The CyberWire Daily Briefing 08.31.16

Summary

By The CyberWire Staff

Officialdom may be slow to attribute recent politically-relevant hacks but Crowdstrike isn't: the company says Cozy Bear (Russia's FSB) is behind breaches at US think tanks studying Russia.

Russian intelligence services remain the leading suspects in last month's incursions into US voting databases, but Russia Today pooh-poohs evidence ThreatConnect, Fidelis, Crowdstrike, and SecureWorks offered as a whole lot of nothing. Few are convinced, but in fairness (and as usual) the evidence remains largely circumstantial. (A bonus—Foreign Policy runs the best stock picture of a hacker ever. It's got a kid's wading pool, a beach chair, a cheap tent, a huge laptop, a MiG 21, and a guy who's shirtless instead of be-hoodied. A nogoodnik if ever we've seen one.)

There is general consensus that US elections are vulnerable to disruption. The Department of Homeland Security's "critical infrastructure" designation is being understood as offering the sort of security support DHS now provides Wall Street and the power grid, but accounts are scanty with respect to details.)

The Dropbox breach is now thought to affect sixty-eight million users. OneLogin has also sustained a breach: customers' unencrypted Secure Notes are exposed.

Dr. Web warns that the Mutabaha Trojan is impersonating Chrome in the wild. ESET finds OSX/Keydnap, which steals OSX Keychain data and installs a backdoor, spreading via the Transmission BitTorrent client application.

A new ransomware strain AVG discovered—"Fantom"—infects by posing as a Windows update. Another strain—this a Locky variant—spreads as an email with the subject "Transaction Details."

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Belgium, Brazil, India, Kuwait, Mexico, Netherlands, Pakistan, Romania, Russia, Sri Lanka, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Yisroel Mirsky from Ben-Gurion University of the Negev will introduce himself and our newest partner. Our guest, Nuix's Jim Kent, will talk about trends, particularly with respect to insider threats. If you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

What's Your Personal Data Worth? (Totally Money Personal Data) While survey finds US customers value their email address at $1,287, companies can actually buy yours for just a nickel [calculator <a href="http://www.totallymoney.com/personal-data/" target="_blank" style="color: #f8941e;">here]</a>

How The Cybersecurity Landscape Has Changed (DZone) More threats and more access points thanks to IoT and connections to the cloud

Known unknowns of cybersecurity talent shortfall, Part 1 (Federal Times) There is a known crisis in the cybersecurity workforce: a massive shortfall in qualified and trained security professionals. There is also an unknown solution to this crisis

Known unknowns of cybersecurity talent shortfall, Part 2 (Federal Times) We’ve heard a lot lately about attacks within the financial services and health care industries, and for good reason. These industries hold sensitive, personal data that attackers want access to

Trends in Cyber Security Threats & How to Prevent Them (B2C) In our Introduction to IT Security article, we covered a number of ways to help protect your data, systems, and customers’ information against security threats. But new types of threats are emerging that can compromise your business

Understanding Cybersecurity Status Quo: Interview with Nick FitzGerald, Senior Research Fellow, ESET Asia Pacific (Digit) To learn more about the current cybersecurity landscape we have a chat with Nick FitzGerald

Latin America braces for rise in cybersecurity threats (ZDNet) Ransomware, ATM jackpotting and advanced targeted attacks will become a norm in the region within the next few months, according to Kaspersky Lab

NZ companies facing 'very sophisticated' cyber-attacks (Radio New Zealand) New Zealand companies are being warned they are as vulnerable to cyber-ransoming as any other global company, with an "onslaught" of malicious hackers

Legislation, Policy and Regulation

London Tories Call for Data Security ‘Mayoral Standard’ (Infosecurity Magazine) The Conservative members of the London Assembly have called for the introduction of a “Mayoral Standard” for data security to help businesses in the capital improve their baseline information security and demonstrate this to customers

Homeland eyes special declaration to take charge of elections (Washington Examiner) Even before the FBI identified new cyber attacks on two separate state election boards, the Department of Homeland Security began considering declaring the election a "critical infrastructure," giving it the same control over security it has over Wall Street and and the electric power grid

