The CyberWire Daily Briefing 11.17.15

Summary

By The CyberWire Staff

News about the Paris massacres continues to develop. Many outlets point to ISIS online video threats of similar attacks in Washington and elsewhere (but such threats, as disturbing and interesting as they may be, amount to chatter as opposed to actionable intelligence). Western leaders, US President Obama notably among them, point to a lack of specificity in the intelligence collected prior to the attacks. But those thought responsible for the murders were apparently for some time under scrutiny by European law enforcement authorities.

ISIS reacts with scorn to the Anonymous declaration of "total war," calling Anonymous "idiots." But the Caliphate does take the hacktivist collective seriously enough to offer advice on cyber security to its jihadist adherents. (ISIS is also, according to NBC News, operating a "Jihadist Help Desk," with advice on recruitment, messaging, etc.)

How the attackers organized themselves remains a matter of dispute. Early reports out of Belgium via the British press that the conspirators used PlayStation4 for their command-and-control appear discredited, and based on remarks offered by a Belgian official some days before the attack. Old assertions that the terrorists favor messaging app Telegram resurface, but today it's no longer clear how much they depended on any encrypted service.

Such uncertainty has not turned either side of the encryption debate from their familiar tropes, which show marked but unsurprising similarity to disputes over gun control: see-what-happens vs. crypto-doesn't-kill-people-do.

Governments work toward more intelligence sharing. So do enterprises, with increased attention and more funding for start-ups like TruSTAR.

Notes.

Today's issue includes events affecting Australia, Belgium, Canada, China, France, Georgia, Greece, Iraq, Israel, Poland, Russia, Serbia, Syria, Ukraine, United Kingdom, United States

Selected Reading

Cyber Trends

IBM Report: Ransomware, Malicious Insiders On The Rise (Dark Reading) X-Force's top four cyber threat trends also names upper management's increasing interest in infosec

Interview: Charting the cloud security landscape (ITProPortal) As more and more companies of all shapes and sizes embrace cloud computing, combined with the rising prominence of hackers and cyber attacks, the issue of cloud security has never been more serious

Businesses Need to be Better Prepared for Cyberattacks (Claims Journal) Results of a study on corporate confidence in responding to a data breach are in and of the 604 executives who responded, just 34 percent feel their company's data breach response plans are effective

How businesses interpret and use threat intelligence (Help Net Security) A new IDC study of 300 large UK companies found that 96% of UK firms already use threat intelligence products and services; all of those surveyed intend to do so within the next 24 months

Legislation, Policy and Regulation

Four Things That Will Likely Change After The Paris Terrorist Attacks (Radio Free Europe/Radio Liberty) The horrific terrorist attacks in Paris that killed at least 129 people and wounded hundreds of others could have a major impact on political and social issues in Europe and other Western countries

French President Wants Defense, Intel Spending Boost (Aviation Week) French President Francois Hollande says he will extend a state of emergency to three months following the Nov. 13 terrorist attacks in Paris, and that France will review its military capabilities and increase funding for deployed troops and intelligence operations

After Paris attacks, intel agencies coming to French aid (C4ISR & Networks) It's safe to say that behind the scenes, as the French government mounts a response to the coordinated attacks across Paris on Nov. 13, U.S. intelligence agencies are assisting — including with geospatial intelligence capabilities and partnerships

Pentagon promises to boost intelligence sharing with France after Paris attacks (Washington Post) The Pentagon pledged on Monday to coordinate in new ways with the French government on counterterrorism efforts, following attacks in Paris on Friday that killed 129 people and wounded hundreds more

Could US and Russia Enhance Intel Relationship? (Defense News) The head of the CIA is "determined" to keep conversations open between the intelligence communities of the United States and Russia and wants to see relations between the two nations "enhanced" to prevent future terrorist attacks, particularly from the Islamic State group, commonly known as ISIS or ISIL

Cold War military tactics need update for cyber battlefields, expert says (FierceGovernmentIT) Facing constant threats to cyber infrastructure and data breaches at the highest levels of government, it's no secret that the federal government views cyberspace as the next big field of conflict

Brennan: Paris Is A 'Wakeup Call' To Europe On Encryption (Defense One) The ability to shield communications from anyone but the intended recipient via encryption and other digital means will now face unprecedented challenges

Paris attacks may renew encryption debate (Salt Lake Tribune) The deadly attacks in Paris may soon reopen the debate over whether — and how — tech companies should let governments bypass the data scrambling that shields everyday commerce and daily digital life

Surveillance Complex Urged To 'Stop Blaming Cryptography For Paris Attacks' (Forbes) Did you know that though work started a year ago on integrating end-to-end encryption into WhatsApp, it isn't actually operating across the entire network yet?

