Free 2018 User Risk Report: Find Out What End Users Know About Phishing, Ransomware, Password Safety, And More In Our International Survey.

What do today’s employees really know about cybersecurity topics and best practices that protect data and network security? To find out, we surveyed over 6,000 working adults across the US, UK, France, Germany, Italy, and Australia about their personal security habits. You might find the results heartening, perplexing, or terrifying — but always enlightening. Download our 2018 User Risk Report to see how employees shaped up on cybersecurity awareness issues that are impacting organizations worldwide.

The daily briefing.

The US Department of Homeland Security has said that Tuesday’s elections went off without disruption by cyberattack (TheHill), but DHS also notes that disinformation about election security and the effects of influence operations is being actively distributed (CBS). It’s hogwash from St. Petersburg, whose Internet Research Agency (IRA) cries victory for its trolls (Daily Beast). Expect this to continue.

Also from St. Petersburg comes a zero-day for Oracle’s VirtualBox, posted to GitHub. This isn’t the IRA’s work, but rather of one irritated freelance bug-hunter, Sergey Zelenyuk. Mr. Zelenyuk says he loves VirtualBox, but that the industry just takes too long to evaluate reported bugs, and so he’s dropped the zero-day without prior disclosure as a gesture of defiance (Naked Security).

US Cyber Command is also reporting bugs, but in regular way. The command has submitted samples of Russia-linked Lojack malware to VirusTotal (CSO).

A major incident affecting banks in Pakistan appears to be a paycard-skimming operation as opposed to a breach (Infosecurity Magazine).

With next month’s Chrome 71 release, Google will give “abusive” advertisers thirty days to clean themselves up (Naked Security).

The Ontario Cannabis Store warns that its delivery list for newly legal weed has been illicitly accessed due to missteps at Canada Post (Motherboard). Some coverage seems to show signs of the Butterfield Effect, representing a fairly obvious causal connection—new and trendy industry already under cyberattack, which of course it is—as paradoxical. No word on whether Canada Post officials were baked at the time of incident.

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Australia, Canada, China, European Union, France, Iran, Israel, Pakistan, Russia, Saudi Arabia, Senegal, Spain, Ukraine, United Kingdom, United States.

A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.

Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.

On the Podcast

In today's podcast, up later this afternoon, we speak with our partners at Virginia Tech's Hume Center. Dr. Charles Clancy talks about in-car cell phone jammers. Our guest is Ian Paterson from Plurilock Security Solutions, with a discussion of behavioral biometrics.

Hacking Humans is also up, and this week's topic is  "human sources are essential." Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI Special Agent Dennis Franks shares his experience developing human intelligence sources.

Sponsored Events

The Pesky Password Problem: Red and Blue Team Battle featuring Kevin Mitnick (Online, November 14, 2018) Kevin Mitnick and Roger Grimes debate one of security's most controversial issues: passwords. Hear the truth regarding effective passwords, password management and more in this unique webinar. Save your spot!

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

DHS has ‘not seen’ successful cyberattack on midterm elections (TheHill) The Department of Homeland Security (DHS) said it hadn’t observed any successful cyberattacks by foreign adversaries on election systems in the United States during Election Day.

DHS: Lot of "noise, garbage" from Russian media about compromised U.S. election systems (CBS News) Homeland Security official Christopher Krebs warns of ongoing disinformation campaigns aimed at causing distrust about the security of our vote

Russian Troll Farm Has New Meta-Trolling Propaganda Campaign (The Daily Beast) The Internet Research Agency has launched a desperate new campaign to spread distrust in the midterm election results—and made itself the star.

Threats remain to US voting system – and voters' perceptions of reality (The Conversation) Protecting democracy requires more than just technical solutions. It includes education, critical thinking and members of society working together to agree on problems and find solutions.

Revealed: Data on 62 million U.S. voters for sale on the Darknet (haaretz.com) The data pool, which has been uncovered by Israeli cybersecurity firm Clearsky as Election Day begins, has full and updated personal information on voters from 17 states

Vulnerability Intelligence Report (Tenable®) What are the top vulnerabilities found in the enterprise? Prioritizing vulnerabilities to manage cyber risk is getting harder. Our analysis of vulnerability prevalence highlights the key threats enterprises face today. Download the Free Report!

