The CyberWire Daily Briefing 09.18.15

Summary

By The CyberWire Staff

Members of Russia's military forces have for several months been receiving "well crafted" phishing emails, and these are (apparently) the work of Chinese intelligence services. Discovered and disclosed by Proofpoint, the espionage campaign is directed at military capability and telecommunications systems. (Proofpoint says Russian-speaking financial analysts covering the telecom sectors have been collateral damage.) The phishing emails distribute the PlugX remote-access Trojan using malicious Microsoft Word documents as vectors.

Meanwhile, Western targets continue to worry about China's Iron Tiger campaign, cyber operations in support of South China Sea territorial claims, and a "pledge of compliance" being required of companies doing business in China.

The Russian services aren't idle either, as F-Secure publishes a useful rundown of their Duke family of exploits.

Some insight into the workings of the exploit industry may be gleaned from the details of a recently discovered point-of-sale Trojan: it's been assembled from pieces of earlier kits.

ESET finds a new bit of crimeware:"Odlanor." This one cheats at online poker.

Schneider Electric pushes out some new firmware for the StruxureWare Building Expert building automation system. The patch stops a bug (not yet believed exploited in the wild) that transmitted plaintext user credentials between servers and client machines.

The UK's MI5 wants, as a matter of policy, extensive access to communications. US crypto policy wars continue, with fresh arguments that universal encryption need not unduly burden law enforcement.

Cyber insurance large print giveth, but small print taketh away: risk from your business partners being phished isn't covered.

Notes.

Today's issue includes events affecting Brunei, Cambodia, China, European Union, Indonesia, Japan, Laos, Malaysia, Myanmar, Philippines, Russia, Singapore, Taiwan, Thailand, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

Hackers Are the Problem, Workers the Weak Point (CFO) It only takes one employee clicking on the wrong link to give away the keys to the kingdom

Top cloud security issue? Lack of visibility (Help Net Security) Lack of visibility into cloud deployments and associated provider security practices and controls is a source of major dissatisfaction amongst IT professionals, according to the SANS Institute

Legislation, Policy and Regulation

China tells US tech companies to sign PRISM-like cyber-loyalty pact (Ars Technica) "Pledge of compliance" may require companies to turn over data, install backdoors

The Chinese Cyber Threat in the South China Sea (Diplomat) ASEAN needs to get serious about the role of cyberspace in conflicts over the South China Sea

In First Live Interview, Britain's MI5 Chief Seeks More Powers to Fight Terrorism (New York Times) The head of Britain's domestic intelligence agency, MI5, appealed on Thursday for broader legal powers to deal with advances in technologies and what he described as a more diffuse and serious terrorist threat

MI5 chief Andrew Parker: Social media companies must reveal details of terror threats (Telegraph) Andrew Parker urges firms to disclose intelligence as he reveals six terror attacks foiled in year and level of plotting against UK at three-decade high

MI5 boss warns of technology terror risk (BBC) Advances in technology are allowing terrorists to communicate "out of the reach of authorities", head of MI5 Andrew Parker has told the BBC

MI5 vs WhatsApp — The Case for Cyber Espionage (Check & Secure) "In our country, do we want to allow a means of communication between people which we cannot read?"

Opinion: Why we should not fear a world of 'universal encryption' (Christian Science Monitor Passcode) The FBI's newest argument for why it needs built-in access to your encrypted digital communications demonstrates exactly why that's unnecessary

DoD CIO: Make it expensive for hackers to play (C4ISR & Networks) As recent events have shown, cyberattacks are extraordinarily expensive for the victims

The need for speed: How America's next military advantage relies on nimbler cybersecurity (Christian Science Monitor Passcode) Cyber attackers have speed on their side. This is how defenders can level the playing field — and get ahead

DoD hopes better cybersecurity automation will weed out 'basic players' (FierceGovernmentIT) The Defense Department is working with Silicon Valley to bolster cybersecurity with a specific focus on automating the detection and reaction of "zero-day" attacks on defense networks

Classified Smartphones, Silicon Valley Worker Swap and 3 Other Takeways from the Pentagon CIO Briefing (Nextgov) The Defense Department made news this spring when Ash Carter became the first defense secretary in almost 20 years to visit Silicon Valley

House Panel Approves Legislation that Allows Privacy Suits From EU Citizens (Legaltech News) Passage of the Judicial Redress Act clears the way for implementation of the Umbrella Agreement

Half of Security Pros Expect Cybersecurity to Be a Key Issue in 2016 Presidential Race (Tripwire: the State of Security) More than half (55 percent) of information security professionals anticipate cybersecurity will factor as a key issue in the 2016 U.S. Presidential race

