The CyberWire Daily Briefing 10.08.15

Summary

By The CyberWire Staff

Norway's Foreign Ministry is working to expunge malware that's established persistence in its networks. The Ministry is being tightlipped; media speculation centers on Russian and Chinese intelligence services (empirically grounded probabilistic speculation).

Reports surface of extensive Iranian catphishing on LinkedIn. The bogus profiles are said to be convincing, so add people to your professional network with due discretion.

Snowden returns to the news with allegations of a GCHQ campaign against Russian targets.

The hackers who got into Samsung subsidiary LoopPay may have been interested in data on individuals as opposed to any immediate monetization of their hack, which suggests to some observers that intelligence services may be responsible.

enSilo researchers describe the Moker RAT, a persistent threat that doubles as a LAT.

Krebs sees the roots of the Experian breach in "security attrition" during acquisitions.

To the threat of compromise through lost devices add the threat of exploitation via second-hand devices, as much data stays on them, forgotten but still accessible.

Newly free of litigation with Volkswagen, a University of Birmingham researcher publishes information on automobile hacking vulnerabilities — 100 car models are said to be affected.

The IEET looks at the Internet-of-things and sees a bad moon rising over the Lebenswelt: securing the IoT looks like "applied demonology."

Observers see a lack of standards as problematic for IoT design, and in other areas as well. NIST issues several draft standards for comment.

Sino-American cyber relations remain strained amid new calls for sanctions.

Industry sorts through the demise of Safe Harbor.

Notes.

Today's issue includes events affecting Australia, Brazil, China, European Union, Germany, India, Iran, Ireland, Lebanon, Lithuania, Norway, Pakistan, Russia, United Kingdom, United States

Selected Reading

Cyber Trends

Into the spotlight: Cyberinsurance (SC Magazine) Data that can be monetized is, simply put, a magnet for the bad guys

Crisis Services Top Insurers' Cyber Claims Payouts; Average Claim at $674K (Insurance Journal) New claims costs data reveal a wide discrepancy on costs associated with cyber losses

Why Companies Won't Learn From the T-Mobile/Experian Hack (New Yorker) Last Thursday, John Legere, the C.E.O. of T-Mobile, joined the ranks of the dozens of chief executives who, in the past few years, have had to inform their customers that their personal information has been stolen. "One of our vendors, Experian, experienced a data breach," Legere tweeted, referring to a Dublin-based credit bureau that his company uses to collect, store, and secure customers' personal information

50% of small businesses have been the target of a cyber attack (PropertyCasualty360) If you're a business, there's a target on your back, or your data to be more precise

IP Expo Europe: Don't assume you're safe from the geopolitical cyber-war (SC Magazine) The new cyber-threat landscape includes the geopolitical dimension which organisations ignore at their peril, said Werner Thalmeier

IP Expo Europe: Cyber security and human rights entwined (SC Magazine) Excessive spying has made legitimate access by the authorities to private data harder to achieve, but stong encryption is out of the bottle and won't go back says Wikipedia founder Jimmy Wales

IP Expo Europe: Holistic approach to cyber threats advised (SC Magazine) Richard Knowlton, ex group corporate security director at Vodafone, spoke today at IP Expo about protecting enterprise security, noting that according to a recent report by Allianz, UK businesses lose approximately £2.8 billion a year to cyber-crimes

IP Expo Europe: The way you buy threat intelligence will change, says BAE Systems (SC Magazine) The threat intelligence market will change as companies begin to consume it in different ways, said Russell Kempley at IPExpo

New tech, new opportunities for cyber criminals, says INTERPOL (Wamda) Cyber crime is a problem for startups throughout MENA, but one that is often ignored in Lebanon according to INTERPOL cyber security expert Christian Karam

Why have most merchants missed the EMV deadline? (CSO) The Oct. 1 deadline to shift from "swipe–and–signature" credit cards to EMV, or "chip and PIN" has been known for years

High prevalence of personal health information at risk (Help Net Security) The healthcare and life sciences vertical is responsible for 76.2 percent of all cloud data loss prevention (DLP) policy violations among the billions of total app instances tracked by Netskope

Hackers see cloud as 'a fruit-bearing jackpot' for cyber attacks (Computing) Cyber-criminals and hackers are increasingly attacking cloud infrastructure, which they see as a "fruit-bearing jackpot"

