The CyberWire Daily Briefing 10.02.15

Summary

By The CyberWire Staff

An Experian data breach compromises some 15 million T-Mobile customers.

Foreign exchange broker FXCM sustains and contains fraudulent wire transfers (always disconcerting).

Symantec notices that routers and IP cams are being infested with new malware of unclear provenance and unusual apparent purpose. "Linux.Wifatch" looks like "vigilante software" aiming to increase the security of the systems it infects. Few will be consoled by hints of benign intent — it's still malware.

Financial malware activity is up. Dridex is back, Shifu spreads from Japan to the UK, and mobile users in Germany are hit by malware that spoofs a PayPal app. The Nigerian Cuckoo Miner is taking over inboxes and targeting banks.

Zimperium warns of "Stagefright 2.0," which Help Net Security says in a screamer could compromise up to "a billion" Android devices. (Anyway, lots of devices.)

SANS sees a surge in Nuclear exploit kit traffic.

Investigation into former US Secretary of State Clinton's homebrew server raises eyebrows with evidence of malign Russian activity. Not good, but it's unclear how much was targeted, and how damaging it might have been.

VMWare, WordPress, and Cisco issue patches.

Risk managers and insurance companies continue to grapple with the paucity of well-understood actuarial data surrounding cyber losses. The Home Depot breach looks retrospectively scary, suggesting these may be higher than thought. The regulatory maze, a precursor to standards of care, isn't helping.

SINET has announced the SINET 16: emerging, innovative cyber stars.

Wassenaar gets European scrutiny. US security researchers complain of regulatory impediments to their work.

Notes.

Today's issue includes events affecting China, European Union, Germany, India, Japan, Russia, United Kingdom, United States

Selected Reading

Cyber Trends

5 good-news stories to kick off Cyber Security Awareness Month (Naked Security) If you're in the USA, it's officially National Cyber Security Awareness Month

Insurance Claim Data Paints Fuzzy Picture on Cost of Breach (Digital Guardian) How much does a company pay for each record lost in a data breach? The latest survey of cyber insurance claims suggests the answer is more complicated than you would think

Risk managers face tangled mass of cyber security laws (Business Insurance) Risk managers face 47 state laws on breach notification, while federal efforts to address cyber risks remain at a rudimentary level, law enforcement struggles to address the issue, and regulators become more actively involved

Cyber risk uncertainty causes client, underwriter tension (Business Insurance) Two years of high-profile cyber breaches have put insurers under increasing pressure

CISOs are looking for more integration and automation (Help Net Security) Enterprise CISOs are looking for more integration and automation among their existing IT security tools, and that most are only periodically monitoring and mitigating events in their network environments

The CISO Role Rises: How Is It Working Out? (TechTarget) An unusual game of musical chairs is unfolding as companies scramble to ensure information security and shore up their ranks to the tune of regulators

FBI CISO Warns Of IoT Data Breaches (TechTarget) In a keynote address, FBI CISO Arlette Hart tackled the Internet of Things and explained why enterprises need to step up their IoT security efforts

Why CIOs should worry about the Internet of Things (CIO) The Internet of Things brings with it the promise gee-whiz applications and life-changing innovation

Rivals don't innovate to tackle new cybersecurity adversaries, says Sophos CEO (Computer Business Review) News: New adversaries require innovative practitioners not silo by silo approaches

Homo Sapiens and the Human Equation of Ethics (Tripwire: the State of Security) I recall engaging into a conversation with a fellow security professional this year on the subject of where the CISO role should reside and to whom they should report

7 key global DDoS trends revealed (Help Net Security) Neustar released the findings of its latest DDoS report, including key trends

Fragmented approaches to PKI don't always follow best practices (Help Net Security) Independent research by the Ponemon Institute reveals increased reliance on public key infrastructures (PKIs) in today's enterprise environment, supporting a growing number of applications

Threat Research Unlocks the Secrets of Cyber Hazards (SIGNAL) It takes intelligence to stop online marauders

Millennials: your password is not a selfie and we don't want to see it (Naked Security) Passwords? On Post-its?

