The CyberWire Daily Briefing 08.15.16

Summary

By The CyberWire Staff

Russian hackers apparently did in fact turn their attention to Republicans as well as Democrats—both US parties have seen major figures targeted. Senior Democrats are suffering from loss of their contact information, which has exposed them to various forms of harassment. Leaked documents purport to show payments from Ukraine's former, pro-Russian, government to a senior advisor to Republican Presidential candidate Trump.

Visa warned late Friday that some cardholder's information may have been compromised through vulnerabilities in Oracle's MICROS point-of-sale system.

University of Colorado researchers demonstrate, for reasons no one can really seem to grasp, a proof-of-concept cryptocurrency that would let participants mine currency by participating in denial-of-service attacks.

In industry news, Carbon Black is expected to issue its initial public offering next month. Tanium remains a favorite unicorn; speculators expect FireEye to bounce back.

ISIS struggles to recoup flagging influence as competing jihadist factions make inroads into the Caliphate's mindshare. It continues to turn to the disaffected and its online messaging grows sharper, at least in Europe and Africa: those who adhere to the Caliphate's authority should kill Christians. Some observers wonder whether this is a kind of information-ops bankshot (seeking to provoke a Crusader backlash which would in turn spur the Ummah to a more militant piety). Others see the message as both obvious and direct.

Some policy wonks see Iran as a natural ally of the US against ISIS, at least online. Others think social media companies "will be judged" on their inability to interdict jihadist messaging.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Bangladesh, Canada, European Union, France, Germany, India, Iran, Iraq, Ireland, Netherlands, Nigeria, Pakistan, Russia, Syria, United Kingdom, United States, Vietnam and Zimbabwe

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast our partner Dale Drew from Level 3 Communications will introduce us to machine-to-machine learning. (If you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, Arbor Networks, and more.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

Appthority examines Android mobile threat landscape – but it’s not all bad news (Apps Tech News) A new report from mobile security provider Appthority concludes the mobile threat landscape continues to evolve and singles out three recent vulnerabilities in the Play Store which could be a serious issue for enterprises

ESET report says millennials are cyber savvy – and also cyber careless (Net Guide) The generation gap is large and in this case millennials would be wise to listen to baby boomers (55-65-year-olds), according to new research from ESET

EU Struggles to Determine Growing Cost of Cyberattacks (Threatpost) After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers

Legislation, Policy and Regulation

To curb radicalism, France targets foreign funding for mosques (Washington Post) After three major terrorist attacks in the last year and a half, public outrage has forced the French government to respond. But one particular proposal has generated significant controversy: the shutdown of certain mosques and the foreign funding behind them

Losing Trust: Frustrations Grow Over German Response to Terror (Spiegel) In the wake of recent attacks, Germany's conservative Christian Democrats are tripping over themselves with proposals for tightening anti-terror laws. Instead of calming the people, they are simply confusing them

Partnering with Iran to Counter ISIS? (Lawfare) Since June 2016, the Islamic State in Iraq and Syria (ISIS) has inspired or conducted a terrorist attack every 84 hours outside the territories it holds in the Middle East, including on US soil and in key European cities. The US-led international coalition, composed of US allies in Europe, the Middle East, and elsewhere, has fought ISIS since 2014. But to date, it hasn't achieved its goal

Iran to supply Zimbabwe with Cyber-warfare weapons and technology (Bulawayo) The Islamic Republic of Iran has crystallised relations with President Robert Mugabe's regime, following disclosures this month that Tehran is set to supply Harare with advanced cyber-warfare weapons and technology, as the nervous ruling Zanu-PF party is leaving no stone unturned in it's unprovoked fight against cyber terrorism, cyber crimes and social media, Spotlight Zimbabwe revealed