Troubled Waters: How A New Wave of Cyber-Attacks is Targeting Maritime Trade (SecurityWeek) In addition to causing operational delays and necessitating expensive system repairs, the real risk posed by cyber-threats targeting critical infrastructure lies in their power to jeopardize real-world safety.

Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw (The State of Security) Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.

Spam Botnet of Over 100K Routers Abuses UPnP (Infosecurity Magazine) Researchers warn of many more exposed devices out there

Researchers uncover side-channel attacks that target the GPU (Computing) The attacks begin with a malicious app that spies on the infected system and steals passwords through GPU rendering

Microsoft Issues Security Advisory on Solid-State Drive Hardware Encryption (Redmondmag) Microsoft issued security advisory ADV180028 on Tuesday for computer users that have self-encrypting solid-state drives (SSDs) that are ostensibly protected by Microsoft's BitLocker encryption scheme.

New Research On Storage Device Security Flaws (Information Security Buzz) Radboud University (NL) researchers today announced their discovery that widely used data storage devices with self-encrypting drives do not provide the expected level of data protection. A malicious expert with direct physical access to widely sold storage devices can bypass existing protection mechanisms and access the data without knowing the user-chosen password. Mounir Hahad, Head …

Researcher Drops Oracle VirtualBox Zero-Day (SecurityWeek) Researcher discloses details of zero-day vulnerability affecting Oracle VirtualBox. Exploitation allows guest-to-host escape

VirtualBox zero-day published by disgruntled researcher (ZDNet) Russian researcher publishes detailed write-up for VirtualBox zero-day on GitHub after Oracle took 15 months to fix a previous similar issue.

Ranting researcher publishes VM-busting zero-day without warning (Naked Security) A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the infosecurity ind…

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover (Threatpost) A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.

Major DDoS Attacks on Cambodian Internet Service Providers (Cambodia Expats Online) Cambodia s ISPs Encounter DDoS 6 11 18 18:38 Phnom Penh FN , Nov. 6 - Some of Cambodia s major internet service providers ISPs , including EZECOM, SI Net, Digi, and others have encountered Distributed Denial of Service DDoS , causing internet speed ..

US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack (CSO) US Cybercom submits its first two malware samples to VirusTotal a day before the US mid-term elections.

US Cyber Command starts uploading foreign APT malware to VirusTotal (ZDNet) USCYBERCOM said it plans to regularly upload "unclassified malware samples" to VirusTotal.

Closed doors are no match for a Wi‑Fi peeping tom and a smartphone (Naked Security) Researchers have found that a smartphone and some smart number crunching can track people moving in their homes as they reflect radio waves.

Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine (TrendLabs Security Intelligence Blog) The concept of a stealthy, difficult-to-detect malware operating behind the scenes has proven to be an irresistible proposition for many threat actors, and they're evidently adding even more techniques, as seen in a cryptocurrency miner (detected as Coinminer.Win32.MALXMR.TIAOODAM) we discovered that includes uses multiple obfuscation and packing as part of its routine.

Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm (Dark Reading) Island-hopping attackers breached StatCounter so they could get to users of gate.io.

Pakistani banks' payment card data snagged in cyberattack (PaymentsSource) Customer card data from nearly all of Pakistan's major banks has been stolen in a cyberattack, according to a Federal Investigation Agency official in Pakistan.

Pakistan Banks Not Breached, But Probably Skimmed (Infosecurity Magazine) Central bank rejects mass hacking reports

Pakistan: Banks Weren't Hacked, But Card Details Leaked (BankInfo Security) Pakistan says the nation's banks have not been hacked, but adds that they are taking defensive steps after nearly 20,000 payment card details appeared for sale

Cryptojacking Attack Forces University to Shut Down Entire Network (CCN) St. Francis Xavier University in Canada has been targeted by cryptocurrency mining malware in an attack that forced the school to shut down its network.

Canada's Post Office Leaked Personal Data of Legal Weed Customers (Motherboard) The rollout of legal weed in Ontario has been a disaster, and now it can add a privacy breach to its growing list of woes.

OCS warns customers of data accessed in Canada Post breach (CityNews Toronto) The Ontario Cannabis Store (OCS) said the shipping information of some of its customers was accessed by an outside source through the Canada Post delivery tracking tool. In a letter sent to the customers on Wednesday, the OCS said it was notified by Canada Post on Nov. 1 that the data for two per cent …

Security Patches, Mitigations, and Software Updates

Google warning: Fix your dodgy ads within 30 days or get banned (Naked Security) Having taken what it thought was a decisive swipe at the problem of “abusive” advertising a year ago, Google now says next month’s Chrome 71 will unleash an even tougher crackdown.

