The CyberWire Daily Briefing 09.01.15

Summary

By The CyberWire Staff

ISIS competes with Shi'ite opponents on the Internet, with both sides now recruiting through increasingly cruel and inventive online posts of executions. ISIS's online appeal shows signs of reaching hitherto quiet Ghana. The hacktivists of Ghost Security say they've enjoyed considerable success against ISIS, even claiming to have disrupted terrorists' command-and-control.

The US continues to assess the damage done to intelligence operations by Russian and Chinese exfiltration and sifting of personal data. It also finds OSINT challenging OPSEC. As the US deliberates sanctions against Chinese and (reportedly) Russian cyber actors it's worth noting that such measures are expected to target specific individuals and companies, not the countries themselves, and that they appear directed against industrial espionage, not foreign intelligence collection.

All is not, however, bleak in Sino-American cyber relations as the two countries prepare for a summit. Research conducted by Penn State, Indiana University, and China's Academy of Science is said to have engendered "MassVet," which offers rapid security screening of large numbers of apps.

A Pakistani cyber riot is reported in India's financial sector.

Citizen Lab releases more details of a sophisticated Iranian phishing campaign that targets Iranian expatriates.

Alleged Colombian surveillance practices draw media attention.

The UK's National Crime Authority, which recently collared several teenagers for buying and using Lizard Stressor, sustains a retaliatory denial-of-service campaign by Lizard Squad skids.

In the US, opposition to cyber threat information sharing legislation derives from the difficulty of distinguishing sharing from surveillance.

Gizmodo says Ashley Madison used adulteress bots. Who knew?

Notes.

Today's issue includes events affecting Australia, China, Colombia, European Union, Ghana, India, Iran, Iraq, Japan, Pakistan, Russia, Syria, United Kingdom, United States

Selected Reading

Cyber Trends

Apple vs. Android: Mobile Security Pros and Cons (eSecurity Planet) Both Apple's iOS and Android have security strengths and weaknesses, experts say

Internet of Things: a huge realm of opportunity — and risk (Lexology) The Internet of Things goes by a deceptively simple title but includes a vast — and mushrooming — network of physical objects or "thing" that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices

Intel: Criminals getting better at data exfiltration (CSO) Enterprises tend to be highly focused on keeping attackers out of their systems, but most of the actual damage happens when the bad guys are able to successfully steal data

Unsecure Apple devices a 'huge' liability (SecurityWatch) A lack of security and management of Apple devices in the workplace is exposing businesses to significant liabilities, according to new research from cyberthreat firm Centrify

The Decline of Email Spam? (Trend Micro: Simply Security) As threat defense experts, Trend Micro has been delivering quarterly security roundup reports for several years now

How can banana peels help the infosec community? (Graham Cluley) By now, you have probably heard of the recent Federal Court ruling about the ongoing case between the Federal Trade Commission (FTC) and Wyndham Hotels

Vigilance, Diligence, and Banality (The Analogies Project) The Knights of the Silver Shield were tasked with keeping the country safe from the giants who lived in the forest

Legislation, Policy and Regulation

US Is (Almost) Ready to Impose Economic Sanctions on China Over Cyberespionage (Diplomat) Economic sanctions against Chinese companies and individuals could be imposed within the next two weeks

The US might sanction Russia as well as China over cyber attacks (Business Insider) The United States is considering sanctions against both Russian and Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials said on Monday

Rethinking the Obama-Xi Summit (Diplomat) How the U.S. might use the summit for a new "new model of great power relations"

Cyber sharing bill shares too much, critics say (CSO) Years of attempts to craft legislation that would promote sharing of cyber threat information within industry and government have gone nowhere. And this year's efforts are facing the same kind of criticism — that what government calls "sharing" amounts to surveillance

When It Comes To Encryption, Our Policy Makers Could Learn A Thing Or Two From Thomas Jefferson (Forbes) Thomas Jefferson was so interested in cryptography that he may have developed his own enciphering device after his mail was inspected by postmasters when the revolution was looming

NARA re-evaluating deadline for agency email records management systems, official says (FierceGovernment) The National Archives and Records Administration is communicating with agencies to see if they'll be able to meet the December 2016 deadline to develop systems to manage email records, a top NARA official said

Should the removal of personal info posted online be a human right? (Help Net Security) 69% of online Americans agree that the 'Right to be Forgotten' should be a human right, 29% think it allows for censorship. Only 16% think the 'right to be forgotten' is not practical

3 ways agencies can help meet the demand for cyber pros (Federal Times) We hear about them a lot — short– and long–range measures that could help close the cybersecurity skills gap for the feds if they ever were to happen, some from the White House, others via legislation from Congress