We need to ban the hammer (CSO) I've been thinking about this for some time now. Hammers are just downright dangerous

After Paris, Encryption Will Be a Key Issue in the 2016 Race (Wired) When the Democratic presidential contenders gathered on the debate stage in Des Moines, Iowa, on Saturday, just hours after a series of terrorist attacks in Paris left at least 129 people dead, the candidates spent the early portion of their time on stage examining issues related to national security

The Email has Gone. But Who's it Gone to? (Willis Wire) We all know (or think we know) about the dangers of hitting the send button on emails, but now there's a new threat… No, the real point here lies buried in the UK Government's new Investigatory Powers Bill

Public prefers military use of remotely operated weapons over autonomous ones, finds report (FierceGovernmentIT) More than 70 percent of people indicated they would rather their country use remotely operated weapon systems instead of lethal autonomous weapons systems when waging war, according to a recently published international study commissioned by the Natural Sciences and Engineering Research Council of Canada

Information Sharing Is Key To Avoiding A Cyberattack (TechCrunch) President Obama's recent extraction of a pledge from Chinese leader Xi Jinping that neither government would conduct or continue economic espionage in cyberspace, while important, still comes up far short of addressing the significant and growing global concerns about the potential for a 9/11-style cyberattack on critical financial sectors

Feel free to hack your Wi-Fi routers, says FCC (Naked Security) No, the feds will not come and knock down your door if you tinker with your Wi-Fi router

Products, Services, and Solutions

Google to Warn Recipients of Unencrypted Gmail Messages (Threatpost) Google always seems to be busy fortifying Gmail — the latest steps by the company resolve to bolster message encryption and deter attackers from censoring or altering messages before they're delivered to users

Why Wickr is a fan of Turnbull (Australian Business Review) Wickr, the encrypted messaging app of choice for Malcolm Turnbull, knows almost nothing about its users. The only data it has access to is where they download the app from, which is how it knows that Australians are rushing to join the service

How a Texas Org. Improved its Medical Device Security (HealthITSecurity) South Texas-based Methodist Healthcare Ministries (MHM) recently implemented SecurityCenter Continuous View from Tenable Network Security to improve its network security

SafeNet High Speed Encryptors Receive U.S. Department of Defense Unified Capabilities Approved Products List Certification (PRWeb) Layer 2 Ethernet Encryptors deliver proven security and maximum performance for Defense agencies

Barracuda launches NetxGen Firewall Desktop App (The Edge) Cloud-connected security and storage solutions provider Barracuda Networks Inc has launched its new Barracuda NextGen Firewall desktop appliances to provide affordable security and high bandwidth availability for cloud, SaaS, and other mission critical applications

D-Wave sells Lockheed Martin new quantum computer to address 'real-world problems' (Business Vancouver) Quantum computing company D-Wave has secured a deal to supply U.S. defence contractor Lockheed Martin with a new computer system that doubles the processing capacity

whiteCryption Secures Mobile Applications for Major Car Manufacturers (BusinessWire) whiteCryption, a leading provider of software application security and white-box cryptography solutions, today announced that its line of Cryptanium security products has been selected to secure mobile applications for major automobile manufacturers

Next-generation jammer passes review (C4ISR & Networks) The Navy's Next Generation Jammer has passed its preliminary design review, according to a Raytheon announcement

iOS 9 Reverse Engineering with JavaScript (NowSecure) Frida 6.0, released this week, includes brand new support for iOS 9. Whether you're doing security research on apps or system services, or you're an app developer wanting to trace API calls, this new release has got you covered

Technologies, Techniques, and Standards

Don't Toy With The Dark Web, Harness It (Dark Reading) The Dark Web's sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find

5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence (Dark Reading) Maturity levels still keeping threat intelligence efficacy stunted

