The CyberWire Daily Briefing 10.19.15

Summary

By The CyberWire Staff

Reports that will surprise few who've been paying attention allege fresh Chinese government involvement in hacking US targets. Among the possible victims are five tech companies, two pharmaceutical concerns, and the Woods Hole Oceanographic Institution. CrowdStrike calls out "Deep Panda," again.

US-CERT warns of pervasive vulnerabilities in Android LTE networks, as criminals and others make inroads into mobile ecosystems.

Check Point sees a politically motivated but as yet unidentified hand behind an ongoing campaign against Israeli networks — malicious Microsoft Word files are the common infection vectors.

Authorities in the US and UK warn of the centrality of social media to the terrorist threat as it currently exists. Inspiration has supplanted direction, and social media are proving rife with inspiration.

Citizen Lab describes widespread adoption of FinFisher's lawful intercept tool. Other reports suggest an increase in surveillance on the part of African governments.

Sophos notes the spread of malvertizing (even to the Daily Mail). Heimdal warns against widespread SEO offers that in fact phishbait for malicious sites.

Japanese banks are being hit with the Brolux Trojan.

US and Australian analysts independently warn that their national financial sectors are under continuous attack. As FBI and Secret Service investigations into incursions at US banks proceed, there are suggestions that the (allegedly) Russian hackers involved were seeking a trading advantage. The US SEC tells public companies to get serious about cyber security or face increasing regulation (and enforcement actions).

GCHQ seeks to vet Huawei operations at UK nuclear plants.

Germany reigns in the BND?

Notes.

Today's issue includes events affecting Australia, Angola, Bangladesh, Belgium, Bosnia and Herzegovina, China, Czech Republic, Egypt, Ethiopia, European Union, Gabon, India, Indonesia, Iraq, Israel, Italy, Japan, Jordan. Kazakhstan, KenyaKosovo, Lebanon, Macedonia, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Paraguay, Romania, Saudi Arabia, Serbia, Slovenia, South Africa, Spain, Sudan, Syria, Taiwan, Turkey, Turkmenistan, Uganda, United Kingdom, United States and Venezuela

Selected Reading

Cyber Trends

The pillars of American finance are under attack (Business Insider) Wall Street has a cybersecurity problem

Watchdog says German banks increasingly targeted by hackers: paper (Reuters) German banks are increasingly being attacked by criminals using information technology to hack into their systems, the head of Germany's banking watchdog told a newspaper

Why consumers should take the Internet of Things and the lack of security more seriously (Toronto Globe and Mail) Any discussion of the Internet of Things (IoT) and security usually devolves fairly quickly into hearty chuckles and jokes about "why would anyone want to hack my Internet-connected refrigerator?"

Hackers have two-month lead on good guys according to Kenna Security (Examiner) A new report by Kenna Security which was just made available to the public on Oct. 14 featured information about why hackers are so successful in non-targeted attacks

We've been hacked! Okay, I'll deal with it next week (Help Net Security) That was the message I got from a CEO when we presented evidence that their organization had been compromised and the attackers had been free to roam for months, resulting in the theft of terabytes worth of data

Innovation and Diversity in the Cyber Fight (Office of the Director of National Intelligence) I have an affinity for the MacGyvers of the world: the folks who innovate and make do with what they've got on the ground; the people who are told no, who aren't taken seriously because their ideas are so fantastic, so out of this world that they are beyond what most can reason

Who is responsible for security in the cloud? (CSO) The cloud has achieved mainstream status and most companies have at least some cloud footprint by this point

Australian organisations giving up more revenue to cybercrime (Inside SAP) The average annual cost of cyber crime for an Australian organisation has increased by 13 per cent to $4.9 million, according to HP's sixth annual global study on cybercrime

Legislation, Policy and Regulation

Europe Has to Rebuild Its Safe Harbor (Bloomberg View) More than a week after the European Court of Justice pulled the rug from under trans-Atlantic e-commerce, U.S. companies remain confused about how to keep operating in Europe

Germany vows tougher control of spy agency after new revelations (Rueters via Euronews) Germany's justice minister has called for tighter control of the national foreign intelligence agency, after media reported its spies had targeted the embassies of allied countries without the government's express permission