Emerging security trends enterprises should keep an eye on (TechTarget) Security is a constantly evolving industry and it can be difficult at times to keep up with all the emerging trends

Increased Business Risks from Unprotected Keys and Certificates (Information Security Buzz) Two-thirds of global businesses have lost customers from failure to secure the online trust established by keys and certificates

Lost electronic devices can lead to data breaches (Arizona Republic) Nearly half of all data breaches occur when ID-theft criminals access information because we lost a device

'Digital India' making India a 'strategic' cyber attack target: Report (First Post) A FireEye report found that 38 percent of organisations in India were exposed to targeted advanced persistent attacks in the first half of 2015, a 23 percent increase from the previous report

Legislation, Policy and Regulation

Europe talks to hackers, security bods on Wassenaar recalibration (Register) Delegates suggest govs should sort themselves out before criminalising researchers

The barriers to cybersecurity research, and how to remove them (Help Net Security) Earlier this year, a considerable number of computer scientists and lawyers, from academia, civil society, and industry, congregated at UC Berkeley School of Law to take part of a workshop aimed at discussing legal barriers and other deterrents to cybersecurity research, and to propose concrete answers to those problems

When Security Experts Gather to Talk Consensus, Chaos Ensues (Wired) Security researchers and vendors have long been locked in a debate over how to disclose security vulnerabilities, and there's little on which the two sides agree

Government IT professionals say data-sharing won't stop cyber breaches (Daily Dot ) Cumbersome regulations and red tape will likely undermines the United States government's efforts to use information-sharing as a means to contain or prevent cyber breaches, according to a new study

CIA goes live with new cyber directorate, massive internal reorganization (Washington Times) The CIA officially launched its new cyber-focused directorate Thursday, capping a massive internal reorganization that intelligence officials say will also include the agency's first ever creation of six regional command centers aimed at streamlining U.S. spying activities across the globe

Meet the Man Reinventing CIA for the Big Data Era (Defense One) An exclusive interview with CIA's new director of digital innovation about his agency's biggest change in decades

Uniting Cyber Defenses (SIGNAL) The U.S. Army leads the effort to streamline the military's fleet of cyberwarriors

Notifying Those Impacted by the Recent Cyber Intrusion (OPM Director's Blog) Yesterday, we began mailing notification letters to the individuals whose personal information was stolen in a malicious cyber intrusion carried out against the Federal Government

Feds relying on personal appeal to attract cyber workforce (Washington Examiner) The federal government is relying on the power of its personal appeal to win cybersecurity experts over from high paying private sector jobs, a Pentagon official said on Thursday

National Cyber Security Awareness Month (Federal Bureau of Investigation) Securing cyberspace is a shared responsibility

Video: Edward Snowden, Glenn Greenwald & David Miranda Call for Global Privacy Treaty (Democracy Now!) NSA whistleblower Edward Snowden, Pulitzer Prize-winning journalist Glenn Greenwald, Brazilian privacy activist David Miranda and others have launched a new campaign to establish global privacy standards

Former Fresno Unified staffer speaks out about Cyber Dust (Fresno Bee) A former chief information officer for Fresno Unified says she was instructed by Superintendent Michael Hanson to use Cyber Dust — a controversial phone app that automatically erases messages — to discuss school district business last year

Products, Services, and Solutions

IBM Expands Bluemix With 'Local' Security (Enterprise Tech) The steady enterprise shift to the hybrid cloud infrastructure brings with it greater requirements for managing that infrastructure while moving data and applications securely between on-premise platforms and public and private clouds

Technologies, Techniques, and Standards

Deceit As A Defense Against Cyberattacks (Dark Reading) A new generation of 'threat deception' technology takes the honeypot to a new, enterprise level

Payments industry body urges retailers to implement data breach incident response plans (Out-Law) Retailers and their payment service providers should implement data breach incident response plans to account for the inevitability of cyber attacks, a payments industry body has said

Interview: Dealing with a changing mobile security landscape (ITProPortal) As our mobile phones become increasingly central to both our personal and working lives, securing them and the data they hold has become paramount

FireEye Says Cyber Defenses are Dilemmas to Security Teams (Guardian) A report has revealed that most times, conventional cyber defenses actually hinder, not help, security teams

How to identify and thwart insider threats (CSO) It is often cited that an enterprise's employees are its biggest vulnerability

Marketplace

SINET Announces 2015 Top 16 Emerging Cybersecurity Companies (BusinessWire) Winners to introduce innovative technologies at SINET Showcase in Washington, DC, November 3 & 4, 2015

Cyber investment pulls Big Four auditor into threat intelligence (San Francisco Chronicle) Audit, tax and advisory firm KPMG is getting deeper into the information security business with an investment in a San Mateo startup that provides intelligence on cybercriminals. The Big Four auditor's corporate venture capital arm, KPMG Capital, announced Wednesday that it led a $11.4 million Series A round for Norse Corp

Cybersecurity Investment Pays More Than Monetary Dividends (TechTarget) Companies are investing in cybersecurity startups to reap the benefits of working with problem-solving technology

Security the common thread in all managed services offerings (SecurityWatch) No other industry moves as fast a network security. And nowhere is this more dramatic than in the provision of managed services

