The CyberWire Daily Briefing 10.16.15

Summary

By The CyberWire Staff

Germany undertakes an investigation of allegations that its BND spied on allies (France and the US prominently mentioned) without government authorization or oversight.

The cyber espionage group Pawn Storm (by consensus thought to be run by Russian security services) exploits a Flash zero-day. NATO and US officials find the threat disturbing, and many security experts advise disabling Flash as soon as possible.

More hacking incidents appear linked to Chinese maritime and territorial ambitions in the South China Sea.

ISIS is said to be actively trying to disrupt the US power grid, but so far seems to be doing a lousy job of it. The attempts will no doubt continue, so complacency is unwise. On the subject of power utilities' cyber risk, rating firm Moody's finds the US electrical generation and distribution system vulnerable, but notes that the Government is likely to pay for remediation and restoration. (We leave speculation about moral hazard as an exercise for the reader.)

A researcher demonstrates a USB computer-killer.

The Woods Hole Oceanographic Institute sustains a cyber espionage incursion. Whatever the intruders were looking for, it seems not to have been PII, which suggests state industrial espionage.

McAfee Labs reveals current black market price lists.

In industry news, PhishMe acquires "key assets" of Malcovery Security. Northrop Grumman reorganizes, and Symantec wants its security swagger back. FireEye shows how a story stock tells its story.

The US revisits its Wassenaar implementation.

Alleged ISIS-linked hacker Ardit Ferizi (a.k.a. "Th3Dir3cgtorY") is collared in Malaysia on a US beef.

Notes.

Today's issue includes events affecting China, European Union, France, Germany, Iraq, Kosovo, Malaysia, NATO, Netherlands, Philippines, Russia, Syria, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

Top 3 trends in today's threat landscape (Help Net Security) Every day there seems to be a new malware threat that we hear about, from remotely controlling cars and medical equipment, to attacks on well-known security vendors such as Kaspersky Lab and Bitdefender. Each threat seems to be bigger and more dangerous than the last

Economics, geopolitics playing roles in security — EY (Channelnomics) EY principal explains the economics and geopolitics affecting today's security landscape

The technocracy is over — innovation is here, plan your security accordingly (CSO) Information technology (IT) is going through an age of "technocracy" decline

Existing security standards do not sufficiently address IoT (Help Net Security) A lack of clarity and standards around Internet of Things (IoT) security is leading to a lack of confidence

Disney is hiring an intelligence and counter-terrorism intern (Quartz) Are you a recent college graduate who is disappointed that the CIA failed to recognize your potential? Despair no more!

When it comes to breaches, time is the biggest challenge (Help Net Security) A new SANS report includes results of a survey that polled 430 security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees

5 lessons the cyber security industry has learned (and you should, too) (Business Journals) October marks the annual National Cyber Security Awareness Month (NCSAM), coordinated and led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security

Cyber security experts warn of public complacency (Consumer Affairs) But a study suggests that the number of threats isn't growing

12 True Stories that Will Make You Care About Cyber Security (Heimdal) I bet you've asked yourself this question more than once

Legislation, Policy and Regulation

Government aiming to revise Wassenaar, not renegotiate (Politico) A State Department official told MC the government will adjust U.S. implementation of Wassenaar Arrangement export controls on "intrusion software" rather than seek to change them at the international level

Tech giants warn cybersecurity bill could undermine users' privacy (Guardian) Facebook, Google and Yahoo argue Cybersecurity Information Sharing Act under Senate review could cause 'collateral damage' to 'innocent third parties'

Adm. Michael Rogers: NSA, Cybercom ID Automation as Private Sector Partnership (GovConWire) The National Security Agency and U.S. Cyber Command have identified automation of some cybersecurity functions as an area they want to collaborate closer with industry on, the head of both entities told the Potomac Officers Club Thursday

Proposed cyber 'squadron' cultivates military-private partnerships to address cyber threats (SC Magazine) A proposed "cyber squadron" based out of New York and a cyber center of excellence in California represent the type of coordinated solutions between the private and defense sectors that officials are pushing to defend the U.S. and its interests against the growing threat of cyber attacks