African governments are stepping up surveillance of their own people (Quartz) Uganda has been using a surveillance program, codenamed Fungua Macho, or "open eyes" in Swahili, to spy on opposition politicians and anyone "deemed dangerous to state security," according to an investigation by Privacy International and BBC Newsnight

US proposal aims to regulate car privacy, make hacks illegal (CSO) A US House of Representatives proposal would fine car hackers up to $100,000

Congress is mulling whether to fine American car hackers $100,000 — maybe even if they own the car (Quartz) Accessing an automobile's computer systems or data without authorization may soon result in a six-figure fine in the US

What role should the government play in developing the internet of things? (Guardian) More devices than ever before are tracking and recording us but how much they can monitor remains unclear

U.S. Firms Fight Global Cyberweapon Deal (Wall Street Journal) Technology, security companies claim export control rules would upend sale of legitimate spyware

Does the Public's Demand for Transparency Threaten America's National Security? Gen. Michael Hayden Weighs In (Daily Signal) Gen. Michael Hayden, former director of both the Central Intelligence Agency and the National Security Agency, says Edward Snowden has caused a huge trust gap between the American people and their government and between the U.S. and our allies

BitTorrent CEO: Citizen Privacy Trumps National Security (TorrentFreak) The privacy of individual citizens trumps even national security interests. That was the message this week from BitTorrent Inc. CEO Eric Klinker, who told an audience in southern Chile that the Internet should be both free and private, and no citizen should be afraid to use it

We've Just Learned the Origins of Illegal Surveillance in the United States Go Back to the 1930s (History News Network) Half a century before either Edward Snowden or Chelsea Manning was born, American military codebreakers and U.S. telecommunications companies collaborated on a secret electronic surveillance program that, as newly declassified documents reveal, they knew to be illegal

NYC and Jerusalem to jointly fight SCADA malware (Metering and Smart Energy) A US-Israeli agreement signed this week between New York City and Jerusalem is set to bolster the security of water utility infrastructure against SCADA malware

Products, Services, and Solutions

SECUDE Announces Support of SAP® BusinessObjects™ BI Applications (Dark Reading) Extends auditing and blocking capabilities of Halocore, its flagship data protection solution for SAP applications, to SAP Crystal Reports® and SAP BusinessObjects Web Intelligence® software

Watchful Software's RightsWATCH Achieves Certification for Immediate Availability in the Microsoft Azure Marketplace (Marketwired) Microsoft Azure customers worldwide have immediate access to award-winning data-centric information security solution

Facebook: 'Your account may be targeted in state-sponsored attacks' (Graham Cluley) Facebook has announced that it has started to warn users if it believes their accounts have been targeted in state-sponsored attacks

iOS 9 Is Finally Jailbroken, but Should You Do It? (Intego Mac Security Blog) Earlier this week Pangu Team, a group of Chinese hackers famous for their jailbreaking activities, announced that they had released to the public the first iOS 9 jailbreak, breaking the operating system away from the tight control of Apple

Inside Visa/FireEye's Fraud Fighting Machine (PYMNTS) Turns out that diseases and vaccinations are the perfect metaphor for thinking about how to cure the cybercrime epidemic that has run rampant throughout the payments ecosystem

Firefox beats Chrome and Tor in our trustworthy browser poll (Naked Security) For the third year running Mozilla's 'browser wars' veteran, Firefox, has burned the world's favourite browser, Google Chrome, in our trustworthy browser poll

Technologies, Techniques, and Standards

The Awesome Truth About Vulnerability Scanners (Dark Matters) It's a shame how you use vulnerability scanners

Frequently Granted but Rarely Revoked: Three Reasons Privileged Access Is a Soft Target (Infosecurity Magazine) Recent reports have highlighted how cyber-criminal groups are now targeting IT and incident response teams to get access to corporate networks and data

Defensibility: Moving from Defensible to Defended (Tripwire: the State of Security) Defensible and defended are not the same thing

