The CyberWire Daily Briefing 09.21.15

Summary

By The CyberWire Staff

In separate actions Anonymous and associated hacktivists go after the governments of Vietnam and the Philippines, the former targeted in support of repressed dissidents, the latter because Anonymous is angry over slow Internet speeds.

Chinese intelligence services are said to have used data gleaned from the OPM breach to compromise US defense contractors and steal technical secrets. Observers wonder about the "lingering" and "ripple" effect of OPM's loss of 22 million people's records. (To achieve clarity about those ripples, note that an SF-86 questionnaire contains information not only about the applicant, but also about the applicant's family and associates, so 22 million is probably an order of magnitude low.)

Such cyber capers and tensions will be highlighted in the upcoming Sino-American summit. Both sides appear to be pulling in their horns, pre-talks, as security companies see Chinese operations slackening (the ministry for the governance of barbarians having apparently decided on a lighter hand, for now) and a pause in US progress toward sanctions (the sheriff not yet giving the posse the word to ride). Observers see an inflection point: either cyberwar or détente. The smart money's on détente, but it's been wrong before.

Apple purges the iStore, as compromised developers appear to have inadvertently introduced XCodeGhost malware into popular apps.

Private D-Link software keys appear to have been found in D-Link's open-source firmware.

Krebs has an interesting rundown of Verizon's post-mortem on the 2013 Target breach: once in, there seemed to be little to impede hackers' progress through point-of-sale systems.

Notes.

Today's issue includes events affecting China, Denmark, European Union, Finland, France, India, NATO, Netherlands, New Zealand, Norway, Philippines, Russia, Sweden, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

The Biggest Problem with the Internet of Things? Hint: It's Not Security (Tech.co) Security is a major concern with those who are watching the development of the Internet of Things

Safeguarding the Internet of Things (Wall Street Journal) The Internet of Things delivers new ways to create and capture business value, but also creates some frightening new vulnerabilities that organizations must take specific actions to address

The real concerns about artificial intelligence (CSO) Speakers at the DARPA Wait What? Future Technology Forum discuss their concerns with artificial intelligence — software bugs and other security issues top the list, rather than AI robots becoming sentient and taking over the world

Corporate employees using unsecure apps for work: IBM (SC Magazine) When it comes to security many corporate employees are willing to take the risk of using unsecured, third-party apps if it means making their job easier, a new IBM Security study found

Cybersecurity Demands Culture Change, DoD Official Says (US Department of Defense) A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday

Just How Costly, Fast-Growing Is Cyber Risk? (Insurance Journal) Cyber risk is costing the global economy $445 billion annually, $108 billion of which comes from the U.S., according to a new report

It Usually Takes Half a Million Dollars to Recover from a Data Breach (Softpedia) A survey carried out by Kaspersky and B2B International on 5,500 companies in 26 countries highlighted the importance of securing a company's IT infrastructure against accidental or intentional data breaches

UK Is The Champion Of Keeping Businesses Safe Online (TechWeek Europe) Trend Micro study finds that UK beats out European neighbours when it comes to dealing with cyber-attacks

Legislation, Policy and Regulation

U.S. and China Seek Arms Deal for Cyberspace (New York Times) The United States and China are negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other's critical infrastructure during peacetime, according to officials involved in the talks

Is The U.S. And China's Cyberwar Reaching A Detente Or A Flashpoint? (TechCrunch) Chinese President Xi Jinping will be visiting the U.S. this week and his trip could not have come at a more critical time, as the cyber-conflict between Beijing and Washington is reaching a tipping point

Chinese computer hack attacks slow ahead of Obama summit: experts (Reuters) Major intrusions by Chinese hackers of U.S. companies' computer systems appear to have slowed in recent months, private-sector experts say, ahead of a meeting between China's president and President Barack Obama with cyber security on the agenda