History will judge tech philanthropists in fight vs. cyber jihad (Fox News) Nearly 15 years after the Sept. 11 attacks, terror organizations like Al Qaeda and Islamic State operate online unobstructed – propagandizing, recruiting and hacking. The fight against cyber jihad is neither easy nor is it cheap, and the West must engage tech companies’ capabilities if it wants to win against these groups on the battlefield and in cyberspace

Government's rejection of Ausgrid sale ignores the national security facts (Financial Review) Journalists and their favourite "experts" should listen to the US National Intelligence director James Clapper before claiming to know what's happening when they really know diddly-squat. The same applies to over-confident ministers. After Hillary Clinton falsely claimed she knew the Russian government had hacked into the Democratic party's emails, Clapper said it wasn't known who was responsible. He added that no one should be "hyperventilating"

Security pros opposed to government access to cloud data (IT Pro Portal) There are a number of concerns that companies have over migrating to the cloud, but one of the key ones is who else might have access to the data

Products, Services, and Solutions

New Product Automates and Simplifies Oracle Security Patching (patchVantage) patchVantage, to be formally unveiled at Oracle OpenWorld 2016, automates backup, cloning and patching for databases and applications

GlobalPlatform Updates TEE Initial Configuration and Launches Compliance and Security Test Suites (Global Platform) Further enhances TEE security, compliance and interoperability

Mullvad (Amagicom AB): Mullvad emphasizes VPN security with server upgrades (Yahoo! Finance) Mullvad has completed a major enhancement of its server infrastructure. "We have doubled our capacity, and our servers in Sweden and Amsterdam are running at even higher levels of security. This is just the first step in a series of major investments we're doing to improve our VPN service,” says CEO Jan Jonsson

Bitcoin Pioneer Jered Kenna and TradeZero Launch First ‘Dark Pool’ Exchange for Bitcoin (Coinspeaker) The opening of dark pools will allow institutional investors executing large trades outside the exchange

Technologies, Techniques, and Standards

Secret Ingredients for Encryption Deployments… and a Sane IT Security Team (LinkedIn) Cybersecurity decisions are often balancing acts: you want to move your company’s data to the cloud, but you’re worried about security; you want to implement best-in-class security measures, but you also don’t want to overload the IT security team – a sure path to developing security issues. This post offers some guidance about what you should look for when reducing the burden on your IT security people by using a Software Developer Kit (SDK) as a solution for integrating encryption key and policy management into existing infrastructure

How to mitigate ransomware, DDoS attacks, and other cyber extortion threats (Tech Republic) Ransomware and other forms of cyber extortion are effective moneymakers for the bad guys. Learn why, and how not to fall prey to digital extortionists

Seven ways to protect your business from cyber attack (Wales Online) Nigel Griffths of IT consultancy Certus TG on how to protect your business from using the cloud to having strong passwords

Marketplace

Organizations to Spend $81 Billion on IT Security This Year (Society for Human Resource Management) Preparations for data breaches, regulatory demands, and compliance are driving the global market for cybersecurity services and products, according to two new reports

KBR (KBR) to Acquire Honeywell Technology Solutions for $266M (Street Insider) KBR, Inc. (NYSE: KBR) announced today it has entered into a definitive agreement to acquire Honeywell Technology Solutions, Inc. (HTSI), a leading professional, technical and mission support services organization providing an array of mission-critical services and customized solutions throughout the world primarily to U.S. government agencies

Palantir Acquires Data Visualization Specialist Silk (InformationWeek) Analytics software and consulting provider Palantir has acquired Silk, a data visualization startup. Silk's platform will continue to operate unsupported as the company's team will join Palantir

Machine Learning Startups Snapped Up: Big Data Roundup (InformationWeek) Apple, Intel, Palantir, and HPE were among the tech giants acquiring data analytics and machine learning companies. Here's your Big Data Roundup for the week ending August 14, 2016

The tech IPO window could be opening — here's what to expect in September (Business Insider) The tech IPO market is primed for a resurgence in September — after a historically sluggish start to the year