Dark Web 101: What Feds Need to Know About the Underbelly of the Internet (Nextgov) You receive a letter: "I am writing to inform you that we recently became aware of a cybersecurity incident that may have exposed your personal information"

Focus on protecting sensitive Aadhaar data, says Symantec VP (Indian Express) In conversation with Cheri McGuire, vice-president, global government affairs & cybersecurity policy, Symantec Corporation

Make passwords easier, spy agency says (Network World) Eavesdropping agency says passwords are too hard in new advice

Marketplace

How boards calibrate strategy and risk (Help Net Security) Corporate boards are deepening their involvement in company strategy and refining their oversight of the critical risks facing the company, according to a recent global survey from KPMG

Hacked! The cost of a cyber breach, in 5 different industries (Property Casualty 360) Travelers' cybersecurity experts discuss five common cyber claims scenarios

Beware 'Starving' Cyber Risk Budgets, CFOs Warned (CFO) Board involvement in cybersecurity surges, according to a new study

Cyber insurance — A sticking plaster to cover a gaping wound (ITProPortal) Rocketing premiums and an insurance industry that is still trying to come to grips with cyber risk has left many organisations struggling to insure themselves against the financial consequences of a serious security breach

Cyber security insurance boosts demand for partner services — FireEye (Channelnomics) Exec says channel partners would adjust quickly, benefit from insurance organizations growing in security

Resellers Don't Buy From Vendors They Don't Trust (Business Solutions) A study by leader in channel strategy and partner enablement, The 2112 Group reveals that when choosing an endpoint security software vendor, trustworthiness may rank higher than expected as a concern

IBM says some governments allowed to review its source code (Reuters) International Business Machines Corp said on Friday it allows certain countries to review, under strict control, portions of the U.S. technology company's product source code to detect any security flaws in its software

IBM Raises Eyebrows, Opens Source Code Access To China: Here's Why (TechTimes) IBM may just have rankled several Silicon Valley companies and the Obama administration by allowing the Chinese government to take a peek into its software's source code, the proprietary technology considered to be the "secret sauce" in every tech firm's product

GCHQ seeks to allay Hinkley security fears (Financial Times) GCHQ, the electronic eavesdropping agency, is seeking special access to Chinese computer systems and companies involved in a multibillion pound nuclear deal likely to be signed next week, to allay security concerns over Beijing's growing stake in Britain's critical national infrastructure

When NSA employees leave to start their own companies (Baltimore Sun) Adam Fuchs and his small team labored for years inside the National Security Agency on a system that would enable analysts to access vast troves of intelligence data and spot hidden patterns

Cybersecurity Association of Maryland Inc. Established (Maryland Cyber) Nonprofit's objective is to maximize Maryland cyber sales and job growth

Venture capitalists invest in Bambeco, RedOwl, Tessemae's (Baltimore Sun) Eco-friendly online retailer Bambeco and cybersecurity firm RedOwl Analytics were among the Baltimore-area firms that netted millions in new venture capital between July and September, according to a report released Friday

Pittsburgh gains national reputation as hub for preventing computer hacks (Pittsburgh Tribune) Computer hackers are not always looking for a company's biggest secrets

Leidos wins $6B DIA IT contract (C4ISR & Networks) Leidos has been awarded a Defense Intelligence Agency IT contract worth up to $6 billion

GSA Opens Solicitation for Potential $50B Infrastructure Services GWAC Vehicle (GovConWire) The General Services Administration has launched final solicitations for a potential 15-year, $50 billion governmentwide acquisition contract vehicle that covers information technology, infrastructure and telecommunication services

Tech companies paying a fortune to hackers for security checks (Times of India) It should come as no surprise that the internet is riddled with holes

Top Houston tech company adds to C-suite (Houston Business Journal) Houston-based security-as-a-service company, Alert Logic Inc., announced Oct. 14 it named Prabuddha Biswas as its new CTO

Research and Development

I'm Shocked, Shocked to Find There's Cryptanalysis Going On Here (Your plaintext, sir.) (CircleID) There's been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024-bit Diffie-Hellman and on how the NSA can (and possibly does) exploit this. People seem shocked about the problem and appalled that the NSA would actually exploit it. Neither reaction is right