Phyllis Schneck: Gov't-Industry Trust Key to US Cyber, Physical Infrastructure Defense (GovConWire) Trusted relationships between government and private businesses are priority number one for the Department of Homeland Security's effort to protect U.S. cyber and physical infrastructure, a lead DHS official told the Potomac Officers Club Thursday

Tony Scott: Cyber Implementation Plan to Prioritize Workforce Construction (GovConWire) A coming cybersecurity implementation plan for federal agencies will emphasize talent recruitment as the government seeks to progress on goals from its 30-day cyber sprint, the U.S.' chief information officer told the Potomac Officers Club Thursday

Army wades into experimental cyber warfare (C4ISR & Networks) The Army is testing out the best ways to integrate cyber warfare into its operations, this year launching a series of experiments in offensive and defensive cyber operations at training centers across the country

U.S. Military Not Keeping Pace With Cyber Threats, Army Official Says (National Defense) The U.S. military simply isn't able to keep up with threats generated by hackers and cyber spies, an Army official said Oct. 14

Products, Services, and Solutions

Your Cybersecurity Crash Test Dummy (Lucy Phishing GmbH) What is LUCY? To find the weakest security link in your organization, you need to think like a hacker

EdgeWave Introduces Industry's First Next Generation Firewall With Human Intelligence (Sys-Con Media) EdgeWave's EPIC iGuard Adaptive Cyber Security and EPIC Next Generation Firewall combine to stop data breaches

Datapipe granted a FedRAMP ATO for private cloud managed services (Datapipe) Today we announced that we have been granted a Provisional FedRAMP Authority to Operate (ATO) from the Joint Authorization Board (JAB) for our Federal Community Cloud Platform (FCCP)

Opinion: Maybe you shouldn't junk LastPass just yet (Graham Cluley) LastPass is a password manager program that enables you to create unique, random passwords for every site that you visit. It also has many other features that make it an attractive choice in the growing password manager marketplace

From Skeptics to Believers: the Dexterity behind NIKSUN Supreme Eagle (SC Magazine) SC Magazine recognizes Supreme Eagle as one of the best tools for data centers

HealthCare.gov unveils privacy manager (FierceGovernmentIT) The Centers for Medicare and Medicaid Services launched a privacy manager tool last week that allows consumers visiting the site to more simply allow or opt-out of monitoring by third-party tools used on the website

Technologies, Techniques, and Standards

Center for Internet Security Releases Critical Security Controls for Effective Cyber Defense Version 6.0 (StreetInsider) The Center for Internet Security (CIS) releases to the public today the CIS Critical Security Controls for Effective Cyber Defense Version 6.0

Cyber warfare fears spur US Navy to teach celestial navigation again (Help Net Security) After Sony was hacked and the stolen emails leaked, some US companies began urging workers to revert to using phone calls and face-to-face meetings for sensitive discussions

Road warriors are prime targets for hackers (CSO) Many executives — particularly senior business leaders — frequently travel worldwide as part of their jobs

Encrypt like everyone's watching — because someone probably is! (Naked Security) It's week 3 of Cybersecurity Awareness Month (CSAM)

Social media analytics not being used to full potential in corporate investigations: Deloitte ( Canadian Underwriter) Social media analytics can help organizations scan for both previously and not-yet identified threats, but these tools are underutilized in corporate investigations, suggest findings of an online poll in the United States released this week by Deloitte Advisory

If Threat Intelligence Isn't the Answer, You've Asked the Wrong Question (Infosecurity Magazine) In June 2015, an article titled Threat Intelligence May Not Be the Answer put forward the argument that at its best, intelligence might provide occasional protection from attacks, but is also an expensive source of data that bears no relevance to securing a network and may mislead decision-makers

Marketplace

Cyberattacks threaten $305B in cumulative lifetime revenue in next 5 years (FierceHealthIT) Lax practices will cost the [healthcare] industry, Accenture says

CHIME's Charles Christian: Collaboration key to improved security (FierceHealthIT) The healthcare industry must stay vigilant to security threats and work together to learn how to improve security preparedness, according to Charles Christian, chairman of the College of Healthcare Information Management Executives