Products, Services, and Solutions

Acronis, Check Point Strengthen Partnership To Eliminate Mobile Threats (RTT News) Acronis, a global leader in data protection, and Check Point Software Technologies Ltd. (CHKP), a pure-play security vendor, announced a partnership to eliminate mobile threats for companies by providing integrated data security and protection for mobile workers

HyTrust brings automated security to VMware NSX (FierceEnterpriseCommunications) Cloud security automation company HyTrust released a new version of its CloudControl product at VMworld. With the release of version 4.5, HyTrust added new capabilities that tie into VMware's NSX software-defined networking product

Microsoft's Project Sonar: Malware detonation as a service (ZDNet) Microsoft's 'Project Sonar' service, which analyzes millions of potential exploit and malware samples in virtual machines, may be available to users outside the company in the not-too-distant future

Technologies, Techniques, and Standards

How Linux Foundation sysadmins secure their workstations (Help Net Security) Sysadmins around the world have been provided with another helpful guide on how to go about hardening their Linux workstations, as Konstantin Ryabitsev, Director of Collaborative IT Services at The Linux Foundation, has released the document on GitHub for anyone to download

Encryption at rest, what am I missing? (Internet Storm Center) I've been going up, down, and around with the topic of encryption at rest for a while now and I feel like I'm missing something big

What Ashley Madison got right (Naked Security) Amongst the hyperbole and horror of the Ashley Madison hack there is a bit of good news. OK, perhaps not exactly good news, but some more bad news that might have happened and didn't

NRF: Lawyers belong on the front lines in hacking scandals (Lawyers Weekly) The first port of call following a data breach should be a specialist lawyer who can coordinate a response under the protection of legal professional privilege, one insurance partner says

Who's afraid of shadow IT? (Help Net Security) One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools

Why collaboration is crucial in the battle for IT security (Help Net Security) Modern organizations are tackling a fast-paced threat landscape, how does collaboration help in this regard?

Marketplace

States and Localities Consider Security as a Service (Government Technology) Is security the next as-a-service offering you'll be sending to the cloud?

EMEA organizations are being pre-emptive about security (Help Net Security) In EMEA, organisations are being pre-emptive about security due to the increasing threat posed by targeted attacks

CSC to Combine Government Services Unit with SRA upon Separation from CSC (BusinessWire) CSC (NYSE: CSC) today announced that it has entered into a definitive agreement to combine its government services unit, Computer Sciences Government Services (CSGov), with SRA upon the spin-off of that unit, plans for which were announced in May

Singtel completes acquisition of Trustwave (e27) Acquisition of managed security services specialist Trustwave will help Singtel expand its line-up of cloud-based solutions; terms of the deal have not been disclosed

VMware, Inc. (VMW-$79.15*) Highlights from Analyst Day — Maintain Market Perform (FBRFlash) Yesterday, August 31, we attended VMware's analyst day in San Francisco as part of its annual VMworld user conference

HP to give VMware's software defined networking efforts a boost (ZDNet) HP has stepped up its VMware partnership to push the NSX software defined networking platform as both companies eye Cisco

FireEye, Cybergy Labs Form Gov't-Commercial Sector Cyber Defense Partnership (ExecutiveBiz) FireEye and a Cybergy Partners subsidiary have teamed up to combine their technology offerings and services in an effort to help government and commercial enterprises protect their information technology infrastructures from cyber threats

FireHost Is Now Armor, the Leader in Active Cyber Defense Focused on True Outcomes for Customers (BusinessWire) Armor delivers dwell times 100 times shorter than the 205-day industry average

Greenbelt company offering free cybersecurity training closes seed round (Daily Record) A Greenbelt-based company hoping to grow the world's cybersecurity workforce by offering free online training nabbed $400,000 in seed funding with help from a local angel investor

Elbit subsidiary tapped for signals intelligence capabilities (UPI) Cyberbit, a subsidiary of Elbit Systems, has been contracted to provide signals intelligence capabilities to law enforcement agencies in Europe and Africa

CSO burnout biggest factor in infosec talent shortage (CSO) The real cause of the talent shortage in the information security field isn't a lack of new people entering the profession, but retention and churn

Martin Miner Appointed CIO, SVP at Leidos; Roger Krone Comments (GovConWire) Martin Miner, former chief strategy officer for the national security sector's integrated systems group at Leidos (NYSE: LDOS), has been appointed chief information officer and senior vice president at the company

