The CyberWire Daily Briefing 10.05.15

Summary

By The CyberWire Staff

Several significant cybercrimes came to light over the weekend. Online stockbroker Scottrade was breached, with the probable loss of 4.6 million customers' personal information. Scottrade says neither the trading platform nor client funds were compromised. Apparently the company learned of the breach when the FBI so informed it.

Patreon (a "content creation donation" site) was also compromised. The vulnerability is instructive: Werkzeug debugging running in a production environment was exploited for remote code execution. Detectify is said to have warned Patreon of the vulnerability five days before the compromise.

Data stolen from Experian last week is already being sold in the black market. T-Mobile, whose customers are most affected, is livid.

Hillstone CTO Liu notes that two days' exfiltration in the Experian breach is "practically a lifetime for cyber criminals," and Fortscale's Tendler says, "Entrusting third-party vendors with sensitive information is always a risky proposition." Looking at Scottrade, Ziften's Hamilton calls promised stronger defenses "too little, too late" for customers at risk of identity theft.

Morphisec warns that an encrypted Flash exploit is distributing the Nuclear exploit kit.

Palo Alto identifies YiSpecter, API-abusing malware infesting iOS devices, mostly in China and Taiwan.

The Los Angeles Police Department struggles with gang violence inspired by "cyber banging," which appears resistant to the usual forms of community engagement. Cyber banging seems first cousin to ISIS online recruitment and incitement: wounded pride and a frustrated search for transcendence meet Internet disinhibition. (And how could a GED and a minimum wage job compete with that?)

Notes.

Today's issue includes events affecting Australia, Brunei Darussalam, Cambodia, China, Estonia, India, Indonesia, Iran, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Laos, Malaysia, Mexico, Myanmar, Nepal, Pakistan, Philippines, Russia, Singapore, Taiwan, Thailand Ukraine, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

Cyber warfare: Regional nuisances may become global threats (Fortune) Today's small wars and border conflicts are being fought online and under the radar, but the conflicts could escalate into real world wars

5 Security Threats to Watch: Hackers Focus on Internet of Things (Legaltech News) AT&T assembled its first Cybersecurity Insights Report using its network of 10 petabytes of traffic

Is your board ready for a security incident? (Help Net Security) Businesses suffered nearly 43 million known security incidents in 2014. This increased 48% compared with 2013 and equals some 117,000 attacks daily

Execs blame security breaches on user behaviour, executive leadership: CyberArk (CSO Australia) Even though takeover of privileged accounts is recognised as being by far the most difficult type of attack to deal with, more than half of IT-security and C-level executives believe they can detect a security breach within days and nearly half believe they can stop attackers from breaking into their network altogether

Cyber insurance is up, but not all the way there (Politico) Corporations will pay an estimated $2.75 billion this year for cyber insurance, according to specialty insurance consultant Rick Betterly, a 40 percent hike from last year that sounds like good news for the insurance industry but that masks some trends that are less encouraging

Industry Under Threat from Cyber Crime (Sourceable) As the move toward BIM and open collaboration gathers momentum, architects, engineers and other service providers are becoming increasingly vulnerable to cyber-attack and need to consider whether or not they should take out cyber insurance

Global nuclear facilities 'at risk' of cyber attack (BBC) The risk of a "serious cyber attack" on nuclear power plants around the world is growing, warns a report

Smart Home Technology: A Target-Rich Environment for Hackers? (WillisWire) The use of smart home technology is on the rise in the modern world, and those technological advances are changing how people interact with where they live

Businesses Wrangling With Cyberattacks Have Reached the Final Stage of Grief (Epoch Times) We live in a connected world, and the hard reality is that nearly all these connections are vulnerable to cyberattacks

Legislation, Policy and Regulation

ASEAN, Japan to Boost Fight Against Terrorism, Cybercrime (Diplomat) Tokyo's assistance sought in countering grave threats

Russia's Propaganda Blitzkrieg (Daily Beast) The propaganda war propping up Putin and his cronies has reached new heights with the bombing campaign in Syria

Russian Propaganda, Disinformation And Estonia’s Experience — Analysis (Eurasia Review) The international community faces serious challenges arising from a new mode of information warfare, which Russia has deployed during the Russian-Ukrainian conflict in 2014-2015