Dome9 Secures $8.3 Million in Series B to Meet Enterprise Cloud Security Demand (Stockhouse) Cloud infrastructure security innovator strengthens management, board and advisory team to master growth phase

Antivirus software firm Quick Heal files for IPO (VCCircle) Sequoia Capital is part exiting the debt-free company

KEYW up 5.7% after announcing HawkEye G deal with energy company (Seeking Alpha) "One of the nation's leading energy providers" has selected KEYW's HawkEye threat-detection/malware-removal hardware and software solution

Sprint Expected to Cut Jobs, Up to $2.5 Billion in Costs (Wall Street Journal) Move comes days after carrier said it would sit out next major wireless auction

Gurucul Expands to EMEA to Meet Growing Global Demand for User Behavior Analytics (BusinessWire) Company taps former Blue Coat and Zscaler executive to establish EMEA headquarters in UK

Research and Development

DOD's Current InfoSec Strategy Is 'Patch and Pray' (Defense One) But DARPA Director Arati Prabhakar says that her agency is working to make computing 'mathematically, provably secure'

Leakage from Gaussian Quantisation and the Timing Channel in Lattice Cryptography (Work in Progress) (IACR) Security parameters and attack countermeasures for Lattice-based cryptosystems have not yet matured nearly to the level that we now expect from RSA and Elliptic Curve implementations

Security Patches, Mitigations, and Software Updates

VMware Security Advisories (VMware) VMware vCenter and ESXi updates address critical security issues

WordPress Jetpack Plugin Patched Against Stored XSS Vulnerabilitey (Threatpost) After a few critical bugs were recently discovered and patched in the core WordPress engine — a rarity with WordPress-related security issues — order has apparently been restored with the discovery of a critical vulnerability in a popular plugin

Cisco fixes privilege escalation flaws in AnyConnect Secure Mobility Client (IDG via CSO) The flaws could allow attackers to fully compromise Windows, Linux and Mac OS X systems

Cyber Attacks, Threats, and Vulnerabilities

Experian Breach Spills Data on 15 Million T-Mobile Customers (Threatpost) A massive data breach at the credit-reporting agency Experian could wind up having major implications for 15 million T-Mobile customers

T-Mobile CEO on Experian's Data Breach (T-Mobile) I've always said that part of being the Un-carrier means telling it like it is

US forex broker compromised in cyber attack (Deutsche Welle) An online foreign exchange broker has revealed it was subject to a cyber attack, compromising a "small number" of customers' accounts. The broker said it was launching an investigation

Tens of Thousands of Routers, IP Cams Infected by Vigilante Malware (SecurityWeek) A mysterious piece of malware has infected tens of thousands of devices across the world, but its operator hasn't used them for any malicious purposes

Is there an Internet-of-Things vigilante out there? (Symantec) Linux.Wifatch compromises routers and other Internet of Things devices and appears to try and improve infected devices' security

Dridex Banking Malware Back in Circulation (Threatpost) Conspicuously off the grid for close to two months, the Dridex banking Trojan made some noise Thursday morning when a large phishing campaign, primarily targeting victims in the U.K., was corralled by researchers at Palo Alto Networks

German Users Hit By Dirty Mobile Banking Malware Posing As PayPal App (TrendLabs Security Intelligence Blog) Mobile banking is now used by more and more users, so it shouldn't be a surprise to see banking Trojans trying to hit these users as well

Nigerian Cuckoo Miner Campaign Takes Over Legitimate Inboxes, Targets Banks (TrendLabs Security Intelligence Blog) When it comes to threat investigations, we often treat the malicious binary as the smoking gun or the crown jewel of the investigation

Shifu banking Trojan arrives in the UK, warns IBM (Computing) IBM Security X-Force has warned that the Shifu banking Trojan, which had been observed in Japan attacking the Japanese financial sector, has been identified "in the wild" in the UK

Stagefright 2.0: A billion Android devices could be compromised (Help Net Security) Most Android users are, once again, in danger of having their devices compromised by simply previewing specially crafted MP3 or MP4 files

Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media. (Zimperium) Following our discovery of vulnerabilities in the Stagefright library in April, Zimperium Mobile Threat Protection, zLabs VP of Research Joshua J. Drake continued researching media processing in Android

Recent trends in Nuclear Exploit Kit activity (Internet Storm Center) Since mid-September 2015, I've generated a great deal of Nuclear exploit kit (EK) traffic after checking compromised websites

Compromising Macs with simple Gatekeeper bypass (Help Net Security) Patrick Wardle, director of research at security firm Synack, has discovered a worryingly simple way to bypass OS X's Gatekeeper defense mechanism