US Reportedly Not Planning Cyber-Sanctions Before Xi Visit (Disptach Times) Among them, Guo Yushan was released on September 14 in a move believed created to appease the United States ahead of Xi's visit, rights groups said

Intelligence official: Not our job to warn OPM of cyber threat (CNN) A top national intelligence official says the intelligence community had no responsibility to warn the Office of Personnel Management about vulnerabilities that led to the massive hack of more than 21 million sensitive federal employee records — despite the incident now being a significant national security risk

Cyber: the opposite of the Cold War? (C4ISR & Networks) The cyber domain draws many comparisons to the domains and conflicts that came before it in military history

While the US Army Sharpens Its Cyber Defenses, the Navy Faces the 'Real' Deal Right Now (Defense One) U.S. Fleet Cyber Command conducts 'real world operations because they're there, and we don't have a choice' while the Army's Cyber Command is cautiously getting on its feet

Should Hacked Feds Lose Security Clearance? (Defense One) DHS security chief is considering a tough-love approach after some senior officials fail repeated tests

Five myths about classified information (Washington Post) The controversy over Hillary Clinton's use of a private e-mail account while she was secretary of state has centered on whether she used it to send or receive classified messages

Indian draft rules on encryption could compromise privacy, security (CSO) The government's focus is on ensuring access to information by law enforcement agencies

EU Data Protection Legislation: Is your employee data safe? (ITProPortal) The past year has seen a flurry of high-profile data security breaches in the news, with the exposure of customer details and credit card information frequently hitting the headlines

Products, Services, and Solutions

New IBM Tool Wants To Bring Shadow IT Under Control (TechCrunch) This morning IBM introduced a new tool called IBM Cloud Security Enforcer, whose purpose as you might guess is helping IT to root out unauthorized cloud apps inside organizations

IBM's upcoming blockchain release could change the internet (ExtremeTech) IBM has announced that it will soon release its own, open source version of blockchain software

Webroot's Flagship BrightCloud® Threat Intelligence Platform Earns Top Cybersecurity Honors from Frost & Sullivan (PRNewswire) Based on its recent market analysis, Frost & Sullivan recognizes Webroot with the 2015 North American Cybersecurity for Robotics & Industrial Control Product Leadership Award

FinalCode secures docs with file encryption software (TechTarget) FinalCode's software allows IT to keep tabs on all their corporate docs

Technologies, Techniques, and Standards

IT metrics for security services (IT World Canada) Information Technology, especially the next generation of Social, Mobile, Analytic and Cloud (SMAC) technologies, is a complicated beast (the tale of the blind men describing the elephant seems to fit well)

What Do You Do When Employees Start Using a Free Cloud Service? (Harvard Business Review) What do you do as CIO when people in your company start using a free cloud service that's better than the similar service you deployed for them at great expense?

Tighten up your cyber security strategies now (CSO) While there are many security offerings to help an organization better protect itself from the onslaught of cyber threats knocking on its perimeter, no one solution is enough to reduce risk in this dynamic landscape

5 things that Facebook's security guru says every user should do to be safe online (Business Insider) Facebook has over 1.49 billion monthly active users, with people in the US spending a staggering 27 hours on the social networking site every month

Securing the retail experience: Tips to avoid the disastrous data breach (Retail Customer Experience) Data breaches, stolen credit card data and hacking into databases are becoming everyday scenarios for both small and large retailers

Dealing with a Data Breach and Maintaining Customer Trust (Point of Sale News) Retailers rely on the satisfaction and trust of their customers in order to successfully operate and grow; unfortunately, many businesses may be neglecting to prioritize protecting their customers' data

Malvertising: How can enterprises defend against malicious ads? (TechTarget) Malicious ads are becoming an increasing threat vector

Symantec Says Not to Pay When Data Gets Caught in Ransomware (Observer) Companies that pay a data ransom end up paying more data ransoms

Marketplace

Cyber-risk Knowledge Gap Widens Between C-Suite and IT (Infosecurity Magazine) When it comes to alerting C-suite executives about cyber-risk, IT and security professionals are still doing a terrible job, bogged down in technical jargon and a lack of business context

