The CyberWire Daily Briefing 10.07.15

Summary

By The CyberWire Staff

Cisco announces success against Angler exploit kit infrastructure.

Vulnerability researchers find problems with Huawei 4G USB modems. Others complain about Microsoft allegedly transmitting OneDrive userids in the clear.

Appthority thinks the XCodeGhost infection of iOS devices is much larger than initially thought, approaching 500 apps and 2 million users. The infestation is so far largely confined to China, but many fear that will change soon.

Google is working to confine and purge Kemoge adware from PlayStore. Softpedia glumly predicts that Apple and Google app issues will soon be followed by similar Microsoft problems.

Hacking "vigilantes" who say they installed unsought "Wifatch" software to help secure routers are talking to Symantec. They call themselves "The White Team," and say they hacked for "learning," "understanding," "fun," and "security." Expressing a twinge of regret for fooling with resources that aren't theirs, they insist they're altruists acting for the greater good.

Buying cyber coverage necessarily involves disclosing a great deal of sensitive data, and such sharing would be among activities soon to be affected by this week's European Court of Justice decision to void the EU's longstanding Safe Harbor agreement. The decision essentially opens enterprises that hold or transmit personal information to litigation in European national courts. The US Government naturally thinks the matter wrongly decided. Whatever the final issue turns out to be, data will have to be handled with new care, and borders will rise in the Internet.

Observers suggest hopes of a Sino-American golden age of cyber cooperation will be disappointed.

Notes.

Today's issue includes events affecting Australia, Brazil, China, European Union, France, Germany, Ireland, Japan, Russia, Singapore, Switzerland, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Attackers prefer lower-bandwidth DDoS attacks (Help Net Security) Analyzing customer data, Corero found that attackers are continuing to leverage sub-saturating DDoS attacks with increasing frequency, using shorter attack durations to evade legacy cloud DDoS scrubbing solutions to cause network disruptions and, in some cases, distract victims while other malware infiltrates networks and steals customer information and corporate data

How attackers attempt to infect organizations (Help Net Security) A new report by Palo Alto Networks, based on data from more than 7,000 enterprises worldwide, showcases real-world trends in enterprise application usage and critical developments in how attackers are attempting to infect organizations

ID Theft Victims Remain Vulnerable Long After A Hack (Infosecurity Magazine) The timeliness of detection and diversity of data sources are critical factors in countering attempts to compromise consumer identities

US firms have a 'bigger bullseye on their back' when it comes to cybercrime, says Ponemon (FierceITSecurity) The average annual cost of cybercrime in the US jumped 20% this year, concludes annual cybercrime report

Cost of data breaches keeps going up. Do boards care? (ITWorld Canada) There are, arguably, four things one can depend on: Life, death, taxes and the increasing cost to organizations of cyber crime

Brute Force, Web App Attacks Common Across Industries: Report (The WHIR) Cybercriminals tend to attack companies with a large volume of online customer interactions at the application level, whereas they tend to attempt data theft from other companies through brute force attacks, according to a new report from Alert Logic

When it comes to security, trust but verify (CSO) At this year's Symposium/IT Expo, Gartner analysts say it's time to rethink security

Challenges around Operationalizing Threat Intelligence (Network World) Beyond the information, process and skills improvements needed for threat intelligence collection, processing, analysis, and sharing

Do Attribution and Motives Matter? (TrendLabs Security Intelligence Blog) Whenever people think of APTs and targeted attacks, people ask: who did it? What did they want? While those questions may well be of some interest, we think it is much more important to ask: what information about the attacker can help organizations protect themselves better?

Security risks increase as cloud data centers change (CSO) As the pace of technological change in cloud data centers speeds up, the list of endeavors in cloud data centers grows longer

Never trust the first number announced in a data breach (Quartz) A pattern is emerging with major security breaches: After the number of affected people is first disclosed, companies and government agencies tend to follow up later on with a much larger number — sometimes double or triple the original estimate

Legislation, Policy and Regulation

Singapore urges nation to adopt security-by-design mindset (ZDNet) Stressing the need to think about cybersecurity from the design phase, the Singapore government says it is reviewing its budget to ensure sufficient resources are set aside to support a robust defence system

No easy solutions in US–China cyber security (East Asia Forum) In late September 2015, the Presidents of China and the United States reached a number of agreements on cyber security, cyber espionage and cyber crime