Security Patches, Mitigations, and Software Updates

Adobe releases emergency patch for Flash zero-day flaw (ZDNet) The out-of-band patch fixes a security vulnerability that affects all versions of Flash

Cyber Attacks, Threats, and Vulnerabilities

China still trying to hack U.S. firms despite Xi's vow to refrain, analysts say (Washington Post) Chinese government hackers have attempted in the past few weeks to penetrate the networks of U.S. companies to steal their secrets despite a pledge by China's president that they would not do so, according to private researchers

One of America's premier research institutions was hacked — and the signs point to China (Quartz) Tech companies, healthcare giants, defense contractors, top universities, the US government — you name it, Chinese cyber-spies have probably hacked it. And now, it seems likely, we can add one of the world's preeminent marine research groups to the list

China hacked US firms despite cyber pact, says CrowdStrike (ComputerWeekly) Hackers linked to the Chinese government have attempted to hack into at least five US technology and two pharmaceutical firms, according to security researchers

'Chinese cyberspies' hack international court's website to fish for enemies in South China Sea dispute (South China Morning Post) The hacking incident happened in July as the Philippines challenged China's claim to more than 80 per cent of the South China Sea in Permanent Court of Arbitration in The Hague

Vulnerability Note VU#943167 Voice over LTE implementations contain multiple vulnerabilities (US-CERT) Long Term Evolution (LTE) mobile networks are currently deployed through the world

Security flaw makes every Android device on AT&T and Verizon's wireless vulnerable (Neowin) A newly found security flaw could be affecting every Android device on AT&T or Verizon's wireless network, according to an advisory posted by the Carnegie Mellon University CERT database

Hackers Are Tapping Into Mobile Networks' Backbone, New Research Shows (In Homeland Security) Hackers have been known to use all manner of remote access tools to break into mobile phones, often by finding vulnerabilities in an operating system like Android or even in SIM cards

Huge recent hack attack said to target mainly Israeli servers (Times of Israel) Check Point, Israel's largest cyber-security firm, sees political motivation behind assault, though perpetrators remain unknown

ISIS is 'crowdsourcing terrorism' — Justice Dept. (RT) Islamic State is 'crowdsourcing terrorism', says the Justice Department's top counterterrorism prosecutor

Social media the main cyber terror threat facing the UK, says former MI6 officer (ComputerWeekly) Social media is the most powerful cyber tool terror groups use, counter-terrorist expert Richard Barret tells the London First Global Resilience Summit 2015

Islamic State, al Qaeda are big fans of Edward Snowden's tweets (Washington Times) Among the keen followers of Edward Snowden's new Twitter persona are terrorists associated with Al Qaeda's branch in Syria and the Islamic State terror army

Pay No Attention to the Server Behind the Proxy: Mapping FinFisher's Continuing Proliferation (Citizen Lab) FinFisher is a sophisticated computer spyware suite, written by Munich-based FinFisher GmbH, and sold exclusively to governments for intelligence and law enforcement purposes

Brolux trojan targeting Japanese online bankers (WeLiveSecurity) A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer discovered in late 2014

Exposing the most dangerous financial malware threats (Help Net Security) Cyphort analyzed the top eight types of financial malware cybercriminals are using today to target banks and electronic payment systems

Malvertising meets the Daily Mail (Naked Security) Love it or hate it, if you're an Anglophone, you've probably heard of it

Security Alert: Blackhat SEO Campaign Passes Around Malware to Unsuspecting Users (Heimdal) Careful where you click!