Global cyber-insurance market predicted to growth to £4.8bn by 2020 (SC Magazine) New research by PwC predicts that the global cyber-insurance market could expand to US$ 7.5bn (£4.8bn) in annual premiums by 2020

Insurers struggling to shield businesses from cyber attack risk (V3) The unpredictable nature of cyber attacks is making it hard for the insurance industry to create policies that offer adequate protection for businesses facing this threat

Cybersecurity Poses Challenge to Accountants (Accounting Today) Accountants need to be at the forefront of cybersecurity to safeguard the sensitive personal and corporate financial information they handle, according to a new report

Six things HR needs to know about cyber security (People Management) Information protection is no longer just IT's responsibility

Research and Development

The Tricky Encryption That Could Stump Quantum Computers (Wired) On August 11, the National Security Agency updated an obscure page on its website with an announcement that it plans to shift the encryption of government and military data away from current cryptographic schemes to new ones, yet to be determined, that can resist an attack by quantum computers

Pentagon is building massive database to stave off vulnerabilities (Daily Times Gazette) The Pentagon will build a massive database of all the vulnerabilities for the government to stay one-step ahead of the hackers

Encouraging information security research for the real world (Harvard John A. Paulson School of Engineering and Applied Sciences) PayPal co-founder Max Levchin announces cryptongraphy prize during visit to SEAS

Security Patches, Mitigations, and Software Updates

Google Details Plans to Disable SSLv3 and RC4 (Threatpost) As expected, Google formally announced its intent to move away from the stream cipher RC4 and the SSLv3 protocol this week, citing a long history of weaknesses in both

After iOS 9 launches, Ad blockers top the App Store chart (Naked Security) Ads are larger and harder to dismiss on mobile, they slow down page loading with JavaScript, that in turn leads to burned battery power, they waste the cellular data that many of us have to pay for on a metered basis — and they can be used to deliver malware, exploits and fraud

iOS 9 breaks VPNs, prevents server access for many (InfoWorld via CSO) Cisco AnyConnect and other VPNs may or may not work for your servers, as Apple breaks split-tunnel compatibility

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty (Threatpost) Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9

Cyber Attacks, Threats, and Vulnerabilities

Anonymous, AntiSec and HagashTeam Deface Vietnamese Websites in a Joint Operation (Softpedia) Three of the Internet's biggest hacktivism groups, Anonymous, AntiSec and HagashTeam, have carried out a joint operation in which they've defaced numerous pages on the Vietnamese government portal

Anonymous Philippines Hacks Telecom Commission Site Against Slow Internet Speed (HackRead) Anonymous Philippines, an affiliate of the online hacktivist group Anonymous, hacked and defaced the official website of the country's National Telecommunications Commission (NTC) Sunday afternoon

Report: Chinese Hackers Used OPM Data To Steal US Military Intel; 'Significant Risk To US Military' (Forbes) Chinese hackers used data stolen from April's OPM breach in recent thefts of terabytes of sensitive data from U.S. defense contractors, according to Trend Micro's Vice President of Cybersecurity Thomas Kellerman

After the OPM breach: ripple effects and lingering questions (GCN) This security breach of Office of Personnel Management systems that compromised the personal information of more than 22 million people continues reverberate throughout government

Apple's iOS App Store suffers first major cyberattack (Globe and Mail) Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users (Graham Cluley) If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library

Detecting XCodeGhost Activity (Internet Storm Center) End of last week, Palo Alto Networks published information about the "XCodeGhost" malware

China's awful internet speed has spread malware to millions of smartphones (Quartz) A security breach has affected Apple's App Store in China, potentially infecting millions of smartphones with malware and forcing the company to potentially remove hundreds of apps

Apple cleaning up iOS App Store after first major attack (Reuters) Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet

Windows Journal Vulnerability Disclosed Plus A Weekend Bonus (Fortinet) FortiGuard Labs disclosed a heap overflow vulnerability earlier this week in Windows Journal, a notetaking application developed by Microsoft that is included in Windows XP Tablet PC Edition, Windows Vista, Windows 7, Windows 8, and Windows 10

Active malware campaign uses thousands of WordPress sites to infect visitors (Ars Technica) 15-day-old campaign has spiked in past 48 hours, with >5,000 new infections daily

D-Link Accidentally Leaks Private Code-Signing Keys (Threatpost) A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage

Warning: Tax Credits Refund Phish (Malwarebytes Unpacked) Tax credit changes are something of a big deal in the UK at the moment, with an expected impact on finances for millions of people

Wire Fraud Phisher attempts to phish PhishMe, instead gets phished by PhishMe (PhishMe Blog) Every year PhishMe Simulator sends millions of phishing emails to its 500+ enterprise customers' employees worldwide. PhishMe is hands down the most robust and sophisticated phishing platform in existence

Inside Target Corp., Days After 2013 Breach (KrebsOnSecurity) In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses

Cyber-criminals increasingly targeting peer to peer and payday lenders, says new report (SC Magazine) A security technology company has highlighted how cyber-criminals are increasingly targeting online lenders

Five Bay Area news websites hacked, purpose unclear (KRON 4) Hackers took control of the five news websites of Embarcadero Media Group on Thursday night, according to the media outlet

Bulletin (SB15-264) Vulnerability Summary for the Week of September 14, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

NSA Codebreaker Challenge 3.0 (I Programmer) NSA, the United States National Security Agency, is challenging university students in the US to exercise their reverse engineering and low-level code analysis skills while working on a fictitious, yet realistic, security threat

Computer science program to put on Hackathon (Eastern Echo) Eastern Michigan University students have the opportunity to test their computer-programming and code-writing skills over a 24-hour period in a "Hackathon"

Litigation, Investigation, and Enforcement

Chaffetz demands mysteriously deleted OPM breach data (FCW) Oversight and Government Reform Chairman Jason Chaffetz wants OPM to explain its handling of a CyTech Services incident response tool

France tells Google to remove search results globally, or face big fines (Ars Technica) Google fears complying would lead to a race to the bottom for online freedom

Public-private co-operation in the Nordics tackles growing cyber crime threat (ComputerWeekly) Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase

SONY HACK WAS WAR says FBI, and 'we're still struggling to hire talent' (Register) Cybercrims may be safe at home, but Feds dare them to go on holiday

BYOD: Convenience or Data Security Disaster? (Legaltech News) Without proper oversight, personal devices in the workplace can be a nightmare for not only IT but also for legal

BitPay loses $1.8m in phishing attack (Finextra) BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses

To Catch Ransomware Suspects, Dutch Police Relied on a Russian Security Firm (Motherboard) In the latest example of the close-knit relationship between private cybersecurity companies and law enforcement, two men from the Netherlands have been arrested on suspicion of creating a piece of ransomware that infuriated victims for just over a year

Volkswagen shares plunge on emissions scandal, Germany plans own probe (Rueters) Volkswagen shares plunged more than 20 percent on Monday, their biggest ever one-day fall, after news that the German carmaker had rigged U.S. emissions tests

Three Symantec Employees Fired for Issuing Fake Google SSL Certificates (Softpedia) Symantec was forced to fire 3 employees after Google's engineers found rogue SSL certificates issued in its name used in the wild

Kim Dotcom US extradition hearing begins (BBC) The long-awaited extradition hearing for internet entrepreneur Kim Dotcom has begun in Auckland, New Zealand

Debate Continues Over Impact of Snowden Leaks (Legaltech News) Some consider Edward Snowden a hero. Others see him as a traitor. Many fall somewhere in between

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. The security implications of the Internet-of-things will be among the topics discussed

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section, FBI), and the father of the internet, Vint Cerf

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.