US Should Be More Worried About Russia's Cyber Capabilities (ValueWalk) On Tuesday, an intelligence officer from the US warned that Russia is yet to unleash its full cyber capacity on the United States

Opinion: Here's what Chinese hackers really want (MarketWatch) Their ultimate aim is patriotic — to rebuild the power and glory of the People's Republic

Hacked Opinions: The legalities of hacking — Morey Haber (CSO) Morey Haber, from BeyondTrust talks about hacking regulation and legislation

Experts: It's time to rethink cloud data privacy protection (TechTarget) With the rapid growth of cloud services, enterprises and U.S. government agencies need to re-evaluate data privacy protection before it's too late

Federal, State IT Staff Say Red Tape Stifles Threat-Sharing Effectiveness: Survey (Wall Street Journal) Sharing cybersecurity threat data between private-sector firms and government agencies was a cornerstone of a White House plan, unveiled earlier this year, aimed at preventing attacks on U.S. networks and systems

DoD taking stabs at phishing attempts (C4ISR & Networks) The government has a phishing problem

McCain Wins Big With Acquisition Reform (Defense News) With conference finished on the National Defense Authorization Act (NDAA), it appears that sweeping acquisition reforms spearheaded by Sen. John McCain will become the law of the land

Short-staffed NHTSA struggles to handle car-hacking threats (Treeangle) Even as its top official acknowledges cars have become a prime target for hackers, the National Highway Traffic Safety Administration is struggling to address automotive cyber threats

Fear of lawsuits chills car hack research (The Hill) Regulatory agencies are trying to use copyright law to crack down on dangerous tampering with automobile computers, sparking fears that they will stymie needed cybersecurity research

Top White House cybersecurity adviser steps down (Federal Times) One of the president's top cybersecurity advisers, Ari Schwartz, stepped down from his position on the National Security Council on Sept. 30, ending a two-year tour at the White House

Products, Services, and Solutions

Tempered Networks Enhances Its HIPswitch Tech (eWeek) Tempered Networks aims to bring Host Identity Protocol to the enterprise and the emerging Internet of things world with its latest HIPswitch technology

Stash Inc Aiming to Disrupt the Financial Technology Industry (CoinDesk) Stash Inc is pleased to announce the launch of its new business venture based on the Open-Transactions financial cryptography platform

Technologies, Techniques, and Standards

Are These Four Security Technologies on the Verge of Becoming Obsolete? (Tripwire: the State of Security) Businesses have some serious problems on their hands when it comes to security

Volkswagen scandal highlights reputational risk (Business Insurance) Volkswagen A.G.'s recent troubles serve as a critical reminder of the threat posed by reputational risk and the importance of proactively managing it, a public relations expert says

Beta Bot Analysis: Part 2 (Infosec Institute) Extracting the Botnet Configuration: The bot configuration is encrypted inside the bot and decrypted while the bot is running

This expert team is one reason why Facebook is able to move fast without breaking things (Business Insider) Facebook has a target on its back

Third-party risk management: Avoid the dangers of weak controls (TechTarget) If you know where the risk points are, you can request additional safeguards to protect the system and data access of trusted business partners

Marketplace

Cyber risks commanding board-level attention (Business Insurance) The "needle has moved" in terms of boards of directors more actively addressing cyber risks, says a study released by consultant Jody R. Westby on Friday

All Eyes on Intronis: Inside Barracuda Networks’ Acquisition Announcement (Market Realist) Intronis acquisition should open new channel

LGS Innovations buys another intelligence contractor (Washington Post) LGS Innovations, the Herndon-based intelligence contractor that has links to Bell Labs, announced Thursday that it bought Axios Inc., a small intelligence contractor based out of Dulles

Why Apple's Artificial Intelligence Acquisition Is Much Bigger Than Siri (Forbes) Apple AAPL +2.00% quietly acquired a small UK artificial intelligence outfit this week, based in Cambridge and called Vocal IQ, in which many believe is a play to just enhance Siri's capabilities

