The CyberWire Daily Briefing 09.25.15

Summary

By The CyberWire Staff

ISIS's social media may be more brittle that thought if a lead recruiter's death in a drone strike has the effect claimed by US intelligence services.

Britain's GCHQ is said to have undertaken very broad surveillance of Internet usage worldwide.

As Sino-US summit talks proceed, observers differ over the likelihood (and ultimate utility) of any cyberspace treaty. How the recent connection of the Naikon APT to PLA Unit 78020 and discovery of an ambitious adware campaign mounted by (or at least through) a Chinese mobile app promotion firm will affect negotiations remains to be seen. (US Intelligence Community leaders are said to advocate a tough line.)

The cyber black market shows fresh, if unsurprising, signs of sophistication in the Kasidet/Neutrino builder trade, Kovter's adaptation of Poweliks evasion techniques, and the spread of GreenDispenser ATM malware. Microsoft Word Intruder malware is also being trafficked in a well-established criminal market.

Malwarebytes finds the xHamster adult sight (against which John McAfee long ago warned the world, albeit on aesthetic as opposed to technical grounds) is serving up malvertising.

Long use and reuse of Uber credentials have apparently enabled criminals in China to compromise accounts.

Industry continues to draw lessons in software development and engineering ethics from the VW scandal (now also under investigation by Australian authorities).

Enterprises generally and increasingly see information-sharing as a linchpin of sound security, but US Government self-criticism sees room for more help to business. And privacy advocates continue to warn of sharing's downside (especially with respect to CISA).

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Iraq, Syria, United Kingdom, and United States.

Selected Reading

Cyber Trends

Engineers, Ethics, and the VW Scandal (IEEE Spectrum) Volkswagen's installation of a software "defeat device" in 11 million Volkswagen and Audi diesel vehicles sold worldwide has led to a massive vehicle recall in the United States and an official apology from the company's now-ex CEO

VW's Cheating Proves We Must Open Up the Internet of Things (Wired) It's been a rough year for the Internet of Things. Security researchers uncovered terrifying vulnerabilities in products ranging from cars to garage doors to skateboards

Smart cities, the Internet of Things and the Blue Revolution (The Hill) At the end of the 14th century, a handful of Italian intellectuals banded together to help create a "rinascita" (rebirth) of learning

4 IoT Cybersecurity Issues You Never Thought About (Dark Reading) Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things

Curbing the For-Profit Cybercrime Food Chain (Threatpost) Security specialists need to change the game and shift gears, researchers argue — instead of focusing on protecting their users and systems, they should narrow their sights on trying to shake up cybercrime's seedy underbelly

Be careful in putting your cybertrust in Google, Microsoft and Apple (CSO) We have the natural tendency to believe that our data is safe with one of the "tech giants" — after all, they are the leaders in the field. But is that trust warranted?

How Much of Your Audience is Fake? (Bloomberg) Marketers thought the Web would allow perfectly targeted ads. Hasn't worked out that way

Research Sheds New Light on Big Data Breaches (Government Technology) Statistical analysis of a decade's worth of data points to a surprise decline in large-scale data breaches

Hype and Heavy Tails: A Closer Look at Data Breaches (EconInfoSec) Recent widely publicized data breaches have exposed the personal information of hundreds of millions of people

90% of large businesses in the UK experienced data breach (We Live Security) The UK government has called on all businesses in the country to protect themselves from the growing threat of cybercrime

Insider Threats Reponsible for 43% of Data Breaches (Infosecurity Magazine) Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental

Losing up to Half a Million US dollars due to a Security Breach (Information Security Buzz) The average budget required to recover from a security breach is $551,000 USD for enterprises, and $38,000 for small and medium businesses according to a new report by Kaspersky Lab

Healthcare sector 340% more prone to IT security threats (ComputerWeekly) Cyber criminals are targeting healthcare organisations because of the rocketing black market value of personal medical data, says Raytheon Websense

Electronic data-sharing errors could compromise patient privacy (FierceHealthIT) As electronic data-sharing becomes more common in healthcare, the potential grows not just for hacking, but for errors that compromise patient safety and privacy

U.S. and UK Corporations Sustain High Levels of Digital Vulnerabilities (Legaltech News) A study conducted this year found that many corporations are not adequately protecting their cyber borders

Legislation, Policy and Regulation

Cyber-suspicion strains US-China relations (BBC) Cybersecurity — an issue once obscure — is now at the centre of US-China relations