ADV180028 | Guidance for configuring BitLocker to enforce software encryption (Microsoft) Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs).

Google Removes Vulnerable Library from Android (SecurityWeek) Because of multiple vulnerabilities in the Libxaac library, Google has marked it as experimental and is no longer using it in production of Android builds.

Critical authentication flaw in DJI drone web app fixed (CSO Online) Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.

Apple Modernizes Its Hardware Security with T2 (Threatpost) Apple has widened the range of Macs running its T2 security chip. Is macOS finally catching up with other platforms when it comes to secure computing?

Cyber Trends

Sensor security issues are a global issue – yet they are not being addressed and people are dying (Control Global) The lack of cyber security of sensors are a real, but unaddressed problem. There is an approach that can directly address reliability, safety, quality, and productivity. What does it take to wake people up before further catastrophic sensor-related failures occur?

Data revolution backlash: Consumers prepared to take decisive action if organizations mishandle data (Help Net Security) US consumers believe technological advancements pose a risk to their data privacy; believe it is the responsibility of organisations to make the purpose

Commissioner warns against danger of 'datafying' children (Computing) Parents and children must understand how and why data is being collected by toy-makers,Threats and Risks ,risk,Cyber security,Internet of Things

Russia’s Kaspersky Lab uncovers over 380,000 mass cyber attacks daily (TASS) Russian antivirus software provider, Kaspersky Lab, detects more than 380,000 far-reaching malicious cyberattacks daily

Marketplace

Merck & silent cyber impacts drove Petya industry loss: PCS (Artemis.bm) It was the impacts to pharmaceutical giant Merck as well as silent cyber exposure that drove the insurance and reinsurance industry loss from the 2017 Petya / NotPetya cyber attack, according to PCS, providing a further warning of how cyber losses can hit multiple business lines.

Demand for cybersecurity professionals continues to accelerate (Help Net Security) Efforts to address the shortage of cybersecurity workers are underway on many fronts, but progress has been frustratingly slow.

Uniken Secures $10 Million in Funding Bringing Total Investment in Company to $20 Million (AP NEWS) Uniken , a customer-first cybersecurity company, today announced it has secured an additional $10 million in funding from a strategic North American family office and management entity, bringing total investment in the company to $20 million.

Cyber startup Dragos looks to raise up to $38 million in new round (Baltimore Business Journal) DataTribe-born cybersecurity firm Dragos Inc. has raised $30 million in a new funding round, according to recent filings with the U.S. Securities and Exchange Commission.

Guardians of the Cyber World: 7 Best Cybersecurity Funds to Buy (InvestorPlace) Cybersecurity funds are poised to benefit from positive growth in spending trends within the space. These are the best ETFs that will benefit.

Is Now a Good Time to Load Up on Palo Alto Networks Stock? (The Motley Fool) This cybersecurity specialist looks like a bargain.

Dragos Expands Accomplished Executive Team (BusinessWire) Dragos announced today the additions of Jill Samuel, Vice President of Human Resources, and Anna Yong, Vice President of Marketing.

Products, Services, and Solutions

DFLabs Innovative Open Framework Enables Fine Grained Integration of SOAR and Security Tools (BusinessWire) New DFLabs open integration framework enables fine grained customization of SOAR actions between IncMan and security tools with no complex coding.

Privakey Partners with FIDO Board Member Raonsecure for Joint Solution (Privakey) Privakey is pleased to announce a partnership with Raonsecure, a Seoul based ICT integrated security company and board member of the FIDO Alliance.

Guarding families against growing cyber threats (Insurance Business) While the rise of internet-enabled devices has made life easier, it has also led to increased vulnerabilities

VMware Unveils New Blockchain Service (SecurityWeek) VMware announces new service designed to help enterprises use permissioned blockchain

KnowBe4’s New GRC Platform Takes the Bite out of Risk Management (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has released a new, upd

New voke Impact Note Explores Bromium Protected App (Security Boulevard) Hackers only need to get it right once to bypass cyber security solutions and bring chaos to your organization, compromise your application integrity, and abscond with your IP.