Slew of snafus threaten integrity of SSL/TLS (IT News) Digital certificate system too fragile

Beyond CIP Compliance: Managing Cyber and Physical Security Risk (Transmission and Distribution) Although the Critical Infrastructure Protection standards have are improving the electric industry's defenses against damaging cyberattacks (in spite of what certain "experts" in this area continue to claim), they do not eliminate the risk of highly damaging or catastrophic cyberattack for electric utilities

Card security in focus: what retailers need to know (Essential Retail) The US's shift to EMV will provide the strongest security protections, and will also be a business and technology enabler, argues PCI SSC's international director, Jeremy King

DoD embraces public key infrastructure to secure tactical networks (C4ISR & Networks) Public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and systems to both securely exchange data over networks and verify the identity of the other party

How to hide your digital trail in plain sight (Christian Science Monitor Passcode) New York University's Finn Brunton and Helen Nissenbaum spoke with Passcode about their book, 'Obfuscation: A user's guide for privacy and protest

Security Sense: How Companies are Using Data Breaches to Improve Your Security (Windows IT Pro) Data breaches are a curious thing; they come about as a result of highly illegal activity yet are coveted by criminals and good honest technology professionals alike

6 Legal Tech Security and Privacy Moves You Need to Know (Legaltech News) Fox Rothschild Chief Privacy Officer Mark McCreary weighs in on the latest developments in the legal cybersecurity space

Marketplace

A tale of two companies: why mergers can double cloud security challenges, and what to do about it (Information Age) Even for successful deals which make it past the difficult M&A stage, there are still IT challenges ahead, particularly with the huge amount of cloud apps both companies could be bringing with them

Microsoft Invests $1 Billion In 'Holistic' Security Strategy (Dark Reading) Executives detail strategic and cultural shift at Microsoft to an integrated security approach across its software and services, and announce new managed services group and cyber defense operation center

Symantec's salvation plan is more and better integration. No, really (Register) New CEO Mike Brown outlines security product mashup plan

TruSTAR Nabs $2M in Seed Money for Anonymized Threat-Sharing (Infosecurity Magazine) Score another win for cybersecurity start-ups: TruSTAR has raised $2 million in a seed round of funding

Va. Cybersecurity Startup TruSTAR Scoops $2M Seed Investment (DCInno) Arlington, Va.-based cybersecurity software developer TruSTAR has secured a $2 million seed round led by prominent, Silicon Valley-based, seed-stage investment firm Resolute Ventures

Justice Dept, FTC Clear Thoma Bravo's $4B SolarWinds Purchase (GovConWire) The Justice Department and Federal Trade Commission have given antitrust clearance to Silver Lake and Thoma Bravo for the private equity firms' $4.5 billion acquisition of information technology company SolarWinds (NYSE: SWI)

V3 Startup Spotlight: Mobile data security and management firm Wandera (V3) Business is sometimes a family affair, as is the case with Wandera founders Eldar and Roy Tuvey, who launched the startup that specialises in cloud-powered management and data security for enterprises developing a mobile working strategy

Bank consulting firm launches cyber-security division (Charlotte Business Journal) Richmond, Va.-based consulting firm Strategic Risk Associates is entering the world of cyber-security

Hackers 'within the gates' neutralized by Israeli tech (Times of Israel) The greatest threat to a company's cyber-security comes not from afar but from within the firm itself, says Idan Tendler of Fortscale

Sophos CEO: 'We have just scratched the surface' (ChannelWeb) Kris Hagerman claims the vendor can vastly extend its market reach with its approach to end-point and network security

CyberArk Takes On Some Water (Barron's) The network-security firm trades at a discount to peers but with better visibility, investors may award a valuation premium

Why BAE Systems Decided To Stick With Services While Other Big Pentagon Contractors Are Exiting (Forbes) Last week BAE Systems, Inc. — one of the Pentagon's biggest suppliers — disclosed that it would retain its technical services business, rather than focusing on military hardware like some of its defense industry peers have decided to do

Northrop Grumman Wins $100M Army Encryption Devices IDIQ (GovConWire) Northrop Grumman (NYSE: NOC) has won a $99.9 million contract with the Defense Information Systems Agency to produce encryption devices intended to help the U.S. Army secure communication exchange