Hacking, Malware and Security Are Top Concerns in Mobile Development (App Developer Magazine) Security concerns continue to grow for the application development industry as a new study has shown that hacking, malware and security are top concerns for IT departments

IoT will become a matter of life or death for security pros (CIO) Internet of Things means different things to different people; self-driving cars, smart cities, connected homes, health and fitness apps, etc. But for security professionals, IoT will become a safety issue

Internet der Dinge benötigt klare Sicherheitsstandards (Pressebox) G DATA Security-Evangelist Eddy Willems empfiehlt Herstellern ganzheitliche Konzepte

The Internet of Things: Beyond the hype (Toronto Star) The people who are bringing us the "things" are thinking more about hitting it big with surprising and novel products than they are about enhancing our lives

Digital business will mean security headaches (ZDNet) Smart machines will be able to detect and solve many security issues. They're also likely to introduce a few security issues of their own

The price of the Internet of Things will be a vague dread of a malicious world (Help Net Security) Volkswagen didn't make a faulty car: they programmed it to cheat intelligently. The difference isn't semantics, it's game-theoretical (and it borders on applied demonology)

We Fact-Checked Stephen Hawking's Reddit AMA Answers (Vocativ) In a Reddit AMA, Stephen Hawking worries about an A.I. apocalypse. Meanwhile, the actual experts can barely get robots to climb a staircase

Legislation, Policy and Regulation

Cyber vandalism 'the least of our worries'' says White House cybersecurity coordinator (FierceGovernmentIT) Cyber intrusions that result in embarrassing social media posts or websites going dark are hardly blips on the radar for White House Cybersecurity Coordinator Michael Daniel

Crackdown: Time to Pressure China on Cyber Theft (National Interest) "Indeed, as the Chinese economy enters what appears to be a protracted slowdown — if not a permanently lower rate of growth altogether — we can expect commercial cyberattacks to increase"

The Hollow Sounds of Sabre Rattling in the Cyber World (VASCO) The big news in the security segment this week is the newly-formed agreement that President Barack Obama has struck with Chinese President Xi Jinping

Cybersecurity vs. Data Security: Government's Two-Pronged Challenge (Federal News Radio) For almost a decade, the cyber community has said it's all about the data

CYBERCOM starts to wield acquisition power (C4ISR & Networks) The Pentagon wants to make it easier for U.S. Cyber Command to quickly acquire the tools and services it needs to support cyber operations, according to the Defense Department's chief weapons buyer

Lawmakers demand DHS reveal cyber reorganization plans (The Hill) House Homeland Security Committee members are demanding the Department of Homeland Security (DHS) be more transparent with proposed reorganization efforts that involve several cybersecurity offices

Hacked Opinions: The legalities of hacking — Scot Terban (CSO) Researcher Scot Terban, known to many online simply as Dr. Krypt3ia, talks about hacking regulation and legislation with CSO in a series of topical discussions with industry leaders and experts

Products, Services, and Solutions

Savvius™ Integrates Lancope StealthWatch® System With Savvius Vigil™ for Post-Breach Security Forensics (Virtual Strategy Magzine) Savvius, Inc., a leader in packet-level network analytics and post-breach security forensics, today announced a technology partnership with Lancope, a leader in network visibility and security intelligence

Specialty insurance firm offers policies to cover cyber liability and breach response (Business Insurance) Berkshire Hathaway Specialty Insurance said that it has launched two policies which provide cyber liability and breach response coverage with risk management resources in the U.S., Berkshire Hathaway said in a statement

Amazon Inspector — Automated Security Assessment Service (AWS Official Blog) As systems, configurations, and applications become more and more complex, detecting potential security and compliance issues can be challenging

How to hack-proof your cloud with native AWS tools (TechRepublic) The cloud is changing the way IT pros think about enterprise security. Here are some tips to overcome some security challenges using tools from AWS

CloudPassage to Offer Agencies Halo Security Platform Through AWS GovCloud (ExecutiveBiz) CloudPassage?s Halo platform will be available to federal government customers through Amazon Web Services? GovCloud for the U.S. region as the security company works to achieve FedRAMP-ready status