Carbon Black Expands Japanese Presence (Nasdaq) Cb Predictive Security Cloud (PSC)® launches Japan data residency

Zimperium Launches Latest Version of Machine Learning-Based Security for Mobile Apps (BusinessWIre) Zimperium announced the availability of the latest version of zIAP, its machine learning-based mobile security solution.

Secure CyberID and Gallagher Affinity Join Forces to Help Small to-Midsize Federal Contractors Fight the War Against Cyber Attacks (PR Newswire) Gallagher Affinity has launched its new online 360 Coverage Pros portal, a discounted suite of cyber security...

Technologies, Techniques, and Standards

How does site isolation defend against Spectre vulnerabilities? (SearchSecurity) Google Chrome enabled site isolation as a defense against Spectre-based attacks that exploit how processors manage performance-enhancing features. Learn more about the site isolation project.

Five key considerations when developing a Security Operations Center (Help Net Security) Organizations should start with the following five key considerations if they are to get the most out of their Security Operations Center.

Finding Gold in the Threat Intelligence Rush (Dark Reading) Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.

5 Things the Most Secure Software Companies Do (and How You Can Be Like Them) (Dark Reading) What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.

Design and Innovation

Phone companies slammed for lousy robocall efforts (Naked Security) By this time next year, says Chairman Ajit Pai, the FCC wants to see an anti-robocall system on consumers’ phones – or else.

How big data can help identify and motivate voters (TechRepublic) Chris Wilson of WPA Intelligence explains how data analytics experts could help increase voter turnout.

Academia

Regionally-oriented national school for cyber security opens in Dakar, Senegal (France Diplomatie :: Ministry for Europe and Foreign Affairs) On 6 November 2018, the French Minister for Europe and Foreign Affairs, Jean-Yves Le Drian, opened a new school in Dakar, Senegal, to train African officials on cyber security issues.

National School for Cybersecurity Opens in Senegal (Infosecurity Magazine) Backed by support from France, Senegal launches new school for cybersecurity in Dakar

Legislation, Policy, and Regulation

US assists Ukraine in increasing its cyber defense level (Ukrinform) Ukraine has received the assistance to improve its cyber defense level within the framework of the USAI ITI agreement.

Spain and Russia agree to set up joint cybersecurity group (AP NEWS) The foreign ministers of Russia and Spain say they agreed to establish a joint cybersecurity group to keep the malicious spreading of misinformation from damaging relations between their countries.

Russia Faces More US Sanctions Over British Poisoning Case (VOA) Trump administration says Russia has failed to prove it no longer used chemical or biological weapons

Tehran keeps probing crypto in search of sanction relief (Asia Times) Are Iran, China and Russia about to implement a crypto-currency-friendly alternative to the Western-centric SWIFT international payment system?

New Sanctions, New Hurdles for Western Firms Still Doing Business in Iran (Wall Street Journal) As new U.S. sanctions on Iran start to bite this month, Western companies still doing business in the country face fresh hurdles in a market that has been both enticing and tough to crack.

Security guarantees will be meaningless under encryption-busting laws: Senetas (ZDNet) If an Australian company is compelled by legislation to deny that a capability in its products exists, then its assertions are meaningless, security company Senetas has said.

Analysis | The Cybersecurity 202: Democrats promise their control of House means cybersecurity policy changes (Washington Post) Election security and supply chain security are top priorities.

From the 116th Congress to 2020 (PwC) How will policy and regulatory changes affect your business?

Microsoft wants to work with Trump and Congress on cybersecurity (CNBC) Microsoft's president told CNBC the company wants to work with Congress to establish cybersecurity measures for civilians.

World Wide Web Inventor Wants New 'Contract' to Make Web Safe (SecurityWeek) World Wide Web inventor Tim Berners-Lee called for a "contract" to make internet safe and accessible for everyone, saying the internet has deviated from the goals its founders had envisaged.

Cybersecurity officials start focusing on the 2020 elections (AP NEWS) An unprecedented federal and state collaboration to defend election systems against Russian interference ended with no obvious voting system compromises, although it's not entirely clear why. Federal officials are wondering whether foreign agents are saving their ammunition for the 2020 presidential showdown or planning a late-stage misinformation campaign to claim Tuesday's election had been tainted. It doesn't change how vulnerable most states are to possible interference.

Facebook Thwarted Chaos on Election Day. It’s Hardly Clear That Will Last. (New York Times) Facebook made strides toward cleaning up its service in the last two years. But it continues to behave most responsibly only when placed under a microscope.