If History Repeats, This Growth Stock Is Money In The Bank (FEYE) (Investor Place) A drop after earnings sets up FireEye for a quick bounce back play

CyberArk Set for Stronger Second Half (Barron's) Shares of the enterprise-security vendor have about 6% upside and a partnership with HPE shows promise

3 Reasons Palo Alto Networks Inc. Stock Could Fall (Motley Fool) The beleaguered data security upstart could face more pressure if it doesn’t deliver in several key areas

Tanium: The company planning to be the Google of cyber security (Computer Business Reivew) Briefing: CBR talks to Technical Lead Dylan DeAnda about speed, scale and simplicity

Census taps Mandiant for cyber assessment (FCW) The Census Bureau wants its computer networks assessed for indicators of compromise to determine steps needed to secure and prevent potential breaches, and has awarded a contract for the evaluation

Research and Development

Navy looking at teaching robots how to behave (Stars and Stripes) Robots such as the Navy's Shipboard Autonomous Firefighting Robot, rear, are being developed to assist human servicemembers. The military is researching ways to incorporate more autonomous systems while easing fears of futuristic killer robots such as those depicted in the "Terminator" films

New Technique Could Help Law Enforcement Collect Smartphone Data (Electronics 360) There have been many recent news stories involving law enforcement’s desire to access smartphone data while investigating crimes, due to the growing importance of the information that can be stored in the memory of these devices. Sometimes this information is considered just as important as evidence recovered from an ordinary crime scene

Nowhere to Hide: UC San Diego Researchers Devise New Method for Detecting Hardware Trojans (US San Diego News Center) Modern computer chips are made up of hundreds of millions – often billions – of transistors

DHS S&T Awards $1.3M To Small Businesses To Develop Cybersecurity Technology (Homeland Security Today) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded $1.3 million to 13 small businesses for cybersecurity research and development

Security Patches, Mitigations, and Software Updates

Cryptography Experts Say Apple Needs to Replace iMessage Encryption (Softpedia) iMessage receives several fixes following mammoth research

Cyber Attacks, Threats, and Vulnerabilities

The Strategic Logic of the Islamic State (National Interest) The so-called Islamic State (ISIS) continues to pose a serious challenge not just to the Middle East, but to the entire world. While the efforts of a US-led coalition have weakened ISIS, destroying the group has proved difficult—and it has continued to inspire attacks in faraway places, from Brussels to Bangladesh

Islamic State faces uphill 'branding war' in Afghanistan, Pakistan (Reuters) The U.S. drone strike that killed Islamic State's commander for Afghanistan and Pakistan was the latest blow to the Middle East-led movement's ambitions to expand into a region where the long-established Taliban remain the dominant Islamist force

Powerful jihadist faction reconciles with the Taliban (Long War Journal) A powerful Taliban faction that broke away from the main group has reconciled and swore allegiance to the Taliban’s new emir, Mullah Haibatullah. The reunion of the faction, known as the Mullah Dadullah Mahaz or Mullah Dadullah Front, is the latest success in the Taliban’s effort to bring wayward groups and commanders back into the fold after divisions over the death of its founder and first emir, Mullah Omar

ISIS Orders Its Franchises to Kill Christians (Daily Beast) The coup that replaced Boko Haram's leader puts the ISIS subsidiary's focus on killing Christians in hopes it can unite, expand, and endure

Russian whistleblower Yulia Stepanova's WADA account illegally accessed through cyber attack (ITV) Russian whistleblower Yulia Stepanova's electronic account at the World Anti-Doping Agency (WADA) has been illegally accessed through a cyber attack, WADA has said

Russians Suspected of Hacking Democrats Also Went After Republicans, Researchers Say (Daily Beast) Cybersecurity experts have linked one of the groups that stole emails from the DNC to a campaign against lawmakers and officials, including John McCain

Russian Hacking Campaign Hits Republicans, Too (Foregin Policy) A mysterious cache of leaked emails ensnares GOP officials