Nozzolio: Excellus needs to answer questions about cyber attack, impact on consumers (Auburn Citizen) State Sen. Michael Nozzolio is urging a major health insurance company to provide more information to customers after a cyber security firm found a data breach in August

Head of NCA's cyber crime unit leaves for private sector job (ComputerWeekly) Andy Archibald, The National Crime Agency's head of cyber crime leaves to take up a job in the private sector

Dateline

From the Billington Summit: the Economics of Cyber Conflict and a Security Role for Markets (The CyberWire) Several clear themes emerged at this sixth annual Billington summit. The adversaries' tradecraft is getting better, but "better" isn't necessarily synonymous with "novel" or "innovative." Rather, we see familiar exploits used successfully against known vulnerabilities

Products, Services, and Solutions

Apple watchOS 2 on hold (but iOS 9 on fire!) (Naked Security) Apple's week has been a bit of a curate's egg

Black Duck Hub is MassTLC’s Innovative Technology of the Year in Security (Black Duck) Company launches initiative to improve security of increasingly popular container technology

G DATA unveils secure messaging app based on elliptic curve cryptography (FierceITSecurity) German antivirus firm G DATA released on Thursday its security messaging application, Secure Chat, which uses elliptic curve cryptography to provide secure communications on Android phones

Trustwave rides the mobile security wave with new cloud-based platform (FierceITSecurity) Endpoint security firm Trustwave is expanding its presence in the mobile security space with the launch Wednesday of its new cloud-based Secure Mobility Platform

What the LastPass CLI tells us about LastPass Design (System Overlord) LastPass is a password manager that claims not to be able to access your data

Reusing Passwords on Different Sites Should be OK (Virtual Strategy Magazine) Concept Blossom, creator of Synctuary encrypted file sync and sharing, declares that it is ok to reuse passwords at different sites where passwords are never exposed to servers

Technologies, Techniques, and Standards

Why the security industry needs a standardized framework for CASBs (TechTarget) The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group

Vodafone's data breach a lesson for tech companies to be open about mistakes (Guardian) All telecommunications companies that handle Australians' personal data should take heed: report security lapses because you will get caught out too

The do's and don'ts of maintaining information security transparency (FierceITSecurity) A data breach can be embarrassing and reputation-damaging for an organization

Delving into an enterprise IoT initiative? Read this first (TechTarget) From the business problem to the technology, here's what CIOs need to know to get started on an enterprise IoT initiative

Managing shadow IT risk to the business (TechTarget) With more users turning to external IT platforms to meet business needs, IT professionals must take steps to start managing shadow IT

Small businesses must address security and privacy (Dell Power More) I've been working with hundreds of businesses over the past fifteen years, and I've found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy

Cybersecurity's Human Factor: Lessons from the Pentagon (Harvard Business Review) The vast majority of companies are more exposed to cyberattacks than they have to be

Marketplace

Cyber threats create new customers for defense firms (Busienss Insurance) A broadening wave of cyber attacks is drumming up new clients for defense companies as anxiety about the loss of sensitive data spreads from military chiefs to company bosses

Cyber Liability Insurance's Data Problem: Mining for Destruction (Tripwire: the State of Security) Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses

CSOs could see 7% raise next year (CSO) Recruiting and staffing specialist Robert Half Technology released its annual guide to U.S. tech salaries, which finds wireless networking engineers are in line for the biggest pay hike

Security Patches, Mitigations, and Software Updates

Schneider Patches Plaintext Credentials Bug in Building Automation System (Threatpost) Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability

Google fixes an Android Lollipop lockscreen bypass bug — how bad was it? (Naked Security) Google pushed out its first-ever monthly security update for Android in August, fixing the Stagefright vulnerability that an attacker could use to own your device with a malicious MMS message

iTunes 12.3 brings support for two-factor authentication (Naked Security) Ever since a the celebrity nude photo scandal of 2014, in which many stars had their personal photos stolen out of their iCloud accounts, Apple's been keen to beef up its security

iOS 9 partially fixes critical, easily exploitable AirDrop bug (Help Net Security) Apple has released iOS 9. Along with many new and improved security and privacy features, fixes for a bucketload of security vulnerabilities have been included in this latest version of the company's mobile OS

Could iOS 9 be Apple's greatest gift to enterprise IT? (Network World) Apple's latest announcements for its mobile ecosystem had plenty to do with the enterprise

Cyber Attacks, Threats, and Vulnerabilities

Russian military attacked, possibly by Chinese cyber group (CSO) Members of the Russian military have been receiving well-crafted phishing emails since mid-summer

In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia (Proofpoint) Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing

The DUKES APT — 7 years of Russian state sponsored hacking (F-Secure) This whitepaper explores the tools — such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc. — of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making