Packer, Grounds and ex-Macquarie bankers back QuintessenceLabs (Financial Review) The same high-profile group of investors who piled into Sydney peer-to-peer lender SocietyOne have emerged as backers to Canberra-based technology security firm, QuintessenceLabs

Sevenoaks: BT's security customer playpen (Enterprise Times) BT has announced the addition of BT Assure DDoS mitigation to its security stack, part of the "Cloud of Clouds". It has also introduced a showcase centre in its Sevenoaks, Kent office to help businesses determine their security requirements

Security Patches, Mitigations, and Software Updates

GitHub expands hardware-based authentication to developers (Computerworld) GitHub developers will now be able to log in to the code repository using YubiKey hardware keys

Samsung Decides Not to Patch Kernel Vulnerabilities in Some S4 Smartphones (Softpedia) QuarksLAB, a security research company based in Paris, France, has stumbled upon two kernel vulnerabilities in Samsung Galaxy S4 devices which Samsung has decided to patch, but only for recent devices running Android Lollipop, and not for those with Jelly Bean or KitKat

Cyber Attacks, Threats, and Vulnerabilities

Scottrade reveals security breach exposing 4.6 million clients (Consumer Affairs) Company says says trading platform was not compromised

Scottrade Breach Hits 4.6 Million Customers (KrebsOnSecurity) Welcome to Day 2 of Cybersecurity (Breach) Awareness Month! Today's awareness lesson is brought to you by retail brokerage firm Scottrade Inc., which just disclosed a breach involving contact information and possibly Social Security numbers on 4.6 million customers

Content Creation Donation Site Patreon Hacked (i Free Press) The compromise was discovered to have happened on a debug Patreon server available to the public on September 28th

Patreon Customers Exposed after Cyber Attack (Check & Secure) For those unfamiliar with the services provided by Patreon.com, it can be loosely be described as a service that provides the amateur, yet intensely committed producers of internet content (think cat video compilations and 1000 year experiments on Football Manager) with an income from an intensely democratic source

Patreon was warned of serious website flaw 5 days before it was hacked (Ars Technica) Even worse: Thousands of other sites are making the same facepalm-worthy mistake

Retail security bashing lobby group ABA admits data breach (Finextra) The American Bankers Association, the lobby group that has taken a leading role in lambasting retailers over lax data security, has admitted that email addresses and passwords used to make purchases or register for events through its online shopping cart have been compromised

Data stolen from Experian already being sold online (ITProPortal) Experian is already feeling the consequences of the recent hack in which full data of more than 15 million users has been stolen

T-Mobile US 'incredibly angry' at Experian over data breach (CNBC) The world's largest credit checking company Experian suffered its biggest one-day fall in more than a year after hackers stole the personal details of up to 15m T-Mobile US customers

T-Mobile, Experian Hack: How You Can Minimizing Your Risk (InformationWeek) Here are a few steps T-Mobile customers can take to protect themselves in the wake of the Experian hack

Encrypted Flash exploit bypassing vector mitigations (CSO) Yet another reason to make sure that Adobe sits at the top of the patch list

New Malware Called YiSpecter Is Attacking iOS Devices in China And Taiwan (TechCrunch) Cybersecurity firm Palo Alto Networks has identified new malware, which it calls YiSpecter, that infects iOS devices by abusing private APIs. Most affected users live in China and Taiwan

Amazon Downplays New Hack For Stealing Crypto Keys In Cloud (Dark Reading) Attack works only under extremely rare conditions, cloud giant says of the latest research

UK Banks Hit With New Zeus Sphinx Variant and Renewed Kronos Banking Trojan Attacks (IBM Security Intelligence) Two recent discoveries by IBM Security X-Force researchers indicate that the U.K. is seeing an increased wave of banking Trojan attacks from two families linked with the Zeus Trojan: Sphinx and Kronos

Two Games Released in Google Play Can Root Android Devices (TrendLabs Security Intelligence Blog) Android malware creators have recently been mixing business with play

Home routers 'vaccinated' by benign virus (BBC) A benevolent virus has been used to harden more than 10,000 home routers against cyber-attacks, says a security firm