DOE cold case shows limits of U.S.–China cyber cooperation (E&E News) In January 2013, Department of Energy computer files began trickling through suspicious Brazilian and Ukrainian networks

Senators, Companies and Privacy Groups Use Experian Hack to Debate CISA (Inside Sources) Congress is expected to take full advantage of National Cybersecurity Awareness Month with a renewed push to pass the Cybersecurity Information Sharing Act (CISA) later in October — a bill the tech industry and Senate Intelligence Committee leadership say is needed more than ever after the recent Experian hack

Why Aren't We Learning from these Devastating Cyberattacks? (Nextgov) At an event hosted today by Atlantic Media, Nextgov's parent company, an audience member asked a question that resonates well after the recent hacks of government and industry

DHS leads federal cybersecurity efforts, but will other agencies follow? (Washington Business Journal) The U.S. Department of Homeland Security is investing in managed cybersecurity services, an important early step in the federal government's push to protect agency data from cyber threats

Bridging Technology and Policy, One Fellow at a Time (Roll Call) When National Security Agency surveillance became a top issue on Capitol Hill, Travis Moore realized he didn't have the knowledge base to understand the technology — and neither did anyone else in Congress. Now he's working to change that

McAfee plans to be elected president in a landslide on the backs of 40 million tatooed voters (CSO) It has been a whirlwind few years for John McAfee, the man noted for developing the first commercial anti-virus program

Products, Services, and Solutions

LookingGlass Delivers Threat Intelligence Driven Network Security (LookingGlass) New dynamic threat defense solution closes a dangerous gap in network security by identifying and stopping DNS-based cyber threats

Quick Heal Launches New Version of Seqrite Mobile Device Management with Advanced Call, SMS and Network Monitoring Features (WDRB) Network security provider further simplifies mobile-based threat management with true SaaS-based approach to safeguarding company networks

Amazon sets sights on massive Internet of things opportunity with new cloud offering (Fortune) Coming at AWS Re:Invent, Amazon will unveil a new Internet of things service to help developers tie billions of devices into the cloud giant's infrastructure

DEFCON CYBER™ Contributes to NIST Industry Best Practices in Supply Chain Cyber Risk Management (PRNewswire) DEFCON CYBER™ by Rofori Corporation is a software solution based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Trend Micro Enables Integrated Security and Compliance for Hybrid Architectures (BusinessWire) Proven solutions keep data safe regardless of infrastructure platform

Observable Networks launches network monitoring (Financial News) Observable Networks Inc. said it has launched a new feature of its patented Dynamic Endpoint Modeling security service

Here comes the first iPhone ad blocking app that claims it can block Facebook and Apple News ads too (Business Insider) The threat of mobile ad blocking has been largely downplayed by observers and analysts because, up until now, mobile ad blocking apps could only block ads on mobile browsers — not in apps

Duo Security Gives IT Visibility Into Every Enterprise Device (TechCrunch) Duo Security, best known for its simple mobile phone two-factor authentication, announced today that it was expanding its Duo Platform security tool to give IT administrators greater visibility and control over every device entering the network

FireEye and F5 partner up to deliver comprehensive security for enterprises (ITProPortal) FireEye has announced a global partnership with F5 Networks in order to develop, deploy and support integrated security solutions to help defend the enterprise world

Verizon's zombie cookie gets new life (Ars Technica) Verizon's tracking supercookie joins up with AOL's ad tracking network

Technologies, Techniques, and Standards

Data security and the Internet of Things (Lexology) The Internet of Things (IoT) encompasses any object or device that connects to the Internet to automatically send and/or receive data

Protecting the Electric Grid from Today’s Cyber Threats (EnergyBiz Magazine) Recent high-profile data breaches at Sony, Anthem and the Office of Personnel Management are a stark reminder of the serious cyber threats posed by our adversaries

Cyber Data Analysis Requires Multidimensional Approach (SIGNAL) New elements such as social media add complexity; melding data clarifies the truth

Stopping the Invisible Threat: 7 Suggestions for Curbing Unauthorized Access (Legaltech News) You may not be able to see it, but the invisible threat is the latest trend being used by cyberattackers

5 Tips to Effectively Manage Privilege in E-Discovery (Legaltech News) Practical steps litigators can take to ensure privileged information is protected while keeping cost and time considerations in check