Moody's: Threat of cyber attack on US utilities cushioned by likelihood of government support (Moody's) The prospect of a large-scale cyber attack on a US utility is a growing risk factor for the sector and would be materially negative to its credit profile, Moody's Investors Service says. However, the likelihood of governmental intervention to financially restore a damaged utility and its services is high, and helps mitigate any rating impact from an attack

PhishMe Acquires Malcovery Security (Infosecurity Magazine) PhishMe has acquired key assets of phishing intelligence firm Malcovery Security, for an undisclosed sum

FireEye Myth and Reality (Network World) New products, services, and partners unveiled in Washington D.C. position FireEye as an enterprise cybersecurity vendor

FireEye (FEYE) Chatter Picks Up Following Well-Attended Cyber Defense Summit (StreetInsider) FireEye (NASDAQ: FEYE) popped higher mid-day Thursday on speculation of a new, undisclosed contract

Inside Mandiant's biggest forensics breach battle: Is this Anthem? (Register) Tit-for-tat whack-a-hack in one of this year's largest breaches

Symantec Execs: We're Looking To Bring The 'Swagger' Back To Our Security Business (CRN) A year after revealing its planned separation from its storage business and just hours after Veritas finished its own separate partner conference, top Symantec executives took the stage Wednesday to celebrate their new stand-alone security company and reiterated their dedication to being a "partner-first" company

Northrop Grumman Realigns Sectors, Restores COO Post (Wall Street Journal) Head of electronic systems Gloria Flach to become chief operating officer Jan. 1

Russia's Kaspersky Lab still sees potential in Ukrainian market despite sanctions (Kyiv Post) Kaspersky Lab, the Moscow-based Internet security software developer, made the list of corporations sanctioned by the presidential administration amid Russia's war against Ukraine

Wick Hill takes on open source security player Black Duck (MicroScope) Wick Hill has been signed up by open source security player Black Duck as the distributor establishes a division to grow its pan-EMEA footprint

Research and Development

Prime Diffie-Hellman Weakness May be Key to Breaking Crypto (Threatbrief) The great mystery since the NSA and other intelligence agencies' cyber-spying capabilities became watercooler fodder has not been the why of their actions, but the how?

BT announces quantum cryptography breakthrough (Telecompaper) BT announced that it smashed the record for securing high bandwidth data transmission in a trial with Toshiba Research Europe's Cambridge lab and Adva Optical Networking at BT's Adastral Park tech hub

Security Patches, Mitigations, and Software Updates

About the security content of Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 (Apple Support) This document describes the security content of Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

Mozilla Foundation Security Advisory 2015-115 Cross-origin restriction bypass using Fetch (Mozilla) Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue

WordPress Fixes Critical Stored XSS Error in Akismet (Threatpost) Developers at Automattic, the parent company behind the blogging platform WordPress, fixed a nasty stored cross-site scripting error this week in Akismet, an anti-spam plugin that figures into millions of websites

Cyber Attacks, Threats, and Vulnerabilities

Germany Surveillance Scandal 2015: US, France Spied On Illegally By Intelligence Agency BND (International Business Times) German intelligence service Bundesnachrichtendienst (BND) allegedly spied on France and the United States, as well as other allies, as recently as 2013 without the permission of the German government

Geheimdienste: BND spionierte europãische und US-Ziele aus (Spiegel) Der Skandal um die sogenannte Selektorenliste der NSA ist noch nicht aufgearbeitet, jetzt geht es um die Vergangenheit des BND: Nach Informationen von SPIEGEL ONLINE spionierte er offenbar selbst in großem Stil Botschaften und andere Institutionen von EU-Lãndern und US-Amerikanern aus

Pawn Storm Flashes A New Flash Zero-Day (Dark Reading) Cyberespionage group shows off another piece of kit in attacks on foreign ministries

Pawn Storm "the most significant cyber threat to the US, NATO" (ITProPortal) Pawn Storm, the hack attack we reported on a few days back, is "the most significant cyber-espionage threat to the U.S. government and her NATO partners"