Cyber Boogeyman: Is Your Company Being Stalked by a (Business) Killer? (SecurityWeek) I don't remember much about my tenth year of life, but I do remember one movie in particular: Halloween

Halifax, Bank Of Scotland Security Flaw Revealed (TechWeek Europe) A security flaw with some online banks accounts has been exposed by a money-saving website

Academia

Dartmouth College Receives $925,000 Cybersecurity Grant (Valley News) Dartmouth College has received nearly $1 million from the Cyber Resilient Energy Delivery Consortium as part of its $28.1 million effort to create and foster cyber-attack resistant systems for electric power and oil and gas industries

Columbus State designated as a National Center of Academic Excellence in Cyber Defense Education (Columbus (Georgia) Leger-Enquirer) Columbus State University has received a national distinction in cyber defense education that elevates the reputation of its program and allows its students to apply for more scholarships and grants

Fox students solve cyber hack to advance in national competition (Temple Now) A team of graduate students from Temple's Fox School of Business has advanced to the final round of the National Cyber Analyst Challenge, sponsored by Lockheed Martin

Hoover High hosts cyber safety day to educate students on online safety (Fresno Bee) Students will review online profiles and discuss what an employer or college recruiter might perceive to be positive or negative

Litigation, Investigation, and Enforcement

U.S. accuses hacker of stealing military members' data and giving it to ISIS (Washington Post) The Justice Department has charged a hacker in Malaysia with stealing the personal data of U.S. service members and passing it to the Islamic State terrorist group, which urged supporters online to attack them.

A crackdown is coming on firms with lax cybersecurity (MarketWatch) Financial firms that have lax cybersecurity practices can expect a crackdown from regulators, the head of the Securities and Exchange Commission's enforcement unit said Friday

Russian Hackers of Dow Jones Said to Have Sought Trading Tips (Bloomberg) A group of Russian hackers infiltrated the servers of Dow Jones & Co., owner of the Wall Street Journal and several other news publications, and stole information to trade on before it became public, according to four people familiar with the matter

Kotak Defrauded Using Unissued Credit Cards (InfoRiskToday) Investigators Probe Curious Case of Fraud at Kotak Mahindra Bank

Obama's Comments on Clinton Emails Collide With F.B.I. Inquiry (New York Times) Federal agents were still cataloging the classified information from Hillary Rodham Clinton's personal email server last week when President Obama went on television and played down the matter

Why Hillary Clinton is Wrong About Edward Snowden (GOOD) The first Democratic debate was an exercise in broad candidate comments on domestic and international issues; specifics were few and far between

'Dark Web' thriving in SA (IOL) The Dark Web — a vast anonymous network hidden from normal web users — is thriving in South Africa, with about 8 000 people a day visiting it to do anything from downloading child porn to buying drugs, guns and fake passports… or even to arrange murder

Solihull hacker Charlton Floate sentenced for FBI and Home Office hacks (BBC) A fame-hungry teenager has been given a suspended jail sentence for hacking FBI and Home office websites

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response

upcoming Events

CEWIT 2015 (Melville, New York, USA, October 19 - 20, 2015) This year's event will be a celebration of twelve years of innovation! With four parallel tracks over the day and a half event hosting as many as four speakers in each session, the CEWIT Conference 2015 will host approximately 100 world-renowned presenters and Keynotes ranging from innovators in research, leaders in industry, and top-level policy-makers

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services

Cyber Liability Summit (New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security, Privacy and Social Media, and the types of cases that result from such. The distinguished presenters will lead interactive sessions on essential cyber liability topics to ensure attendees have the most comprehensive and up-to-the-minute information needed to flourish in an ever-changing environment

Münchner Cyber Dialog (München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern. Der Schwerpunkt liegt dabei auf der Bedeutung hochwertiger, sicherer und vertrauenswürdiger IT-Infrastruktur als Basis industrieller Produktion und gesamtwirtschaftlicher Entwicklung in Deutschland. Der Dialog dient als Katalysator gemeinsamer Anstrengungen zur sicheren Gestaltung des Digitalisierungsprozesses

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2015 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography and share their expertise on the subject. Conference topics may include the underlying the implementation of a cryptographic module including physical security, key management, side-channel analysis, cryptographic algorithm implementation testing, standardization, validation programs and more

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who know the cyber mission in a venue designed to enhance our collective understanding of the threat, build on existing strategies to mitigate challenges, and leverage the nation's greatest technologies to enhance our defense in depth

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will also help Saudi policy makers and authorities to improve and revolutionize their efforts to tackle this serious problem by providing them opportunities to review existing use of technology in the country

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity to explore the latest research and developments in information security, while also taking into account the concrete needs of the participants

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.