The CyberWire Daily Briefing 09.28.15

Summary

By The CyberWire Staff

Minor cyber rioting flares anew in South Asia as Pakistani and Indian patriotic hacktivists take swipes at each other's online institutions.

CloudFlare reports sustaining a denial-of-service attack on its infrastructure, with traffic apparently originating from China.

Last week's reports of Chinese cyber attacks on US businesses and government agencies are joined by complaints from Chinese dissidents that their own online presence is under unremitting attack by China's government.

These reports did not prevent the US and China from reaching a certain limited accord at last week's summit. Both countries undertake not to "conduct or knowingly support cyber-enabled theft of intellectual property" for purposes of giving domestic companies competitive advantages (which observers note is nice but full of loopholes — some would have preferred "knowingly tolerate"). More significantly, the two countries agreed to establish on-going coordination (reminding some of Cold War era hotlines) and potential law enforcement cooperation. For its part the US leaves the possibility of sanctions on the table, but with some assurance these would, if enacted, be narrowly targeted against companies and individuals.

Hilton investigates a possible data breach at its properties: banks warn they're seeing a pattern of paycard fraud pointing toward a problem at the hotel chain.

TrendMicro warns of two new point-of-sale malware kits — Katrina and CenterPoS — now quietly making their way into US systems.

Criminals are said to be stealing eBay credentials through phishing sites hosted on eBay itself.

Reports in German media suggest Volkswagen was warned of software problems as far back as 2007.

Notes.

Today's issue includes events affecting Australia, China, Germany, India, Iraq, Pakistan, Russia, Syria, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Workers' Comp Ripe for Cyber Attacks (Risk & Insurance) Experts say it's only a matter of time before hackers train their sights on the workers' comp community

7 Cyber risk stakeholders and why they matter (PropertyCasualty360) Imagine you're the CFO at a firm involved in sensitive merger or acquisition discussions with your bankers and you receive an email asking for a small bit of nonpublic information on your company, the kind you've passed on before

The ten immutable laws of security administration revisited (GFI Blog) Welcome back to our series for people looking to break into the Infosec field or just learn more about information security: The security 101 series

Microsoft Office Documents Are Favorite Targets in Data Breaches (Softpedia) Security studies are being released on a daily basis, and there's an industry trend that's been focused on raising awareness about data breaches

Why parents must teach their children about internet security (We Live Security) Parenting, as we know it, is evolving in this modern, digital age

Social Experiment: What Happens When Your Child Falls for Fake Social Media Profiles (Hack Read) Most of us have heard of 'stranger danger' and most of us have been educated as children or have educated children about the dangers of speaking to strangers

Legislation, Policy and Regulation

The U.S. and China agree not to conduct economic espionage in cyberspace (Washington Post) The United States and China have agreed that neither country will conduct economic espionage in cyberspace in a deal that addresses a major source of tension in the bilateral relationship

FACT SHEET: President Xi Jinping's State Visit to the United States (The White House) On September 24-25, 2015, President Barack Obama hosted President Xi Jinping of China for a State visit

A Quick Reaction to the Cybersecurity Portion of the Xi-Obama Summit (Lawfare) This note is based on the White House Fact Sheet

What Explains the U.S.-China Cyber "Agreement"? (Lawfare) Yesterday, according to the U.S. Fact Sheet, the United States and China agreed that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"

Analysis: China-US hacking accord is tall on rhetoric, short on substance (Ars Technica) Hacks like the one on Office of Personnel Management don't run counter to the deal

US and China back off internet arms race but Obama leaves sanctions on the table (Guardian) China and the US sought to paper over their differences on cybersecurity on Friday after an inconclusive summit aimed at defusing a growing internet arms race between the world's two largest economies

U.S. and China establish cyber working group with Cold War-esque 'hotline' (Daily Dot) President Barack Obama announced Friday that the United States and China have agreed to establish a new working group for combating cybercrime, potentially paving the way for more extensive cooperation between two countries locked in a fierce and costly digital rivalry

Interview: Dmitri Alperovitch, co-founder and Chief Technical Officer at Crowdstrike (Lateline) Tony Jones speaks with Dmitri Alperovitch, a renowned thought leader on cyber security, about his views on what type of agreement may be reached as President Obama meets President Xi Jinping

NSA chief admits risk in decrypting smartphone data (Christian Science Monitor Passcode) Adm. Mike Rogers has long posited that strong encryption on consumer devices hampers law enforcement and intelligence work