Will Obama, Xi strike a deal on cyber? (Washington Examiner) White House spokesman Josh Earnest refused to comment on the likelihood of a cyber agreement with China on Thursday

Cyber war deal seen with China's President Xi (Business Insurance) Seeking to warm bilateral ties and project a sunny climate for U.S. business, Chinese President Xi Jinping vowed Wednesday to cut restrictions on foreign investment, while his chief Internet regulator appeared to lay the groundwork for a basic agreement later this week on cyber warfare

US-China cyber treaty not a done deal (C4ISR & Networks) In the ramp-up to Chinese President Xi Jinping's arrival in Washington on Sept. 24 for meeting with political leaders, much was said — and even written in the New York Times — about a potential cyber arms control deal between the two countries

What would a US-China cybertreaty really mean? (IDG via CSO) It's good to talk, but this is just a starting point, say observers

NSA chief says Chinese government encourages cybertheft (Los Angeles Times) The head of the National Security Agency told a Senate panel Thursday that Chinese officials are behind the theft of U.S. commercial data and regularly access private digital communications and data that flow through China

NSA Head: Loss of Access to Metadata Will Hurt Intelligence (Defense One) The director of the NSA says the Freedom Act will slow and hamper intelligence gathering. Too bad it's already law

Obama administration quietly explored ways to bypass smartphone encryption (Washington Post) An Obama administration working group has explored four possible approaches tech companies might use that would allow law enforcement to unlock encrypted communications — access that some tech firms say their systems are not set up to provide

High-tech giants take heat from privacy groups over CISA support (FierceITSecurity) High-tech giants Apple, IBM, Microsoft and others firms who are members of the BSA &#124 The Software Alliance are getting hammered by privacy groups over their support of the controversial Cybersecurity Information Sharing Act bill

DHS working with FedRAMP, CIO Council to boost agency use of cloud computing services (FierceGovernmentIT) A Homeland Security Department official testified Sept. 22 that the department is stepping up efforts to help federal civilian agencies increase their use of cloud computing services beyond just email and website management collaboration tools

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses (United States Government Accountability Office) The Department of Defense (DOD) Office of Small Business Programs (OSBP) has explored some options

Treasury Names 9 to Panel on Private Insurance Market for Terrorism Risk (Insurance Journal) The U.S. Department of the Treasury today announced the appointment of nine people to serve as members of the Advisory Committee on Risk-Sharing Mechanisms (ACRSM) to spur the private market for terrorism insurance

Council braces for potential cyber attack (New Zealand Herald) Faced with the ever-present — and growing — threat of someone hacking its computer database, Wanganui District Council is ramping up security

"Snowden Treaty" proposed to curtail mass surveillance and protect whistleblowers (Ars Technica) It's a nice idea, but will it actually achieve anything?

Products, Services, and Solutions

Microsoft's enterprise-grade security is coming to Windows 10 IoT (IDG via CSO) Makers can now buy a kit to get started with Microsoft's embedded OS

Ace offers $100 million cyber policies with added services, scrutiny (Business Insurance) Insurer Ace Ltd. plans to start offering cyber security policies providing up to $100 million in coverage at a time when experts say it is hard for businesses to obtain such large coverage following the surge in high-profile breaches

Free WordPress plugin for a password-free login (Help Net Security) Nearly 25 percent of the Internet runs on WordPress, and now these sites can be more secure thanks to a free WordPress plugin available from LaunchKey

Internap teams with Akamai to provide scalable DDoS security (FierceITSecurity) Akamai finds frequency, size and sophistication of DDoS attacks on the rise

Technologies, Techniques, and Standards

FedRAMP TIC overlay pilots to answer questions around agency, cloud provider responsibilities (FierceGovernmentIT) A Federal Chief Information Officers Council working group will wrap up four pilot projects by the end of September that test a security process that dovetails with the Federal Risk and Authorization Management Program, or FedRAMP

Six cybersecurity questions every CEO should ask (Raytheon) At Boston forum, Raytheon's top exec gives tips to start the cyber conversation

Social media can quickly take down your business if not monitored (Dark Matters) Cyber intrusions have dominated news and media headlines the past few years

The Secret Sauce to Fighting Cyber Attacks (PYMNTS) As the war against cybercriminals and their devastating attacks wages on, a new weapon in the fight has emerged to help merchants better protect themselves and the privacy of their consumers: data