PhishMe Elevates Jim Hansen Into Chief Operating Officer Position; Company Veteran and Mandiant Co-Founder Chosen to Lead Operations During Period of Hyper Growth (MarketWired) Leadership move readies company to meet accelerated demand for phishing defense solutions

Cyber Attacks, Threats, and Vulnerabilities

ISIL Reportedly Threatens Paris-Type Attack on Washington, D.C. (SIGNAL) New militant video released Monday warns U.S. and Europe to stop strikes against them

ISIS Has Help Desk for Terrorists Staffed Around the Clock (NBC News) NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint — a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil

ISIS Calls Anonymous 'Idiots' in Response to Hacker Group's Declaration of 'Total War' (Newsweek) The Islamic State militant group (ISIS) released a statement on Monday responding to Anonymous's declaration of "total war," calling the hacker group "idiots" and offering guidance to pro-ISIS supporters to protect against cyber attacks

A few hours the Paris attacks, a new ISIS propaganda hub appeared on the Darknet (Security Affairs) The popular security expert Scot Terban (aka @krypt3ia ) discovered a few hours after the Paris attacks, a new ISIS propaganda hub appeared on the Darknet

Paris attacks: Officials hunt for suspects, speak of losing access to 'chatter' about attack (Los Angeles Times) Intelligence officials in the U.S. and Europe picked up "chatter" as early as September about a potential Islamic State-related attack on France, it emerged Monday, as evidence grew that some of the men involved in last week's terrorist assault on this city — including its possible mastermind — were known to French police

Paris 'Mastermind' Told ISIS Magazine that Bungling Police Officers Let Him Escape (Daily Beast) The man police believe orchestrated the attacks on Paris was interviewed in February's edition of Dabiq, the ISIS propaganda magazine

Paris Attacks Suspect Was Monitored by Western Allies Seeking to Kill Him (Wall Street Journal) Islamic State operative couldn't be located in the weeks before plot was carried out

Obama: No 'specific' intel warning of Paris attacks (The Hill) The U.S. did not have any "specific" warning about Friday evening's terror attacks in Paris, President Obama said on Monday, raising questions about the ineffectiveness of global intelligence powers

There's no evidence ISIS used PS4 to plan Paris attacks (Ars Technica) Reporting is at best misinformed, at worst purposefully sensationalist

ISIS using encrypted apps for communications; former intel officials blame Snowden [Updated] (Ars Technica) NY Times pulls report of French officials' claims Paris attackers used encrypted apps

This Is ISIS's New Favorite App for Secret Messages (Daily Beast) The terror group is pushing a new way to communicate quietly after the Paris attacks. It's called Telegram

What Role Did Encryption Play in Paris? (Lawfare) Glenn Greenwald has seen the big picture in Paris. With 129 people dead, terrorists still at large, and ISIS crowing over the carnage, Greenwald has jumped on the real problem: Someone, somewhere might think the Edward Snowden leaks had something to do with an attack to which our signals intelligence was blind

The Islamic State wants you to hate refugees (Washington Post) As the Syrian refugee crisis mutated from a regional problem to a global one, security concerns have increasingly been cited as a justification for keeping borders closed and refusing to resettle migrants

French police tweet photo of fugitive wanted in Paris terror attacks (Ars Technica) Suspect is said to be one of three siblings connected to the gun and bomb violence

Photoshop Fail: Sikh Man in Canada Smeared as Suspected Paris Terrorist (Hack Read) Someone photoshopped this guy's pic from an iPad to a Quran and the mainstream media took it as real and made it viral

State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites (IDG via CSO) The scripts likely help attackers identify unique users who can be targeted with exploits tailored for their software configurations

Russia–led cyber attack campaign shows the dark side of web analytics (First Post) FireEye has discovered a large-scale attack campaign collected extensive information from Internet. It has amassed vast amounts of information on web traffic and visitors to more than 100 websites — sites that the threat actors have selectively compromised to gain access to their collective audience

Smart TVs open hacker views into boardrooms, living rooms and bedrooms (FierceBigData) Researchers, including those at Tripwire and Avast, are warning that smart TVs could provide a way for hackers to infiltrate your home "all the way to your bank account." Avast researchers actually hacked a Vizio Smart TV last week to gain access to a home network and prove the point