Trump Campaign Chair Named in Black Accounts Linked to Ukrainian Ex-President (ABC) Ukrainian anti-corruption officials have confirmed that Donald Trump's campaign chairman's name appears in a list of so-called black accounts made by the country's toppled president

US election: Trump adviser denies Ukraine 'cash payments' (BBC) Donald Trump's top aide has denied receiving "payments" from the former Russian-backed Ukrainian government

DNC announces formation of cybersecurity board in email hack’s aftermath (Washington Times) The Democratic National Committee has assembled a cybersecurity advisory board in the wake of the hack attack that resulted in thousands of internal party emails being leaked online, Politico reported Thursday

Hacker Posts Personal Information of Nancy Pelosi, Top Democrats (Time) After receiving a deluge of obscene voicemails and text messages, House Minority Leader Nancy Pelosi informed her fellow Democrats on Saturday of “an electronic Watergate break-in” and warned them not to allow family members to answer their phones or read incoming texts

Pelosi bombarded with 'obscene and sick' calls, texts after cyber attack (KHOU) House Minority Leader Nancy Pelosi said Saturday that she has been bombarded with "obscene and sick calls, voice mails and text messages" after her personal contact information was posted online Friday night in the wake of the cyber attack against top Democratic campaign committees

Security Consultants Demonstrate that it's Easy to Hack Voting Machines (Inquisitr) Security consultants have been demonstrating that it’s simple and affordable to hack voting machines recently. Cyber security firms like Symantec and Crowdstrike have confirmed that hacking a voting machine is a fairly simple process, costing about $15 online and requiring only moderate knowledge

DIY bank account raiding trojan kit touted in dark web dive bars (Register) Roll-your-own-malware kit Scylex offered for seven large

Sage Suffers Data Breach, Putting Details of UK And Irish Businesses at Risk (Graham Cluley) Online accounting software company Sage has suffered a data breach, putting the details of a "small number" of its UK and Irish business customers at risk

A message to our UKI customers - August 2016: (Sage) We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation

Cyber attack on networks of major telcos in July (Economic Times) A cyber attack incident was noticed on the networks of Tata CommunicationsBSE -0.61 %, Airtel and Vodafone in July, hitting internet services in Maharashtra and Mumbai and other parts

Proof-of-DDoS: A ‘Malicious’ New Consensus Mechanism (Bitcoin News) A University of Colorado assistant professor and a Ph.D. student from the University of Michigan have formulated a new Altcoin that has an unusual consensus mechanism. The theoretical cryptocurrency, dubbed “DDoSCoin,” pays attackers for participating in distributed denial of service (DDoS) attacks

DDoSCoin: New Crypto-Currency Rewards Users for Participating in DDoS Attacks (Softpedia) In the most innovative, weirdest, and stupidest idea of the month, two researchers from the University of Colorado Boulder and the University of Michigan have created a crypto-currency that rewards people for participating in DDoS attacks

A Russian cyber-gang, the Oracle MICROS hack, and five more POS makers in crims' sights (Register) Who, what, when, why, how?

Visa Alert and Update on the Oracle Breach (KrebsOnSecurity) Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle‘s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices. Visa also published a list of Internet addresses that may have been involved in the Oracle breach and are thought to be closely tied to an Eastern European organized cybercrime gang

Sony Mobile working on security patches for Quadrooter vulnerability (Android Community) The QuadRooter malware reminded us about how "secure" Android is and why we should stay with Google Play. As it turned out, the old ‘Verify Apps’ feature could already prevent such from attacking your phone. We're not really worried about the new vulnerability on Qualcomm-powered Android phones but to be sure, we're interested to know what OEMs are doing to counter future problems

Is it possible to hack a plane? (TechWorld) Far from the almost-quaint days of viruses and keyloggers, the somewhat abstract threat of cyber attacks has evolved into something more concrete. As infosec crosses the bridge from cyberspace to the physical we ask: is it possible to hack a plane?