Bitdefender Launches New Version of Antivirus for Mac (BusinessWire) Antivirus for Mac, proven to offer absolute protection in independent testing, fights off even new and unknown threats

Duo Security Calms the Enterprise Mobility Storm (PYMNTS) Employees have sparked the Bring Your Own Device movement largely because they want to continue to use their familiar smartphones and tablets for work processes instead of getting issued a second, less desirable device

OPSWAT Announces the Gears Mobile App (Benzinga) In the wake of Stagefright 2.0 and the XcodeGhost malware, securing mobile devices is a growing need for consumers, SMB, and Enterprise

LookingGlass Delivers Threat Intelligence Driven Network Security (BusinessWire) New dynamic threat defense solution closes a dangerous gap in network security by identifying and stopping DNS-based cyber threats

One week until AVG flogs your web browsing and search history… (Graham Cluley) If you're one of the many users of AVG's free anti-virus product you're hopefully aware that, from 15 October 2015, the company will be able to sell your web browsing and search history to third-party advertising companies

Technologies, Techniques, and Standards

NIST draft guide aims to bolster email security (FierceGovernmentIT) The National Institute of Standards and Technology issued a draft publication late last month that will help federal enterprise email administrators, information security specialists and network managers better safeguard email

NIST preps digital privacy framework, considers control catalog (FierceGovernmentIT) The National Institute of Standards and Technology is putting the finishing touches on a new interagency report that will advise federal agencies on assessing and mitigating the privacy risks associated with their digital services

Revision could move NIST authentication guidance out of the weeds (FierceGovernmentIT) The National Institute of Standards and Technology's authentication guidance document, known as NIST Special Publication 800-63, is being revised to better align with modern expectations of how to use authentication technologies within federal information systems, said Sean Brooks, privacy engineer at NIST

General HTML5 Security, Part 2 (Infosec Institute) In the second part of the General HTML5 Security series, we are going to discuss the enhanced security in HTML5 with features such as the CSP (Content Security Policy) and sandboxed iframes

15+ Online Habits That Are Compromising Your Online Safety (Heimdal Security) How many tabs do you have open in your browser right now?

Planning and Executing an Effective Data Breach Exercise (United States Cyber Security Magazine) Why regular data breach exercises are required

Strategies to Secure Critical Infrastructure (InfoRisk Today) Experts debate new measures to defend against threats

EDR — Hunting on the Endpoint (InfoRisk Today) How endpoint detection & response hopes to redefine endpoint security

Tips for Consumers Following Experian Breach of T-Mobile Users’ Data (Hudson Valley News Network) Attorney General Eric T. Schneiderman offered consumers tips to guard against potential identity theft and other fraud after it was reported that an unauthorized party accessed an Experian server that contained the personal information of more than 15 million T-Mobile users

Hacking enterprise wireless Printers with a drone or a vacuum cleaner (Security Affairs) A group of researchers from the iTrust has demonstrated how to use a Drone to intercept wireless printer transmissions from outside an office building

Biometrics securing construction sites (SecureIDNews) Tech saves money, increases security

Marketplace

EMC and Dell Could be Walking Down the Aisle; Clock (FBR Flash) The Wall Street Journal reported that EMC and Dell are in talks to possibly merge both companies in what would be the biggest tech deal of all time at $50 billion+

Israeli Container Security Startup Scalock Lands $4M Series A Investment (TechCrunch) Israel has become known for its security startups, and Scalock, a company that wants to secure the burgeoning container space, announced a $4 million Series A round today

Hitachi Begins Trial for Sharing Cyber Threat Data with HP (Finchannel) Hitachi, Ltd. on October 6 announced that it has begun trials for sharing cyber threat data, such as emerging threats and attack methods to IT systems, with Hewlett-Packard Company

HP partner program splits into HP Partner First, HPE Partner Ready (TechTarget) Following Hewlett-Packard's company split, the HP partner program will break into two distinct programs: Partner First and Partner Ready

ManTech Awarded Potential $250M Cyber Range Contract (GovConWire) ManTech International (Nasdaq: MANT) has been awarded a potential four-year, $250 million contract to provide cyber training services to Defense Information Systems Agency and U.S. Marine Corps personnel