Unexpectedly benevolent malware improves security of routers, IoT devices (Help Net Security) At this point in time, the existence of a botnet comprising of tens of thousands of compromised routers and other IoT devices is not news

North Korea Suspected of Hacking Seoul Subway Operator (NDTV) North Korea is suspected of having launched a cyber attack last year on the South Korean capital's subway system that carries millions of commuters every day, a Seoul lawmaker said today, citing intelligence reports

Reverse Engineering Proves Journalist Security App Is Anything But Secure (Motherboard) On Friday, Motherboard reported that the new Reporta app, billed as "the only comprehensive security app available worldwide created specifically for journalists," may not be secure at all

Car hacking via compromised car diagnostic tools (Help Net Security) Car hacking is a topic that has received considerable attention from security researchers in the last year or so, and the general public and (hopefully) lawmakers are finally beginning to perceive the danger as real

Academia

CyberPatriot lauded as future of cyber security (Montgomery Advertiser) With each generation, the tech at their fingertips becomes more advanced and brings a heightened threat to personal and national safety

Microsoft announces $1 billion investment (Mexico News Daily) The firm will support digital education and inclusion over the next three years

Litigation, Investigation, and Enforcement

Clinton hackers likely criminals, not spies, experts say (The Hill) The hackers who attempted to crack then-Secretary of State Hillary Clinton's private email server were most likely part of an Eastern European cyber crime syndicate, experts said Thursday

'Cyber banging' drives new generation of gang violence (Los Angeles Times) Crime in the city continues to rise and gang violence in South Los Angeles accounts for much of that

Landmark European data protection judgement (SC Magazine) Pan-European operations can now be subject to the data protection laws of each country (not just the one they are established in) following a ECJ ruling yesterday

SEC's New Court Powers Aren't Going Away (BloombergView) Should the Securities and Exchange Commission be allowed to act as prosecutor, judge and jury in pursuing civil penalties against alleged violators of the security laws?

Experian data breach may prompt fines and lawsuits, warn analysts (Business Insurance) Experian, the world's biggest credit data firm, could face fines and class-action lawsuits as well as reputational damage from the data breach at its U.S. business, according to analysts covering the company

In wake of hack, anti-CISA group targets Experian (The Hill) Following a massive breach of data held by Experian, a group of web activists is trying to oust the company's chief executive, Brian Cassin over his support for the Cybersecurity Information Sharing Act (CISA)

Risk and the Internet of Things (Legaltech News) The Internet of Things is already changing the way we interact with the world and could make long standing legal challenges murkier

A Proposal to Improve Foreign Law Enforcement Access to US-Held Data (Just Security) In my last post, I reviewed a number of proposals to reform the Electronic Communications Privacy Act (ECPA)

Cryptocurrency startup Gemcoin busted for alleged $32m Ponzi scheme (Naked Security) The US Securities and Exchange Commission (SEC) announced on Thursday that it's broken up an alleged $32 million Ponzi scheme that promised to mine amber and pay out profits in so-called "Gemcoin" cryptocurrency

After he threatened massacre on Yik Yak, Virginia Tech ex-student pleads guilty (Ars Technica) Ki Ung "Eddie" Moon spent a month in jail but will serve no more time

Design and Innovation

The Blockchain Might Be The Next Disruptive Technology (TechCrunch) To process a transaction, you need first to make sure the sender owns the asset he wants to transfer, and make sure he will not trade it twice

Shades of Greynets: The Internet of Secure Things (CIO) Emerging, rich network architectures and dedicated simple security appliances can transform security for online systems

IoT devices get a secure element to protect critical systems (Network World) In a few years the Internet of Things will link 40 billion devices, but in many cases security will be lax. Gemalto designs security in from the start

Immunio Embeds Security Directly into Applications (eSecurity Planet) Instead of bolting on security, Canadian startup takes an innovative approach that embeds security directly into apps

3 Reasons Why Banks Can't Afford to Ignore AI (Dataconomy) The promise of Big Data and our ability to use it was a lofty one

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

RFUN 2015 (Washington, DC, USA, October 7, 2015) RFUN is a free, one-day conference that brings together a lineup packed with thought leadership on intelligence and security, big data analysis, and information visualization

upcoming Events

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.