Kensington Survey Data Reveals that IT Theft in the Office Ranks Nearly as High as Theft in Cars and More than in Airports or Restaurants (Kensington) Industry study finds that more than one-third of it personnel have no physical security policy in place to protect laptops, mobile devices, and other electronic assets

Spying Fears Lead to Pentagon Pokemon Restrictions (Defense News) The popular Pokemon Go is now a no-no at the Pentagon. The Defense Department, citing fears of spying, has banned the game from employees’ work phones, and ordered a stop to play inside the building and other department facilities, according to published accounts

CloudLock Report: Despite Warnings, Employees Using Pokémon Go Expose Corporate Networks (CloudLock) In June, we unveiled our Q2 Cloud Cybersecurity Report, “The Explosion of Apps,” which highlighted the exponential growth and security risks of third-party apps connecting to corporate networks. Just a few weeks later, a new app was launched and is seemingly unstoppable: Pokémon Go. In less than a month, an estimated 26 million users have installed the app in the US, with more than 75 million installs across Apple and Google platforms globally, breaking all mobile gaming records. This phenomenon has sent users out of their homes and offices to participate in the game, where they are spending more time than they do browsing Facebook, Snapchat, Twitter or Instagram (Source: SensorTower)

Academia

Virginia Beach, Norfolk cybersecurity students have $20,000 grant opportunity (Southside Daily) College students studying cybersecurity in Virginia Beach, Norfolk and other cities throughout the state have the chance to apply for a $20,000 scholarship, thanks to a $1 million grant announced by Gov. Terry McAuliffe this week

Litigation, Investigation, and Enforcement

Dutch Islamic groups resist becoming informers in surveillance drive (Middle East Eye) Information sharing has increased across Europe, but some Muslim leaders fear Dutch government wants to co-opt community leaders

Man killed in Canada raid made 'martyrdom video,' planned attack: police (Reuters) The man killed during a Canadian police raid at his home in Ontario on Wednesday was a supporter of Islamic State who was in the final stages of preparing an attack on a Canadian city with a homemade bomb, police said on Thursday

Suit warns of Russian ‘back door’ into U.S. fingerprint systems (SFGate) The technology of the fingerprint-identification systems of the FBI and driver’s-license agencies is being challenged in court

Bangladesh officials to meet Fed, U.S. investigators over heist: sources (Reuters) A team from Bangladesh will meet officials of the Federal Reserve Bank of New York, the Federal Bureau of Investigation and the U.S. Department of Justice this week in New York in connection with the cyber theft of $81 million from the South Asian country's central bank in February, sources said.

Bangladesh central bank withholding $105m heist probe information from 'foreign perpetrators' (Australian Broadcasting Corporation) Bangladesh's central bank says it is withholding findings of investigations into the cyber theft of $US81 million ($106 million) from its account at the Federal Reserve Bank of New York to avoid tipping off the "foreign perpetrators" of the hack

Cyber fraud unearths potential loophole at Vietnamese bank's security system (VN Express International) $22,400 disappeared from a client's bank account. Investigation is ongoing

Centre beefing up apparatus to tackle cyber crime: Rajnath Singh (New Indian Express) Union Home Minister Rajnath Singh on Friday said the Centre is discomfited by reports of a rise in cyber crimes, and is taking concrete steps to counter this menace

Panetta defends Clinton Foundation-State Department relationship (Politico) Former Defense Secretary Leon Panetta on Sunday defended Hillary Clinton’s State Department from accusations it had an improper ties to the Clinton Foundation

Design and Innovation

Pattern disruption is the best way to combat cyberattacks (Federal Times) Cybersecurity threats are growing exponentially every year as more data is stored and accessible digitally. Spending on cybersecurity solutions is estimated to more than double to $170 billion by 2020, according to a recent report. The U.S. Cybersecurity National Action Plan alone will invest tens of billions of dollars toward these efforts

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

upcoming Events

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.