Threat Intelligence Use Cases (Recorded Future) Analysts gain broader context and deeper insight into artifacts, and observables related to indicators of compromise (IOCs) found on their network

Marketplace

Client Data Concerns Drive Creation of Law Firm Chief Privacy Role (Legaltech News) Mark G. McCreary has taken on that role at Fox Rothschild and discusses some of the trends that are making waves in the space

Pentagon asks for industry's help on cloud email (FedScoop) DOD wants to upgrade its Enterprise Email service, which currently supports 1.6 million users

NSA chief: Feds are better at cyber than private sector (Washington Examiner) The National Security Agency is capable of doing a better job at cybersecurity than companies in the private sector

Could this ex-NSA hotshot protect your email from hacking? (Fortune) Will Ackerly was a tech whiz who grew concerned by the agency's widespread snooping. He left and launched what just may be the best technology to shield your data from cyber-criminals — and government spying

Research and Development

Effective measurement-device-independent quantum cryptography (SPIE) A new protocol involves joint entangled measurements and can be applied to continuous variable systems for hacking-safe communication

UMD awarded $1 million from NIST for next-generation cryptography (EurekAlert!) Three University of Maryland researchers have been awarded $1 million from the National Institute of Standards and Technology (NIST) to support research developing next-generation cryptography

Security Patches, Mitigations, and Software Updates

Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication (Cisco) Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 23, 2015

Cisco Offers Free Tool To Detect SYNful Knock Router Malware (Dark Reading) Tool helps businesses detect routers running known version of newly discovered malicious implant

Change this setting to stop Siri spilling your selfies! (Naked Security) Watch out, iDevice owners!

Microsoft Revokes Trust for Certificates Leaked by D-Link (Threatpost) Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link

Cyber Attacks, Threats, and Vulnerabilities

ISIS Social Media Slows Down After US Drone Kills Top Recruiter (NBC News) The death of a top ISIS recruiter in a recent drone strike eliminated one of the terror group's most potent weapons in its social media war against the U.S. and its allies, according to U.S. intelligence sources

GCHQ tried to track Web visits of "every visible user on Internet" (Ars Technica) Karma Police program profiled users, tracked "suspicious" Web searches worldwide

Naikon APT Group Tied to China's PLA Unit 78020 (Threatpost) Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up?

Chinese promotion company hijacks Android devices around the world (Help Net Security) A Chinese mobile app promotion company has created malicious adware that allows them to gain complete control of users' Android devices

Credit Card-Scraping Kasidet Builder Leads to Spike in Detections (TrendLabs Security Intelligence Blog) A commercialized builder of the Kasidet or Neutrino bot, which is infamous for its distributed denial-of-service (DDoS) capabilities, have been making the rounds recently after it was leaked in an underground forum in July (version 3.6)

Kovter Trojan adopts advanced evasion techniques from Poweliks malware (FierceITSecurity) A new variant of the Kovter Trojan is one of the first threats to mimic the evasion tactics and persistence of the Poweliks malware — the first known fileless and memory-based malware, which makes it hard to detect and to remove

Apple tackles the XcodeGhost crisis by removing apps, alerting devs and users (Help Net Security) The XcodeGhost incident has demonstrated that however secure a system is thought to be, there's always a way in

Apple lists top 25 apps hit by malware in first major attack (Business Insurance) Apple Inc. said the WeChat messaging app and car-hailing app DiDi Taxi were among the 25 most popular apps found to be infected with malicious software, the first-ever large-scale attack on its App Store

New malware program infects ATMs, dispenses cash on command (IDG via CSO) The GreenDispenser malware displays an error on the infected ATMs so that only criminals can use them

SYNful Knock: What the Cisco Router Vulnerability Means for Your Business (Cyveillance Blog) In the aftermath of Cisco's announcement that several discontinued Integrated Service Routers (ISRs) have been compromised, Cyveillance recommends a thorough screening of networking infrastructure and policy

Microsoft Word Intruder gets down to business: Operation Pony Express (Naked Security) We've written several reports over the past year about a malware toolkit that uses Microsoft Word as its delivery vehicle

xHamster adult site infects computers through malicious Sex Messenger ad (Graham Cluley) Security firm Malwarebytes is reporting that xHamster, one of the world's most visited porn websites, has been hit by a sophisticated malware attack