Hillary Clinton's personal email server was hit by a 'drive-by' — and that's not even the most troubling part (Business Insider) Russia-based hackers attempted at least five times to infiltrate Hillary Clinton's personal email server

Spam Sent to Hillary Clinton Server Prompts Look at Suspected Russian Hacking (New York Times) It turns out that Hillary Rodham Clinton's private email account, like seemingly everyone else's in America, was hit by spam sent to try to lure her into clicking on a malicious link — one that could have compromised the security of her communications when she was secretary of state

Hillary Clinton targeted in malware attack? Don't speed too fast to that conclusion (Hot for Security) If you believe some of the headlines being bandied about in the last 24 hours, a group of Russian hackers targeted Hillary Clinton's controversial personal email server while she served as US secretary of state

State Trooper Vehicles Hacked (Dark Reading) Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks

Car Hack Technique Uses Dealerships to Spread Malware (Wired) Over the last summer, the security research community has proven like never before that cars are vulnerable to hackers

Are your fingerprints, email and image worth a cute fake passport? (Naked Security) Given that I'm a sucker for online quizzes, I'm aware of the fact that when I'm angry, the villain I most resemble is Voldemort

Home Depot cyber attack costs could reach into the billions (Insurance Business America) The September data breach of Home Depot last year is now being used as an example of the astronomical expenses attached to cyber risk, at a time when few insurers are prepared to cover it

Bromium CTIA Super Mobility Survey Reveals Security Risk for Public Networks (Yahoo! Finance) Majority of mobile users access corporate assets from personal devices and public networks; only one-third vonnect via VPN

The Evolution Of Malware (Dark Reading) Like the poor in the famous Biblical verse, malware will always be with us. Here's a 33-year history from Elk Cloner to Cryptolocker. What will be next?

Academia

Hacker University: Cyberattackers Target Military Research, Student Records At 'Soft Target' US Colleges (International Business Times) Rutgers University students this week learned the hard way what campus life is like without the Internet

How safe are CNY colleges against cyber hackers and data breaches? (LocalSYR) Colleges have become a prime target for hackers

PSC creates cybersecurity website for community (Pensacola News Journal) Protecting personal data online poses an increasing concern for anyone using computers these days. To help alleviate this, Pensacola State College has created a Cybersecurity Center website as a resource for students, businesses and the general public

Missouri schools to undergo cybersecurity audit (Kansas City Star) You've seen the headlines and heard the accounts about staggering data breaches and the personal information of millions being out there, somewhere in the cyber universe

Litigation, Investigation, and Enforcement

FBI director: Islamic State draws fewer U.S. recruits (USA TODAY) After tracking alarming spikes in U.S. recruits to the ranks of the Islamic State terrorist group, FBI Director James Comey said Thursday that the number in recent months appears to be slowing down

Ominous messages left on 4chan day before Oregon college killings [Updated] (Ars Technica) It's not the first time notes appeared on the site portending doom ahead of murder

Retailers who missed chip card deadline eye lawsuit (Computerworld via CSO) Walmart is well ahead on chip credit cards, but still doesn't take chip debit cards

Telemedicine Law and Liability: 2015 (WillisWire) Telemedicine has been growing exponentially in recent years and will continue to do so over the next decade

Design and Innovation

Affirm CEO, Max Levchin Launches Annual Prize for Advancements in Real-World Cryptography (BusinessWire) HVF Labs, a San Francisco-based innovation and investment lab, today announced that Internet entrepreneur Max Levchin has officially opened nominations for the annual Levchin Prize for Real-World Cryptography

Prepare to be rated on a 5-star scale by 'Peeple', like it or not (Naked Security) I don't actually know Julia Cordray

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

upcoming Events

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical presentations. Just a small selection of the many highlights includes: "Attack on the drones: security vulnerabilities of unmanned aerial vehicles" (Oleg Petrovsky), "How malware eats cookies" (Zhaoyan Xu, Wei Xu), "The Unbearable Lightness of APTing" (Yaniv Balmas, Ron Davidson, Shahar Tal), "The Kobayashi Maru dilemma" (Morton Swimmer, Nick FitzGerald, Andrew Lee), "DDoS trojan: a malicious concept that conquered the ELF format" (Peter Kalnai, Jaromir Horejsi), "POS fraud: trends and counter-actions to mass fraud" (Ken Dunham), and "The elephant in the room" (Marion Marschalek). This year's conference will include two keynote speakers — one at the opening of the conference and one at the very end. The programme will also include a number of added extras

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.