NSA preps for first major reorganization in two decades (Federal News Radio) The National Security Agency is considering a reorganization to prepare for future threats and a changing security landscape

Hurd on the Hill, Hacking Jeeps & the Wall of Sheep (New America) Cybersecurity pro and undercover CIA officer-turned-Republican Rep. Will Hurd joins New America's Peter Singer and Passcode's Sara Sorcher to talk about what it's like to be the rare cybersecurity expert in Congress

Kiev Bans Use of Russian Software by Ukrainian Government Bodies (Sputnik News) The Ukrainian cabinet banned the use of Russian software by government bodies, including technologies from major Moscow-headquartered security firm Kaspersky Lab

IT pros call for more government action over skills (MicroScope) With memories of the economic downturn fading, demand for IT services continues to grow, but some IT pros feel not enough is being done

Products, Services, and Solutions

Silent Circle launches Blackphone 2 (ComputerWeekly) According to Silent Circle, Blackphone 2 is aimed at delivering best in class privacy and security, without compromising on the functionality and usability

BlackBerry Priv Will Be Company's First Android Smartphone (InformationWeek) Amid more losses, BlackBerry officially confirmed rumors that it's working on an Android-based smartphone. The Priv will be released later this year

Samsung Pay launches in the US today — can it challenge Apple and Android? (Ars Technica) Tap-to-pay service will be a year late to the game, but it has a secret weapon

AirWatch EMM Gets Windows 10 Support, Security (TechTarget) AirWatch added Windows 10 support, launched a privacy initiative and made friends with a number of security software providers to bolster its EMM tool

Blue Coat, Tarsus Introduce Advanced Threat Protection Solution (This Day Live) Blue Coat Technology, in collaboration with Tarsus Technology Group has introduced a complete lifecycle protection approach to all advanced threats that are currently affecting organisations globally

Bandura® Launches Revolutionary ProACT™ Automated Threat Intelligence Aggregation and Risk-Scoring System at Splunk Conf 2015 (Edwardsville Intelligencer) Bandura® launches revolutionary ProACT™ automated threat intelligence aggregation and risk-scoring system at Splunk Conf 2015

Technologies, Techniques, and Standards

It's good to have a plan for a data breach, but poor practice not to practice it (Morning Call) We're taught from a young age that it takes practice to be good at anything

Is network port security a worthwhile enterprise security strategy? (TechTarget) The benefits of network port security as it relates to network access control has come under the microscope

What is a DNS Hijacking attack & how to prevent it (The Windows Club) DNS is important in resolving the URLs you enter into the address bar of your browser

Prioritizing Risk: A Conversation on Vulnerability Scoring (Tripwire: the State of Security) In September of 2013, I wrote an article for The State of Security that examines the topic of vulnerability scoring

Infographic: Devaluing data, fighting cybercrime (Help Net Security) For any organization connected to the Internet, it is not a question of if but when their business will be under attack, according to a recent cybersecurity report from Symantec

Three Ways To Avoid Being Visually Hacked (Indianapolis Reporter) Many people don't really leave their work behind at the end of the day or when traveling

Threat Intelligence: Does Your Business Need a Cyber Advisor? (SecurityWeek) For many successful enterprises around the world, consultancy and advisory usage plays an important role in helping companies plan and execute, as well as overcome critical business challenges

Marketplace

Cyber Liability Insurance for CPA Firms (AICPA Insights) We see the mega data breaches on the news, and wonder if our personal information has been stolen

What cybersecurity spending strategies will best help enterprises? (TechTarget) Increased cybersecurity spending budgets don't happen very often, but when they do CISOs should take advantage of it

Will $1 million iOS bug bounty compel Apple to pay for software flaws? (Christian Science Monitor Passcode) French firm Zerodium, which counts spy agencies as customers, has offered to pay $1 million for information about holes in Apple's mobile operating system, alarming civil liberties advocates and highlighting Apple's unwillingness to pay researchers for similar work

With Old Security Giants at Risk, Stifel Has 2 Newer Cybersecurity Picks (24/7 Wall Street) As the cybersecurity worries have increased, the companies that have barged into the sector with new products and innovation are starting not only to become the new standards for the industry, but they are slowly but surely starting to push out some of the old established companies

Where Will Palo Alto Networks See Next Leg Of Growth? (Investor's Business Daily via Nasdaq) Big-box retailers, investment banks, health insurers, governments, universities: No enterprise seems immune from cyberattacks