Uber users are paying for fraudsters to take rides in China (Naked Security) Uber users this week have found themselves - or, at any rate, their accounts - magically whisked around the world to ride through the city streets of China

US Not Sure What Was Taken In OPM Hack: DNI Clapper (Breaking Defense) Hacks are hard to do damage out. Just ask Director of National Intelligence Jim Clapper about the Chinese theft of data from the Office of Personnel Management

Shellshock's Cumulative Risk One Year Later (Dark Reading) How long does it take to patch an entire distribution and bring it up to date? Longer than you think

Just 1 Out of Every 7 Emails The Pentagon Gets Is Legit (Defense One) Of 700 million emails sent to DOD accounts monthly, about 98 million are actually "good emails," an official says

Naperville spent $760,000 on fixes after 2012 cyberattack (Chicago Tribune) Nearly three years after an unprecedented cyberattack forced Naperville to shut down its online network and rebuild it from the ground up, the costs and lessons learned by city staff are apparent

10 cutting-edge security threats (PCWorld via CSO) These 10 threats, bugs, and vulnerabilities serve as reminders that computer security goes well beyond the PC

Academia

Lloyds Banking Group launches scheme to develop digital talent (ComputerWeekly) Lloyds Banking Group has formalised a graduate programme to develop digital banking skills, with 29 graduates embarking on the two-year scheme

Litigation, Investigation, and Enforcement

Forcing suspects to reveal phone passwords is unconstitutional, court says (Ars Technica) Demanding "personal thought processes" amounts to compelled self incrimination

3 Cybersecurity and Privacy Headlines Your Law Firm Needs to Watch (Legaltech News) These three privacy and security headlines could potentially create issues for law firms and are worth noting for the future

FTC v. Wyndham: 'Naughty 9' Security Fails to Avoid (Dark Reading) The Federal Trade Commission's fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.

EU launches inquiry into web companies' online behavior (Reuters) The European Commission on Thursday launched an inquiry into the behavior of online companies such as Google, Facebook and Amazon to try to gauge whether there is a need to regulate the web

NSA head: Clinton server a 'priority' target for foreign agencies (The Hill) The head of the National Security Agency told a Senate Committee on Thursday that Hillary Clinton's former email setup would be an "opportunity" for the U.S. if it had been used by a top foreign diplomat

Investigations Into Islamic State Intel Scandal Expand (BloombergView) There are now multiple investigations inside the intelligence community and on Capitol Hill into whether senior intelligence officers at U.S. Central Command altered intelligence assessments of the U.S. war against the Islamic State

Analyst alleging cooked ISIS intel identified (The Hill) The analyst behind the allegations that U.S. Central Command (Centcom) has altered intelligence assessments to paint a rosier picture of the war against the Islamic State in Iraq and Syria (ISIS) is Gregory Hooker

The Centers for Medicare & Medicaid Services' Implementation of Security Controls Over the Multidimensional Insurance Data Analytics System Needs Improvement (Department of Health and Human Services Office of Inspector General) This summary report provides an overview of the results of the Office of Inspector General's (OIG) review of the Multidimensional Insurance Data Analytics System (MIDAS)

Australia checking if Volkswagen emissions claims misled consumers (Reuters) Australia's competition regulator said on Friday it was looking into whether Volkswagen had misled consumers over its emissions claims after the German carmaker admitted cheating on U.S. pollution tests

A diesel whodunit: How software let VW cheat on emissions (ITWorld) A software development audit trail will likely point to who authorized the emissions-cheating algorithm

Design and Innovation

The Top 10 Tips for Building an Effective Security Dashboard (Tripwire: the State of Security) Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats

State starts development on new social media and analytics platform (GCN) The State Department is building a real-time, cross-platform social media content management and analytics system

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations, agencies and individuals need to learn how to more effectively, identify/detect that the breach has occurred, respond to the breach in an effective and timely manner, investigate the breach, and prevent/defend the organization from future breaches

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability problem, broadly construed. Aside from plain propositional satisfiability, the scope of the meeting includes Boolean optimization (including MaxSAT and Pseudo-Boolean (PB) constraints), Quantified Boolean Formulas (QBF), Satisfiability Modulo Theories (SMT), and Constraint Programming (CP) for problems with clear connections to Boolean-level reasoning

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and unpublished research and developing activities related to all aspects of cryptography and network security. From theory to practice, this conference might be right up your alley if you're interested in cryptography

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.