Marketplace

Buying cyber cover requires sharing most sensitive data (Business Insurance) While the nature of cyber risk has evolved rapidly over the past two years, the actual process of buying insurance can heighten a company's exposure to cyber risks and may deter some organizations from buying the coverage, a risk manager said

Innovation disrupts but also presents risk management opportunities (Business Insurance) Innovation in the wider world presents both risks and opportunities for risk managers, according to speakers at the Federation of European Risk Management Association's risk management forum

Cyber combat ops now seen as half-trillion dollar growth industry (World Tribune) The cost of cyber attacks reached one half trillion dollars globally last year with no end in sight, said former CIA analyst Jack Caravelli at a conference in Switzerland

Cyber Security Innovator Morphisec Raises $7M Series A Funding Round (MarketWatch) GE Ventures and Deutsche Telekom joining founder investor JVP

Versasec Triples Government Security Business (myNewsDesk) Versasec, the leader in smartcard management systems, today announced it has tripled its government clientele and seat licenses over the past year

KEYW Holding Corp. Was Throttled in September — Here's Why (Motley Fool) Cybersecurity firm KEYW was taken to the woodshed in September. Here are the three catalysts behind its huge move lower

Would you trust Eugene Kaspersky, Russia's 'Cyber Security King'? (France 24) Accused of helping Russian spies and sabotaging his competitors, Eugene Kaspersky tells FRANCE 24 he is innocent and has "nothing to hide"

Centrify Appoints New General Counsel and Board Member (Sys-Con Media) Centrify, the leader in securing enterprise identities against cyberthreats, today announced Rashmi Garde has been appointed as its general counsel with responsibility for all of Centrify's worldwide legal affairs

Research and Development

Researcher: DARPA effort will rate cybersecurity of software for public (Inside Cybersecurity) The cybersecurity of commercial software and systems will be independently rated in a new Pentagon-funded initiative, creating an unprecedented, publicly available tool for companies and individual consumers to find the most secure products in the marketplace, prominent security researcher Peiter Zatko told Inside Cybersecurity

Security Patches, Mitigations, and Software Updates

Avast antivirus hole patched after public Project Zero slap (Register) Man-in-the-middle diddle leads to remote execution fiddle

Marshmallow fails to fix the huge update problem at Android's heart (Graham Cluley) So, here comes the latest version of Android — named in Google's typically sweet-toothed fashion, Marshmallow

YiSpecter iPhone malware won't spook you if you've kept iOS updated, says Apple (Graham Cluley) According to Apple, your iPhone and iPad should be safe from the YiSpecter malware if you are running iOS 8.4 or later (the latest released version of iOS is 9.02)

Cyber Attacks, Threats, and Vulnerabilities

Cisco hooks Angler Exploit Kit infrastructure (Register) Shares intelligence widely

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone (Cisco Blogs) Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit

Remote code exec hijack hole found in Huawei 4G USB modems (Register) Ruskies sling malicious packet to trigger denial of service

Security fail: Microsoft is transmitting Outlook.com and OneDrive user IDs in clear text (International Business Times) Microsoft is always going on about cybersecurity but a blogger has spotted that the computer giant is exposing the ID numbers of all users who access its online services such as Outlook.com and OneDrive

Apple iOS Virus May Have Affected Almost 500 Apps, 2 Million Users (Forbes) A virus thought to infect only about 40 iOS apps on Apple AAPL -2.70% devices may be much, much worse, Appthority's Enterprise Mobile Threat Team TISI +% announced

iPhone Malware Is Hitting China. Let's Not Be Next (Wired) Apple's iOS has had a good run in terms of security. For more than eight years it's been wildly popular and yet virtually malware-free, long enough to easily earn the title of the world's most secure consumer operating system. Now that title has a new, growing asterisk: China

Windows Phone Store Distributes Fake Apps Infected with Adware (Softpedia) After the Apple App Store and the Google Play Store were used to distribute all kinds of malware to users' phones, it seems that now's the time for Microsoft's Windows Phone Store to be abused as well

Kemoge Android Adware Campaign Can Lead to Device Takeover (Threatpost) Google has been busy removing a number of apps from Google Play that are disguised as popular selections that are actually pushing what starts out as adware but eventually turns more malicious

Vigilante Malware, Dark Knight or Dangerous Joke? (Team Cymru) It's hard not to like the Batman story