Marines fight romance scammers (San Diego Union-Tribune) Corps awards contract to track social media posts impersonating generals

Meet The Startup That Predicted The Experian Data Breach (PRNewswire) Last week it was revealed that Experian, one of the world's largest data brokers, was hacked… Less than a month ago, TrackOFF, a Baltimore-based startup that develops privacy & security software, predicted this very scenario

KnowBe4's Growth Shows Companies Are Waking Up to Growing Security Threats (PRWeb) KnowBe4 continues to see explosive triple digit growth for the 9th quarter in a row, with Q3 2015 toppling the 400 percent mark over Q3 2014

Security companies shouldn't be this thin–skinned (Computerworld) FireEye, like all companies, wants to protect its intellectual property. But it needs to realize that security companies aren't perceived like other companies

Some fed IT specialist work experiences among lowest in government, survey says (FierceGovernmentIT) More than 60 percent of all federal IT specialists cannot say for sure or do not believe their working units are able to recruit the talent necessary for their jobs, according to a federal poll of all the government's workers

Former SoftLayer chief Lance Crosby surfaces at stealthy security startup (Fortune) Crosby and Andrew Higginbotham, who drove CenturyLink's cloud efforts, are now working together on StackPath, a thus-far stealthy cybersecurity startup

Venable Hires Top Obama Administration Official for Non-Lawyer Cybersecurity Role (Legaltech News) The hire is an example of how law firms often have a multidisciplinary team in place that includes non-lawyers

Former Palo Alto Networks CEO Lane Bess Joins ZeroFOX (Virtual Strategy Magazine ) Lane Bess, former Palo Alto Networks CEO and former Zscaler Chief Operating Officer, will now support the ZeroFOX team as it enters its next growth phase

Research and Development

Lockheed Martin and Guardtime Technology target cyber threats (UPI) Lockheed Martin and Guardtime Technology demonstrated technology they produced together to combat cyber attacks

Security Patches, Mitigations, and Software Updates

Huawei routers riddled with security flaws won't be patched (ZDNet) Many of the routers are no longer supported by Huawei and won't be fixed, according to the security researcher who found the flaws

Cyber Attacks, Threats, and Vulnerabilities

Foreign ministry battles cyber attack (News in English) Norway's foreign ministry is battling a powerful computer virus that has infected its systems for months and is viewed as serious, reported newspaper Dagbladet on Wednesday

Iran-Based Hackers Created Network of Fake LinkedIn Profiles: Report (NBC News) Be careful whom you connect with on LinkedIn

Brazilian Hackers Target Government Websites, Question Corruption and NSA Snooping (HackRead) A group of Brazilian hackers took over a couple of government-owned domains on Sunday posing the question, if these websites are so easy to hack imagine how easy it is for the American National Security Agency (NSA) to spy on Brazilians?

Snowden Exposes "Smurf Suite", Reveals GCHQ Hacked Cisco Routers in Pakistan (HackRead) Since joining Twitter, Edward Snowden is more active than ever. In his latest revelation, the whistleblower has claimed that the British intelligence agency (GCHQ) obtained a massive amount of communication data that was travelling through Pakistan in its search for terrorists

Previously unknown Moker RAT is the latest APT threat (Help Net Security) Researchers over at cybersecurity company enSilo have discovered a novel, powerful and persistent type of malware plaguing the network of one of their customers

Hackers who targeted LoopPay may be looking to track individuals (ComputerWorld) The hackers who allegedly broke into the Samsung subsidiary are spies more than profiteers

YouPorn and Pornhub hit by Malvertising (Check & Secure) Malvertising attacks in the adult entertainment industry are nothing new. This is because the rise of "free porn" has resulted in a situation where the only way in which sites can make money is through advertising

The malicious side of online ads — how unpatched servers hurt us all (Naked Security) You've almost certainly heard or seen the word malvertising

Chinese hacking Android phones on 'global scale' (Washington Examiner) Chinese hackers have infiltrated Android smartphones all over the world, according to a new report

Windows Phone Store plagued by fake mobile apps (The Stack) A new post from security company Avast indicates that the Windows Phone Store has become a new locus of attention for fake-app scammers deterred by improved security and auditing procedures at analogous stores such as Google Play