G Data will Symantec überholen (ChannelObserver) G Data ist derzeit die Nummer drei im Security-Markt für Consumer-Produkte und plant, Symantec zu überholen. Im Business-Segment legt das Unternehmen einen ambitionierten Wachstumsplan vor

Niara Pushes Security Analytics Vision Forward (eSecurity Planet) After emerging from stealth mode, startup is finding some interesting results in the field

Air Force Seeks New Systems for Signals Intell, Cyber Comms Collection (ExecutiveBiz) The U.S. Air Force has unveiled a potential three-year, $24.9 million funding opportunity for industry to develop new methods and systems for the collection and processing of signals intelligence and cyber communications

The Pentagon has already paid over $318 million for cyber contracts this year (Daily Dot) The cyber industrial complex is growing

New Data Finds Women Still Only 10% Of Security Workforce (Dark Reading) But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds

Saudi Arabia Almost Bought Hacking Team (Softpedia) Hacking Team, the Italian company that sold surveillance and hacking software to governments and other businesses, was almost bought by a Saudi company controlled by the Saudi Arabian government

NexDefense Establishes Industrial Control Systems Cybersecurity Fellows Program with Industry Leading Experts; Eric Byres joins Team as Strategic Technology Advisor (PRWeb) NexDefense program to raise awareness on contemporary industrial cybersecurity issues

New Sydney office anchors iSIGHT's Australian threat-intelligence expansion (CSO) Threat-intelligence firm iSIGHT Partners expects to double its Australian headcount within six months after opening its first Australian office this month

ThreatMetrix Named a Stevie® Award Winner in Two Categories at 2015 American Business Awards (PRWeb) ThreatMetrix recognized by national business community for global shared intelligence and the ThreatMetrix® Digital Identity Network

Cyber Attacks, Threats, and Vulnerabilities

Chennai Customs Website Hacked By 'Team Pak Cyber Attacker' (Sen Times) In a major embarrassment, the website of the Chennai Customs was hacked on Tuesday night by programmers identifying themselves as "Team Pak Cyber Attacker"

'Mallu Cyber Soldiers' retaliates by hacking Pakistan government websites (International Business Times) In response to the cyber attack on the Kerala government website by Pakistan-based hackers, an anonymous Indian cyber group has retaliated by hacking into scores of official Pakistani websites

Mobile Ad Network Used in DDoS Attack (Softpedia) The attack originated in China and used Chinese mobile users

Chinese activists in US blame Beijing for relentless cyberattacks (Christian Science Monitor Passcode) While criticism aimed at President Xi during his state visit has focused on China's suspected cyberattacks on US agencies and businesses, activists also say they are under constant digital assault from the Chinese government

New Report Of Malicious Chinese Cyber Attack On A U.S. Government Agency (Forbes) President Obama is currently hosting Chinese President Xi Jinping for his first U.S. state visit amid tensions over a potential cyber security "arms control agreement"

Old fashion detective work unmasks Chinese military hacker (Fortune) A pair of cyber security sleuths discovered the identity of a Chinese military hacker

Cookie handling in browsers can break HTTPS security (IDG via CSO) The lack of cookie integrity verification in browsers can allow hackers to extract information from encrypted Web connections

New Attacks Recall Old Problems with Browser Cookies (Threatpost) In case didn't know or need a reminder, browser cookies aren't exactly impervious to attack

Andromeda Bot Analysis (Infosec Institute) Andromeda, also known as Win32/Gamarue, is an HTTP based botnet

What your 99 cents gets you for buying an iOS adblocking app: adverts (Naked Security) The morality of blocking ads is a perplexing dilemma

Lost Finger Prints — A High Cost for the Future (Check & Secure) In June, it was disclosed that 1.1 Million people's finger prints were stolen from the Office of Personal Management

Banks: Card Breach at Hilton Hotel Properties (KrebsOnSecurity) Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States

Two New PoS Malware Affecting US SMBs (TrendLabs Security Intelligence Blog) Following the seemingly quiet state of point-of-sale (PoS) malware these past few months, we are now faced with two new PoS malware named Katrina and CenterPoS now available to cybercriminals

Rise of bitcoin extortionist group threatens HK banks says Akamai (Enterprise Innovation) Some regional banks in Hong Kong have been preyed upon by bitcoin extortionist group known as DD4BC, according to Akamai Technologies

Cyber Risk Isn't Always in the Computer (Wall Street Journal) Vulnerable industrial systems that support data centers can open a back door to hackers

With Stolen Cards, Fraudsters Shop to Drop (KrebsOnSecurity) A time-honored method of extracting cash from stolen credit cards involves "reshipping" scams