Secretary Kirstjen M. Nielsen Statement on National Critical Infrastructure Security and Resilience Month (Department of Homeland Security) Secretary of Homeland Security Kirstjen M. Nielsen released a statement on President Trump’s Proclamation of November as National Critical Infrastructure Security and Resilience Month.

Critical infrastructure protection legislation is maturing. Will your utility be ready? (Smart Energy) 2019 will be an important year for the energy sector as global utilities in smart energy, water and gas address the compliance requirements for critical infrastructure ordered by both the NIS Directive and GDPR in the EU.

The Starter Pistol Has Been Fired for Artificial Intelligence Regulation in Europe (SecurityWeek) Democracy itself is threatened by unbridled use of Artificial Intelligence (AI), says Paul Nemitz, who has essentially fired the starter pistol for European AI Regulation.

Keynote Address by Glenn S. Gerstell, General Counsel NSA to the American Bar Association 28th Annual Review of the Field of National Security Law Conference (IC ON THE RECORD) Starting my remarks with a short quotation from a hearing before the U.S. Senate seems fitting given that we’re at a legal conference in Washington...

Trump forces out Jeff Sessions as US attorney general (Federal News Network) Attorney General Jeff Sessions resigned as the country's chief law enforcement officer after enduring more than a year of blistering and personal attacks over being recused from the Russia investigation.

USPTO Names Silicon Valley Tech Attorney As New Deputy Director (Intellectual Property Watch) The United States Patent and Trademark Office (USPTO) today announced a new deputy director, Laura Peter, a veteran intellectual property attorney, most recently at Silicon Valley cyber-defence firm A10 Networks.

Litigation, Investigation, and Law Enforcement

Sessions’s ouster throws future of special counsel probe into question (Washington Post) The new acting attorney general could sharply curtail Robert S. Mueller III’s authority or budget.

Gab cries foul as Pennsylvania attorney general subpoenas DNS provider (Ars Technica) "I struggle to see a legit basis for this," one First Amendment expert told us.

Privacy International Files GDPR Complaints (Infosecurity Magazine) Privacy International Files GDPR Complaints. Oracle, Experian and Equifax are among companies in the crosshairs

Zuckerberg rebuffs request to appear before UK parliament (AP NEWS) Facebook CEO Mark Zuckerberg has rejected a request to appear before an international parliamentary committee delving into the questions around fake news.

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service (KrebsOnSecurity) A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.

Israeli tech helped Saudis kill journalist, Snowden tells Tel Aviv confab (Times of Israel) Fugitive NSA leaker lambastes Israel’s NSO Group as 'the worst of the worst,' is rebuked by former Mossad official who now works in the surveillance industry

Sim Swapping Crypto Stealing Hackers Arrested by Turkish Police (HackRead) Eleven Turkish individuals have been arrested by Turkish police department for stealing cryptocurrency worth approx. $80,000 via Sim Swapping.

DDoS attacker who targeted Steam, Sony and Electronic Arts pleads guilty (Computing) DerpTrolling 'brains' Austin Thompson faces up to ten years in prison over DDoS campaign

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

The Pesky Password Problem: How Hackers and Defenders Battle For Your Network Control featuring Kevin Mitnick
Cyber Security Summit - CYBERWIRE95

Upcoming Events

SINET Showcase (Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business event environment that facilitates valuable networking, immersive learning and leads the critical debate through cutting-edge content. The Infosecurity North America conference program provides access to the latest information security insight presented by leading experts, practitioners and thought leaders. The panel discussions, presentations, demos and workshop will provide you with the information and skills you need to strengthen your organization’s cyber defenses against the threats of tomorrow.

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore how the Army-Industry team can best collaborate to achieve cost-effective, innovative solutions to military problems, seamlessly reallocate resources as conditions change, and with the speed and efficiency that adversaries cannot match.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote authorization. Securing Digital ID is a unique event for executives, policy makers, product developers and engineers interested in identity security and authentication. The conference will be held in partnership with TWST Events on December 4-5, 2018 at the Hilton Alexandria Mark Center minutes from Washington, D.C.

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work with government cybersecurity authorities and regulators. The forum will offer insights, practical advice, case studies and workshops tailored to the needs of executives and managers. (Request an invitation at the link.)

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.