Barbara Humpton Appointed President and CEO of Siemens Government Technologies, Inc. (BusinessWire) Barbara Humpton has been named President and Chief Executive Officer at Siemens Government Technologies, Inc., effective October 1, 2015. Humpton joined SGT in October 2011 as Senior Vice President for Business Development

Research and Development

Spotting malicious apps on Android markets just got easier (Help Net Security) Spotting malicious apps before they are offered for download and/or removing them is a tough challenge for every online Android app marketplace, including Google Play, but recent research by a group of scientists from several US and China universities offers considerable hope for improving the practice

Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale (Informatics) An app market's vetting process is expected to be scalable and effective. However, today's vetting mechanisms are slow and less capable of catching new threats

NSF Awards $6M Grants for Internet of Things Security (Threatpost) The National Science Foundation announced on Friday that it has awarded $6 million in grants to fund projects working toward securing networked things

Federal study shows security banners can trick hackers into doing nothing (FierceGovernmentIT) New research finds that there are some simple, non-invasive steps that IT administrators can implement to discourage cyber attackers from carrying out damaging commands

Security Patches, Mitigations, and Software Updates

Linux 4.2 Released Improving Cryptography Options (Linux Planet) After eight release candidates, Linux 4.2 is now available, marking one of the longer development cycles in the last few years

Microsoft slips user-tracking tools into Windows 7, 8 amidst Windows 10 privacy storm (PCWorld) Worried about Windows 10's deep-reaching user tracking? Some of it's coming to Windows 7 and 8, too

Clean Install Windows 10: The Activation Myth (Softpedia) Installing Windows 10 can be easier said than done

Cyber Attacks, Threats, and Vulnerabilities

The Allure of ISIS Has Reached Long-Stable Ghana (Defense One) So far, recruits number a tiny handful of people in a nation of 26 million. But Ghanaians should hear alarm bells ringing

Islamic State brutally executes four men in response to slaying by 'Angel of Death' (Long War Journal) The Islamic State's so-called Anbar province has released the "caliphate's" latest in a long line of gory execution productions

'We know everything about ISIS online': Hackers claim foiling terror attacks in Tunisia & New York (RT) Ghost Security, a network of hacktivists formed earlier this year, claims that it thwarted two major terrorist attacks in the past month, as well impeding Islamic State's online recruitment drive

Russia and China could be 'making it impossible for the US to hide' its intelligence activities (Business Insider) US officials believe China and Russia are building a database of US intelligence information using massive amounts of files stolen from government agencies and private companies

How the US Periodically Reveals the Locations of Special Operations Missions (Vice News) Some very classified, top-secret special forces activity went down in Tunisia last week

Prepare a new dossier! Pakistan's cyber Mujahideen hit India (DDoSInfo) A month before Pakistan's ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai's financial district

London Calling: Two-Factor Authentication Phishing From Iran (Citizen Lab) This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist

Colombia Has a 'Shadow State' of Mass Surveillance, Report Says (teleSUR) The report says Colombian government agencies have been developing spying tools for unlawful collecting of mass data without judicial warrants

National Crime Agency website DDoSed by Lizard Squad (Naked Security) Intransigent sort-of hacker collective Lizard Squad is back

Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor (TrendLabs Security Intelligence Blog) We found that attackers in an active campaign have compromised a number of Japanese websites to serve as command and control (C&C) servers for the EMDIVI backdoor they're using and are currently targeting companies not only in Japan but also in the US

CoreBot Malware Steals Credentials — For Now (Threatpost) A new piece of data-stealing malware has a real thirst for credentials — and the potential for worse trouble down the line

CERT Warns of Slew of Bugs in Belkin N600 Routers (Threatpost) The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers

Fraudsters using credentials harvested from massive breaches, study finds (SC Magazine) Digital identities are being exploited on a routine basis by sophisticated cybercriminals, a new study from ThreatMetrix found

Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices (Dark Reading) KeyRaider stole 225,000 legitimate Apple accounts and slammed devices with ransomware and phony purchases, but only jailbroken gear, mostly in China, is affected

Internet users still using weak passwords a year after iCloud leak (Telegraph) Security experts warn than online dangers are increasing but Britons are failing to take proper measures

Boffins laugh at Play Store bonehead security with instant app checker (Register) Your malicious payload is cool with Google, just call it something else

Angler has a new exploit for Flash 18.0.0.209 (Malware Don't Need Coffee) Patched with the version 18.0.0.232, Flash 18.0.0.209 is now being exploited by Angler EK

WikiLeaks Data Dump Contains Malware Docs, Accessing Can Infect Your System (Hack Read) Some recent data dump released by WikiLeaks on their website contains documents infected with malicious software that can easily infect anyone accessing them, according to the discovery made by an autonomous data researcher Josh Wieder