Meet The Mystery Vigilantes Who Created 'Malware' To Secure 10,000 Routers (Forbes) A group of do-gooder hackers calling themselves The White Team have taken responsibility for a large peer-to-peer botnet that compromised more than 10,000 routers to improve the security of the devices, and have explained to FORBES some of their future plans to fix more broken machines

T-Mobile Caught Holding the Bag as Experian Loses Customer Data (eWeek) The only thing T-Mobile did wrong in last week's data breach was to choose Experian for its credit reporting

3 lessons from the Patreon website hack (FierceITSecurity) Hackers stole and published over 15 gigabytes of data from Patreon's website, consisting of password hashes, donation records and source code

Ticked Off: Upatre Malware's Simple Anti-analysis Trick to Defeat Sandboxes (Palo Alto Networks) The Upatre family of malware is frequently updated, with the authors adding new features and protecting the malware from detection in various ways

What's in a Boarding Pass Barcode? A Lot (KrebsOnSecurity) The next time you're thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead

HTML5-based data transfer for terrorists, pirates and investigators (The Stack) The software you're reading this article with is, even in its factory state, probably enough to conduct acts of terrorism and piracy that are 'extremely difficult, if not entirely impossible' to intercept or examine forensically, according to one of the first research efforts to evaluate the threats and possibilities presented by the new emergence of HTML5-based transfer and communications services and tools

Hacking Wireless Printers With Phones on Drones (Wired) You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents

Are the Keystone Cops running the nuclear power industry? (FierceITSecurity) If there is any industry that has their cybersecurity act together, it's the nuclear power industry

Litigation, Investigation, and Enforcement

The Court of Justice declares that the Commission's US Safe Harbour Decision is invalid (Court of Justice of the European Union) Whilst the Court of Justice alone has jurisdiction to declare an EU act invalid, where a claim is lodged with the national supervisory authorities they may, even where the Commission has adopted a decision finding that a third country affords an adequate level of protection of personal data, examine whether the transfer of a person's data to the third country complies with the requirements of the EU legislation on the protection of that data and, in the same way as the person concerned, bring the matter before the national courts, in order that the national courts make a reference for a preliminary ruling for the purpose of examination of that decision's validity

NSA Spying Violates Privacy Rights, EU Court Rules (Defense One) The decision likely won't curb the surveillance, but could mean headaches for thousands of companies

White House 'deeply disappointed' by Europe outlawing Silicon Valley (Register) Safe harbor ruling means it's 'open season against American businesses'

Tech Companies Can Blame Snowden for Data Privacy Decision (Wired) A ruling by the Europe Union's highest court today may create enormous headaches for US tech companies like Google and Facebook. But it could also provide more robust privacy protections for European citizens. And they all have Edward Snowden to thank — or blame

Doom or delight? Court ruling on Safe Harbor brings uncertainty to privacy dealings (ITWorld) The Court of Justice of the European Union, in Luxembourg, is the EU's highest court. Credit: Court of Justice of the European Union By declaring the Safe Harbor agreement invalid, the Court of Justice of the European Union exposes businesses to legal action

How worried is Silicon Valley about Safe Harbour? (BBC) The Safe Harbour ruling made on Tuesday has potentially big implications for some giants of Silicon Valley when it comes to how they look after our private data

EU Safe Harbour ruling requires a rethink of data processes (ComputerWeekly) The European Court of Justice's decision to invalidate the Safe Harbour agreement has far-reaching implications for businesses

Facebook data transfers threatened by Safe Harbour ruling (BBC) A pact that helped the tech giants and others send personal data from the EU to the US has been ruled invalid

What The EU's Safe Harbor Ruling Means For Data Privacy In The Cloud (Dark Reading) The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Here's how to begin to prepare for the fallout

Alleged Anonymous-aiding journo's brief tells jury nowt's been proven (Register) He was 'operating as a professional reporter trying to gather info'

Phone thieves facing stiffer sentences if victims lose photos (Naked Security) How do you put a price on the value of photos lost when a thief nicks your phone?

Design and Innovation

Applying machine learning techniques on contextual data for threat detection (Help Net Security) The momentum behind cloud computing couldn't be stronger as companies, governments and other organizations move to the cloud to lower costs and improve agility

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

RFUN 2015 (Washington, DC, USA, October 7, 2015) RFUN is a free, one-day conference that brings together a lineup packed with thought leadership on intelligence and security, big data analysis, and information visualization

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.