the perfect mother to her son and triplets. She read to them every night, took them to swimming lessons and church, gave them chores and monitored their screen time. But in 2014...

Greater Manchester Police Running 1000+ XP PCs (Infosecurity Magazine) Greater Manchester Police Running 1000+ XP PCs. UK forces could be exposing themselves to unnecessary risk

Most-wanted criminal arrested after posting Instagram video of himself (Ars Technica) Officials obtained fugitive’s GPS coordinates after he took to social media.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Enterprise Cyber Security Even (London, England, UK, September 28, 2017) Cyber-attacks are increasing in both frequency and sophistication. Whitehall Media’s leading-edge Enterprise Cyber Security conference brings together hundreds of thought leaders, practitioners, specialists...

Upcoming Events

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity...

Hacker Halted (Atlanta, Georgia, USA, October 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those...

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue...

2017 ISSA International Conference (San Diego, California, USA, October 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to...

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity...

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and...

ManuSec USA (Chicago, Illinois, USA, October 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.

CyberMaryland (Baltimore, Maryland, USA, October 11 - 12, 2017) Maryland is recognized as a cybersecurity leader - nationally and internationally. The state has developed cybersecurity experts, education and training programs, technology, products, systems and infrastructure.

ISSA CISO Executive Forum: Payment Strategies: The Game Has Changed (San Diego, California, USA, October 11 - 12, 2017) From the water cooler to the boardroom, daily conversations discuss the most recent incursions, the staggering numbers, and speculation about the thieves’ next target. Recent attacks against Target, PF...

National Information Security Conference (Glasgow, Scotland, UK, October 11 - 13, 2017) NISC is a highly focused cyber security event designed to encourage peer-to-peer collaboration and thought-leading discussions in a relaxed but professional environment. It provides the proven practices...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, October 12, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

Cyber Georgia 2017 (Augusta, Georgia, USA, October 12 - 13, 2017) Cyber Georgia 2017 will focus on convening industry, academia, and government to examine cyber threats and discuss how to better prepare for a cyberattack or denial of service in the hospital and public...

Plan B Tech S3: Security Solutions Summit (National Harbor, Maryland, USA, October 13, 2017) Join Plan B Technologies, Inc. on Friday, the 13th of October for this highly anticipated half-day security seminar! Hear the latest cybersecurity research, stats, and insights from IDC Program Director...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.