Ongoing Flash Vulnerabilities (Internet Storm Center) We got a number [of] readers asking about the ongoing issues with Flash

Uninstall Adobe Flash, experts advise as zero-day hits (ComputerWeekly) A critical vulnerability has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux

China's Cyber Spies Take to High Seas as Hack Attacks Spike (Bloomberg) In the midst of a weeklong hearing on a South China Sea territorial dispute, the website of the Permanent Court of Arbitration in The Hague went offline

ISIS is attacking the U.S. energy grid (CNN Money) The Islamic State is trying to hack American electrical power companies — but they are terrible at it

What keeps an FBI cyber official up at night? (FierceGovernmentIT) The cyber threat landscape is varied and constantly evolving, but for Brett Leatherman, assistant section chief for cyber outreach at the FBI, there's one scenario that stands out from the rest

Data dump suggests possible breach at Electronic Arts (CSO) Pastebin with EA account details circulating online

Chinese cybercriminals behind massive Ghost Push Android malware campaign (FierceITSecurity) Cheetah Mobile, the mobile security company that first uncovered the Ghost Push trojan targeting Android devices, has discovered a network of Chinese cybercriminals behind the malware

Chinese Hackers Make Millions of Profits from Underground App Distribution Chains (Cheetah Mobile) On September 18th, the CM Security Research Lab warned Android users against 'Ghost Push' — a stubborn Trojan which is nearly impossible to remove

USB Killer 2.0: A harmless-looking USB stick that destroys computers (Help Net Security) Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0

Malvertising is a troubling trend (ComputerWorld) Malware that can infect a computer with no user interaction needed is certainly bad news

Security bugs in global mobile networks exposed (BBC) Mobile networks around the world have been penetrated by criminals and governments via bugs in the code that keeps them running, research suggests

Android users left vulnerable, researchers blame manufacturers (CSO) Some manufacturers are better than others, but the overall issue is hard to ignore

OSX Malware 5 Times More Common than Previous 5 Years Combined: Report (Legaltech News) Bit9 + Carbon Black has identified 948 malware instances in 2015, with some unique trends among them

WHOI Reports Sophisticated Cyber Attack On Network (Cape News) This week the Woods Hole Oceanographic Institution notified staff that its network had been the target of a sophisticated cyber attack

Homeland Security Officials Rule Out Cyber Attack in Wednesday Outage (Travel Pulse) Department of Homeland Security officials say Wednesday night's computer malfunction, which caused a nearly two–hour delay at a half–dozen major airports in processing travelers through customs, was just that — a malfunction

Video Explainer: How Criminals Can Easily Hack Your Chip & PIN Card (Gizmodo) You may be under the impression that the new EMV chip system for credit card payments is nice and secure. But the UK's been using it since 2003 — so crooks have had plenty of time to work out how to hack the system and steal your cash

IRS at risk of hacks by failing to upgrade all workstations, servers to latest software version (FierceGovernmentIT) While the Internal Revenue Service has upgraded most of its workstations across the country to the Microsoft XP operating system, about 1,300 workstations may still be running on an older operating system, potentially leaving them vulnerable to threats, the agency's watchdog said in a report publicly released Oct. 13

Kaspersky Lab revient sur le vol de 20 millions de livres sterling par le réseau Botnet Dridex (Global Security) Le démantèlement du réseau Botnet « Dridex » par le FBI et les services de police britannique démontre la sophistication dont les cybercriminels font dorénavant preuve dans leurs attaques

Prices of stolen data on the Dark Web (Help Net Security) Over the years, the McAfee Labs team has worked with IT security vendors, law enforcement and others to identify and evaluate numerous websites, chat rooms, and other online platforms, communities, and marketplaces where stolen data is bought and sold

Is your phone safe for work? (Fortune) Kevin Mahaffey, chief technology officer for mobile security firm Lookout, says businesses should be worried about mobile data breaches

Visual Hacking: The Eyes Have It (Infosecurity Magazine) A decade or so ago, I was sitting on a train in the UK working on my laptop, as I often did in those days (and was indeed expected to do)