Hidden Tear Offline Edition or: How I Learned to Stop Worrying and Love the Criminal Mind (Utku Sen Blog) Although lots of people have criticized me in Reddit and Github about publishing an open source ransomware program, I was still willing to develop a new version of it

DRDoS, UDP-Based protocols and BitTorrent (BitTorrent Engineering Blog) On July 1st, 2015, the security team at BitTorrent received a report from Florian Adamsky about Distributed Reflective Denial of Service (DRDoS) vulnerabilities affecting several BitTorrent products making use of UDP-based protocols

Ashley Madison used bots to entice men to spend money, says business is growing (CSO) ALMs bots were "a sophisticated, deliberate, and lucrative fraud" says Gizmodo

Ashley Madison Says Business Is Booming (TechCrunch) If you felt bad for the folks who work at "discreet encounter" site Ashley Madison, don't. They're just fine, apparently

TalkTalk isn't helping customers use safer passwords (Graham Cluley) At the beginning of last month, some TalkTalk customers were warned that their personal details may have been breached as part of the hack against British mobile phone operator Carphone Warehouse

Blue Coat Reveals the Web’s Shadiest Neighborhoods (SourceWire) These TLDs, with high numbers of shady sites dubbed "Shady TLDs" can provide fertile ground for malicious activity including spam, phishing. Report Shows That More Than 95 Percent of Websites in 10 New Top-Level Domains are Suspicious; .zip and .review Ranked as Worst Offenders

Academia

University's cybersecurity center hopes to protect Maine jobs (Bangor Daily News) The Maine Cyber Security Cluster at the University of Southern Maine is fast becoming a force in the fight against malicious cyber activity

Best Places to Find Cyberwarriors? Elementary Schools (SIGNAL) Government waits too long to cultivate students to enter work force, expert says

Summer camps, NSA-style (Deutsche Welle) The US National Security Agency (NSA) has run a summer program with the goal of recruiting the next generation of cyber specialists

Litigation, Investigation, and Enforcement

Google accused of abusing market position in India (ComputerWeekly) Google has until 10 September 2015 to respond to the findings of an Indian Competition Commission investigation into allegations of anti-competitive business practices

IRS had trouble helping identity theft victims due to budget constraints, TIGTA says (FierceGovernment) The Internal Revenue Service is having trouble assisting identity fraud victims because of budget constraints imposed by Congress over the last few years, according to the Treasury Inspector General for Tax Administration

FBI created fake Seattle Times Web page to nab bomb-threat suspect (Seattle Times) The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey's Timberline High School in 2007

Denver company maintained Hillary Clinton's private email server (LidTime) Asked whether she regretted setting up a private email server during her tenure at the State Department, Clinton said she has stated repeatedly that she does

Secret Service agent pleads guilty to stealing money from Silk Road dealers (Ars Technica) Agent also gets electronic monitoring after an attempt to adopt a "very odd" name

Information Technology Manager Pleads Guilty to Sending Damaging Computer Code to Former Company's Servers (US Department of Justice, Office of Public Affairs) A former information technology manager pleaded guilty today to sending damaging computer code to servers at his former employer, a software company

Design and Innovation

How Qualcomm plans to make phones and tablets safe from malware (ZDNet) A new security approach built into the Snapdragon 820 chip next year will provide protection from zero-day and other malware attacks

Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick (IDG via CSO) Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

upcoming Events

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries

Mid-Atlantic Security Conference (Gaithersburg, Maryland, USA, September 1, 2015) The conference is brought to you by Information Systems Security Association's Baltimore, NOVA, and National Capital Chapters. Join us for a full day of training on cybersecurity topics by industry leaders, hands-on workshops, and a Capture the Flag event and receive a certificate for 7 CPEs toward your professional certifications

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks. SIN 2015 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. It seeks to convene a high-quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in researching high-risk, high-opportunity paradigms to present their ideas. The discussions always challenge the current limitations of information security tools and technology, while disputing ng-held beliefs or the very foundations of security. You're bound to get fresh, new ideas from attending this workshop

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are the fraud ecosystem, trends in consumer fraud awareness (what's working and what's not), and threat intelligence

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Hosted at The World Bank headquarters in Washington, DC, the conference will generate dialogue across government and business, combining high-profile guest speakers, interactive roundtable sessions, and moderated debates. Additional networking events will complement each day's agenda, offering opportunities for real-time collaboration

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Risk management and enterprise cyber defense strategies figure among the agends

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this nation's cybersecurity

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.