The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner? (Heimdal) As a malware type, ransomware has proven to be exceptionally effective

Bug in Android Gmail app allows effective email spoofing (Help Net Security) Yan Zhu, a Technology Fellow at the Electronic Frontier Foundation, has unearthed a flaw in the Gmail Android app that can lead to very effective phishing attacks

Phishers are targeting millions of DHL customers (Help Net Security) As the end-of-the-year holidays are quickly approaching, people are starting to order more things (read: gifts for themselves and loved ones) online so that they can avoid the December rush and delivery problems

Millions of sensitive records exposed by mobile apps leaking back-end credentials (CSO) Developers have hard-coded credentials for back-end services into thousands of mobile apps, researchers found

A Quarter of Web-Accessible Devices Have Vulnerable Firmware (Softpedia) Study confirms sorry state of security for IoT devices

Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces (arXiv e-prints) Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface

How Chinese Tinder clone screws you (Larry Salibra) Update: Tantan CEO and Co-founder Yu Wang reached out to me via email to acknowledge these issues. Read his email and my response. TL;DR: Chinese Tinder clone Tantan is endangering young women and men by failing to use encryption and exposing private data like that made public in the Ashley Madison hack

Stop clicking on unsolicited .DOCs! Right now. STOP! (Graham Cluley) The truth is that most malware attacks are not highly sophisticated

Chipotle Serves Up Chips, Guac & HR Email (KrebsOnSecurity) The restaurant chain Chipotle Mexican Grill seems pretty good at churning out huge numbers of huge burritos, but the company may need to revisit some basic corporate cybersecurity concepts

Academia

World's Largest Student Security Contest Names Top Cyber Sleuths, Hackers, and Researchers (PRNewswire) Best of 20,000 contestants converged in Brooklyn for NYU Cyber Security Awareness Week Finals

Middle Georgia State University launches Center for Cybersecurity (Macon Telegraph) Middle Georgia State University is launching a new program within its School of Information Technology

Litigation, Investigation, and Enforcement

Judge dismisses FTC security enforcement case against LabMD (FierceHealthIT) The Federal Trade Commission's data security enforcement case against Atlanta-based cancer screening laboratory LabMD following an alleged 2008 data breach was dismissed Friday by an administrative law judge who said that the agency failed to prove the breach harmed, or could potentially harm, consumers

Germany: Former Spy Acknowledges Giving Classified Information to C.I.A. (New York Times) A former German intelligence official admitted Monday in court that he had provided classified information to the Central Intelligence Agency, saying he had acted out of boredom and frustration

The mafia of the digital age (IOL Beta) Through the dark world of cybercrime, its tentacles spread everywhere: stock manipulation, money laundering, gambling and more

UK's NCA Shares Threat Data with 50 Web Hosters (Infosecurity Magazine) The UK's National Crime Agency is claiming a new threat information sharing initiative has already helped web hosters reduce the threat to their servers by 12%, potentially saving them millions

Global Government Requests Report (Facebook) Today we are releasing our Global Government Requests Report as part of a broader effort to reform government surveillance in countries around the world by providing more transparency

Railroads finding hidden freight car trackers (Trains) Railroads are uncovering hidden freight car tracking devices near rights-of-way around the country

Teenage hacker "regrets" cyber attack on the FBI and Home Office (Coventry Telegraph) Charlton Floate sat in his bedroom as he hacked in to the sites — bringing the FBI site to a standstill for five hours

Design and Innovation

Privacy Best Practices for Developers (Infosecurity Magazine) The right to privacy is guaranteed by the US constitution, but a certain government contractor leaked information that made it clear that the government had its own version of privacy

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, November 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set of monitor functions to protect the contents of the registers from insightfully designed malware such as what NIST terms Advanced Persistent Threats. This talk describes how to throw out the general purpose computers via dataflow computing on FPGAs. Contact the conference organizers for instructions on how to attend

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity means to your business and how the new SEC requirements affect your firm. The panel consists of professionals from the Cyber Security, Legal, Insurance and IT systems management industries. (RSVP as seating will be limited)

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, November 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career spectrum, this event is a great opportunity to get together and share what we are all passionate about — empowering women to succeed in the cyber security field

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.