Hackers Hosting eBay Phishing Sites on eBay's Network (Hack Read) Hackers are stealing eBay usernames and passwords by hosting phishing sites on eBay's very own network

"Transport of London" Malicious E-Mail (Internet Storm Center) This morning, I received several e-mails with the subject "Email from Transport of London"

Anatomy of an Enterprise Social Cyber Attack: Customer Scams (ZeroFOX) Customer scams are nothing new. Fraudsters and criminals have leveraged an organization's clout and popularity to target customers for ages

SDN, NFV Pose Security Risk — Level 3 CMO (Light Reading) Level 3 has acknowledged there are some deep-seated concerns that SDN and NFV technologies may pose a security risk

Bulletin (SB15-271) Vulnerability Summary for the Week of September 21, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Lancaster University and Nettitude agree strategic cyber security research partnership (Lanaster University) Lancaster University has agreed a strategic research partnership with Nettitude — a leading provider of cyber security services

High-school students decipher cryptography (MIT News) At MIT Lincoln Laboratory's LLCipher workshop, students practice critical thinking and learn some cybersecurity basics

Litigation, Investigation, and Enforcement

Waiting for a Drop in Corporate Hacks after U.S.-China Deal (Technology Review) China will now assist with U.S. investigations into thefts of corporate data that originate inside its borders — and experts say it could deter hackers

America's most secretive court invites its first outsider (Ars Technica) Amici curae are tasked to "advance the protection of individual privacy"

Report: VW was warned about cheating emissions in 2007 (Ars Technica) German newspapers are reporting findings from VW's internal audit

Deadline approaches for Premera's security-breach victims to seek credit monitoring (Seattle Times) A security breach at the Mountlake Terrace-based Premera has led to 38 lawsuits and continuing investigations into how the breach occurred and the consequences that may have followed

FTC Android Antitrust Inquiry Under Consideration (InformationWeek) Google's Android, already under review for being anticompetitive in several countries, could face further scrutiny in the US

Government Requests for Yahoo Data Up Slightly (Threatpost) Yahoo this week published its transparency report for the first six months of the year and the numbers indicate that government requests for data on its users are up slightly after sharp dropoff for the report covering the last six months of 2014

CSI: Forensic psychologist inspires new series focusing on cyber crime (Independent) The work of Professor Aiken — who advises law enforcement bodies and governments — has inspired a new series of the US television crime franchise

Facebook unfriending was the last straw in workplace bullying case (Naked Security) She was scolded, her properties weren't displayed in the front window of the real estate agency, she didn't get the printouts all the other agents got, and the agency principal's wife wouldn't even say good morning

Design and Innovation

Coding In The Cloud Era Demands A Structural Rethink To Bake In Security And Privacy (TechCrunch) Protecting privacy in an age of big data, cloud processing and increasingly interconnected digital services demands a structural shift in how software is developed

Using The Blockchain To Fight Crime And Save Lives (TechCrunch) Blockchain technology has been described as email for money, but it has the potential to be so much more

The Future Of Coding Is Here, And It Threatens To Wipe Out Everything In Its Path (TechCrunch) APIs — the rules governing how software programs interact with each other — not user interfaces, will upend software for years to come

Indian Prime Minister Tells Zuckerberg Social Media Creates A New Form Of Diplomacy (TechCrunch) Prime Minister Narendra Modi told Mark Zuckerberg that social media can show governments where they're going wrong, and allow heads of state to connect more personably than ever before

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections, and the latest product and service innovations from 600+ exhibitors from the information security sector

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, countries, and the EU as a whole

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from both the information security and operational security disciplines to join together September 28 - October 1 in Anaheim, CA. Offering more than 80 education sessions along with networking and career advancement opportunities, (ISC)² Security Congress 2015 will include topics on best practices, current and emerging issues, and solutions to challenges

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses also expose attendees to industry-specific case studies. P.S.R. brings together two industry-leading events — CSA Congress US and the IAPP Privacy Academy — to provide attendees with more than double the education and networking opportunities with leading innovators and practitioners in technology, security and privacy for the price of a single conference. Among the keynote presenters are Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA, Brian Krebs, Investigative Reporter, Cybersecurity Expert, Travis LeBlanc, Chief of Enforcement, Federal Communications Commission, Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply continuously. The key to success in defending against threats — actionable threat intelligence. Threat Intelligence Summit 2015 will address best practices for combating threats in your organization

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.