Iron Tiger: How hackers have stolen terabytes of confidential data from US high-tech firms (Tripwire: the State of Security) A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors

New POS Trojan created by mixing code from older malware (Help Net Security) A newly discovered POS Trojan is a perfect example of how easy it is for malware makers to come up with new malware — they can simply recycle code used in older malicious software

TeslaCrypt 2.0: Cyber Crime Malware Behavior, Capabilities and Communications (iSight Partners) As part of our normal course of operations as a cyber threat intelligence provider, we monitor the cyber crime underground and provide analysis to our clients on new and emerging threats

Coinvault, are we reaching the end of the nightmare? (SecureList) The ransomware sequel: alternative ways of profit harvesting

The Trojan Games: Odlanor malware cheats at poker (We Live Security) Whenever ESET malware researchers discover a new interesting attack, a new piece of malware, or an old threat evolving in an interesting way, we share the news on this blog

Scan of IPv4 Space for 'Implanted' Cisco Routers Finds Fewer Than 100 (Threatpost) A day after researchers detailed a technique that attackers are using to upload malicious firmware images to Cisco routers, academic researchers say they have scanned the entire IPv4 address space and discovered a total of 79 likely compromised routers - See more at: https://threatpost.com/scan-of-ipv4-space-for-implanted-cisco-routers-finds-fewer-than-100/114687/#sthash.C56T2XZI.dpuf

DNS Hijacks: What to Look For (Malwarebytes) The definition: The domain name system (DNS) is the way that internet domain names are located and translated into Internet Protocol addresses

800,000 fans of the Kardashians left exposed after privacy blunder (Hot for Security) Kim, Kendall, Khloe and Kylie. Some of the most famous people in the world with first names beginning with "K" launched their subscription-based apps, promising exclusive content from the Kardashian/Jenner clan earlier this week

American Airlines forced to ground flights over IT issues (ComputerWeekly) US airline confirms "connectivity issue" that prompted it to halt flights from several airports yesterday has now been resolved

How Mixed Content Compromises Security (Digicert Blog) When users visit a website secured by an SSL Certificate, they expect their data to stay safe. But what happens if only part of the site is secured?

Stolen credentials are key to avoiding breach detection (TechTarget) A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity

FBI and DHS Warn of Security Risks from the Internet of Things (Nextgov) The FBI and Department of Homeland Security have issued alerts about, in essence, the modern Internet

Academia

Cultivate a Talent Pipeline While Bridging the Cybersecurity Resource Gap (SecurityWeek) This is the time of year when students around the world head back to school. Many entering their final year of high school and those in college or at universities are thinking about courses of study that hold promising career opportunities, excitement, and challenge

University of Virginia will spend millions on new security after Chinese hack (Cavalier Daily) Hackers were present in University server since Spring 2014

Litigation, Investigation, and Enforcement

AT&T says malware secretly unlocked hundreds of thousands of phones (TechWorld) AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones

BitPay insurance claim rejected due to contract wording (CSO) Having business partners Phished doesn't count insurance company says

U.S. prosecutor to be stationed at Europol for cyber crimes (Reuters via Yahoo! News) The United States will post a prosecutor at Europol, Europe's police agency, to enable closer cooperation on international cyber crime investigations, U.S. Attorney General Loretta Lynch said on Wednesday

Web Hosting Sites Largely Shielded From Data Breach Claims (Law360) Amazon Web Services Inc. and GoDaddy.com LLC recently slipped out of a suit brought by three former Ashley Madison users by agreeing to comply with future court orders to remove hacked data posted on their sites, and other hosting sites are likely to easily skirt such claims as long as they remain passive conduits for the stolen data, attorneys say

Expect HIPAA noncompliance fines for BAs soon, attorney says (FierceHealthIT) We should expect to see a HIPAA noncompliance enforcement action soon against a business associate

Tor relay turned back on after unanimous library vote (Naked Security) Live free or die

How a small New Hampshire library stirred up a digital rights debate (Christian Science Monitor Passcode) A pilot project to use computers in the Lebanon, N.H., library as servers for the anonymous Tor browser was celebrated by online privacy advocates but raised concerns among law enforcement

Design and Innovation

New Crypto Tool Makes Anonymous Surveys Truly Anonymous (Wired) At the end of a semester teaching an undergraduate math course a few years ago, Cornell Tech researcher and crypto professor Rafael Pass asked his students to fill out the usual anonymous online course evaluation

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities plaguing the virtual world. Hacker Halted will also feature several highly technical and advanced workshops that cover the most current security topics and will include EC-Council's most sought after certification classes. Hacker Halted runs concurrently with the invitation-only Global CSO Forum

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section, FBI), and the father of the internet, Vint Cerf

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.