Academia

World's Top Student Hackers Advance to Final Rounds of NYU Cyber Security Awareness Week Games (PRNewswire) After 48 hours of round-the-clock software hacking, 15 teams of college students — with two high school students in the mix — bested a pool of more than 2,000 teams to take the finalist slots in the world's biggest student cybersecurity contests at New York University Tandon School of Engineering's annual Cyber Security Awareness Week (NYU CSAW) games

Litigation, Investigation, and Enforcement

ISIL-Linked Hacker Arrested in Malaysia on U.S. Charges (US Department of Justice) Defendant charged with providing material support to ISIL and computer hacking related to the theft and distribution of U.S. military and Federal employee personal information

Malaysia arrests hacker for stealing U.S. security data (USA TODAY) A Kosovar man living in Malaysia who accessed the personal data of more than 1,300 government and military employees, and passed that data onto the Islamic State, has been arrested in Malaysia on U.S. charges, the Department of Justice announced Thursday

The Evolving Landscape of "Hacking Back" Against Cyber Attacks (JDSupra) Self-defense is a natural, almost reflexive human instinct

UK Crime Stats: Cyber Crime included for the First Time (Check & Secure) In what seems like a massively risky — although extremely admirable — move by the Home Secretary Michael Gove, the Office for National Statistics in the UK have included cyber offences for the first time. The result — a colossal 107% increase in recorded crimes

Cyber crime figures provide more grist to the security reseller mill (MicroScope) Figures from the ONS have added to a picture of widespread cyber attacks hitting users across England and Wales

Criminals raid 50 firms in cyberattacks this year — SRA (Law Society Gazette) Up to 50 firms have fallen victim to cyberattacks since Christmas as criminals find ever-more sophisticated ways of targeting the legal sector

…Is the Department of Homeland Security Worried About Gamers? (Motherboard) On Thursday afternoon, the official account for Department of Homeland Security cybersecurity team tweeted this

In 2016, if California cops get hacked, lose your license plate data, you can sue (Ars Technica) Over a decade after scanning tech first debuted, state guidelines fall into place

California teams with tech firms to fight cyber exploitation (Los Angeles Times) California's attorney general has teamed with leaders in the tech industry and law enforcement to combat so-called cyber exploitation — the practice of anonymously posting explicit photographs of others online, often to extort money from the victims

Design and Innovation

Death to passwords! New Yahoo Mail protects with push notifications instead (PCWorld via CSO) Yahoo's offensive against the password is almost complete with Yahoo Account Key

Firms Pit Artificial Intelligence Against Hacking Threats (New York Times) Sometimes the best way to stop a bad machine is with a lot of good machines

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

7th Semi-Annual ENAM Conference: the Borderline Between Cybersecurity and Individual Freedoms (Vilnius, Lithuania, October 16, 2015) This half-day conference in Vilnius will address topics such as the latest cyber-threats, most recent developments in the European and US regulatory framework, as well the consequences of these developments for private individuals and businesses. Under discussion will be imperatives and challenges, solutions and ideas to make cyberspace resilient

BSides Portland (Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration

CEWIT 2015 (Melville, New York, USA, October 19 - 20, 2015) This year's event will be a celebration of twelve years of innovation! With four parallel tracks over the day and a half event hosting as many as four speakers in each session, the CEWIT Conference 2015 will host approximately 100 world-renowned presenters and Keynotes ranging from innovators in research, leaders in industry, and top-level policy-makers

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Liability Summit (New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security, Privacy and Social Media, and the types of cases that result from such. The distinguished presenters will lead interactive sessions on essential cyber liability topics to ensure attendees have the most comprehensive and up-to-the-minute information needed to flourish in an ever-changing environment

Münchner Cyber Dialog (München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern. Der Schwerpunkt liegt dabei auf der Bedeutung hochwertiger, sicherer und vertrauenswürdiger IT-Infrastruktur als Basis industrieller Produktion und gesamtwirtschaftlicher Entwicklung in Deutschland. Der Dialog dient als Katalysator gemeinsamer Anstrengungen zur sicheren Gestaltung des Digitalisierungsprozesses

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.