Apple security exploits will grow as businesses embrace iOS (V3) The recent discovery of mobile vulnerabilities targeting Apple devices, from XcodeGhost to YiSpecter, is altering the perspective that iOS devices are immune to security attacks

At Experian, Security Attrition Amid Acquisitions (KrebsOnSecurity) T-Mobile disclosed last week that some 15 million customers had their Social Security numbers and other personal data stolen thanks to a breach at Experian, the largest of the big American consumer credit bureaus

Report finds many nuclear power plant systems "insecure by design" (Ars Technica) Use of VPNs in some reactors, lack of security measures pose risks

Wealth of personal data found on used electronics purchased online (Help Net Security) Varying amounts and types of residual data have been found on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com

Revealed: The 100 car models at risk of being stolen due to security 'flaw' (Birmingham Mail) University of Birmingham scientist is finally allowed to publish research after two-year legal battle with Volkswagen

DDoS defences spiked by CloudPiercer tool (Register) 70% of sites trying to hide true IP address cough their secrets

Cyber attack brings Elkhart Schools' server to a halt (WNDU) A deliberate flood of information temporarily crashed Elkhart Community Schools' (ECS) internet server last week. After an internal investigation, the district believes two students at Memorial High School are behind the attack

Near-flawless Social Engineering attack spoiled by single flaw (CSO) This Social Engineering email is almost flawless, but one mistake caused the entire attempt to fail

Academia

University Of Tulsa Cyber Program Awarded $4.98M Science Grant (Times Record) A University of Tulsa program that has trained encryption and intelligence employees for several federal agencies has been awarded a $4.98 million grant from the National Science Foundation

Virtustream Invests in the Future of the Lithuanian Technology Industry (PRNewswire) Company announces sponsorship of Kaunas University of Technology PhD scholarship at second annual cloud conference

TAFE hackers challenging security (Daily Telegraph) Hacking into the Federal Governmen's security system with your mates while pumped full of energy drink at 3am might seem like a wild dream but for a handful of students at Meadowbank TAFE last week it came true

Litigation, Investigation, and Enforcement

What the EU Safe Harbor ruling means for data privacy (Christian Science Monitor Passcode) The Court of Justice of the European Union on Tuesday invalidated a data transfer deal between the US and EU in a move that could have broad repercussions for thousands of American businesses

U.S.-EU Safe Harbor Framework (Federal Trade Commission) The U.S.-EU Safe Harbor Framework provides a method for U.S. companies to transfer personal data outside the European Union in a way that's consistent with the EU Data Protection Directive

Law student brings down data pact (ITWeb) From Vienna cafés to the European Union's highest court, an Austrian law student's two-year battle against Facebook and mass US surveillance culminated yesterday in a landmark ruling that has rippled across the business world

US targets Chinese groups in cyber feud (Financial Times) Three state-owned Chinese companies benefited from trade secrets stolen in a Chinese military hack on US companies, US authorities have concluded, heightening the tension between the two countries over cyber espionage

VW says it has withdrawn software from 2016 vehicles (Reuters via Business Insurance) Volkswagen A.G. has withdrawn a software feature from its model year 2016 vehicles that should have been disclosed to regulators as an auxiliary emissions control device, the company?s U.S. chief said on Wednesday

Volkswagen's emissions cheating scandal has a long, complicated history (Ars Technica) Emissions are a favorite compromise when considering price, miles per gallon, performance

Journalist convicted of helping Anonymous hack the LA Times (IDG via CSO) Former Tribune staffer accused of conspiring in Anonymous hack

City council member resigns over cryptocurrency Ponzi scheme (Ars Technica) Former Arcadia Mayor John Wuo named as defendant in Gemcoin civil suit

Threatening to post a sex tape on Facebook isn't a crime, US court rules (Naked Security) Threatening to post a sex tape on Facebook doesn't constitute criminality or a "true threat", the Supreme Court of Georgia ruled on Monday, given that the defendant didn't express an "intent to commit an act of unlawful violence"

Design and Innovation

Will the Clean Software Alliance save us from the scourge of unwanted software? (Naked Security) Last week's Virus Bulletin conference was preceded by a meeting of a fledgling operation with noble aims — to solve the problem of "unwanted" software and make sure that when we install things on our computers, those things are what we really wanted to install and nothing more

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.