Secretary of State: Pennsylvania using all available resources to safeguard cyber security of election (PRNewswire) Secretary of State Pedro A. Cortés said today the Commonwealth is taking advantage of all available resources in working to ensure the security and integrity of the November election

Retaliatory cyber strikes (C4ISRNET) It seems that the debate over retaliatory cyber strikes is increasing in intensity and occurring more often than it did just a few short years ago

How the NSA Prizes Online Surveillance Over Online Security: New at Reason (Reason Hit & Run) The NSA appears to be stockpiling a secret cache of powerful computer bugs to exploit for cyber-snooping

The NSA Research Director Wants Hackers to Know Who She Is (Washingtonian) Deborah Frincke disarms NSA’s doubters with transparency

FBI wants 'adult conversation' on encryption (Federal Times) FBI Director James Comey warned again Tuesday about the bureau's inability to access digital devices because of encryption and said investigators were collecting information about the challenge in preparation for an "adult conversation" next year

Industry, Government Differ on Where Encryption Leads (MeriTalk) Industry leaders and government officials disagree about whether encryption is causing the digital space to “go dark” or make Internet users safer

DHS’s Modest Social Media Proposal Deserves Support (Lawfare) According to a coalition of advocacy groups, a new proposal by DHS to seek information about the online presence of individuals trying to enter the United States from Visa Waiver countries—directly and voluntarily from those individuals—would “invade individual privacy and imperil freedom of expression”

U.S. Cyber Command Director: We want 'loud,' offensive cyber tools (FedScoop) “As the United States Cyber Command, we need totally separate tools and infrastructure [from the intelligence community] to conduct our operations,” said Shawn Tursky

What is the Cybersecurity Act? (Cybersecurity Investing News) With over $1 trillion to be spent globally on cybersecurity from 2017 to 2021, here’s a closer look at the Cybersecurity Act

Products, Services, and Solutions

OptioLabs and Cat Phones Partner to Provide Enterprise-Grade Security to the Flagship Cat S60 (OptioLabs) OptioCore fortifies Cat® S60 to resolve sophisticated mobile security threats for Android 6.0 Marshmallow

AEROMEXICO Flies High With New eCommerce Platform (News Channel 10) Akana, a leading provider of API Management, API Security and Microservices solutions, announced today that Aeromexico, Mexico’s global airline, has launched a new eCommerce platform that includes Akana’s API management platform as a core component

IBM Security and Capgemini: Teaming for New Security Operations Center Technology (IBM Security Intelligence) While technology’s increasing sophistication brings opportunity to unlock business value, it also creates opportunity for more advanced cyberthreats

ReSec's ReSecure Platform Installed in Barclays Rise Lab in Tel Aviv (PRNewswire) Advanced malware prevention system being tested by leading international banking and financial services provider in its network environment

Say Hello to Virtustream, EMC's Other Cloud (Fortune) VMware, the tech company majority owned by EMC, outlined its latest cloud computing strategy on Monday. Lost in the hubbub was the fact that Virtustream, EMC’s “other” cloud company, had its own news

Okta Expands Into Application Security With New API Access Management Product (CRN) Okta launced a new API Access Management solution Tuesday at its Oktane 16 event in Las Vegas, a move partners said would help them add more security features to their application and development portfolios

Keeper Launches Family Plan to Protect and Preserve Digital Lives (PRNewswire) Leading password manager helps families establish a strong cybersecurity defense

SimpleRisk: Enterprise risk management simplified (Help Net Security) SimpleRiskIn this podcast recorded at Black Hat USA 2016, Josh Sokol, creator of SimpleRisk, talks about his risk management tool, which he presented at the Black Hat Arsenal

L0phtCrack 7 audits passwords up to 500 times faster (Help Net Security) L0pht Holdings released a completely revamped L0phtCrack 7, which includes a new cracking engine which takes optimal advantage of multi-core CPUs and multi-core GPUs

Logikcull’s ‘Sub Accounts’ Unlocks Versatile Power of Global Legal Intelligence Solution (BusinessWire) On the heels of news that it has raised $10 million from top-tier investors OpenView and Storm Ventures, Logikcull, the San Francisco-based technology company, has announced a new feature that empowers organizations to run multiple versions of its Legal Intelligence platform simultaneously to tackle a wide range of data challenges

Technologies, Techniques, and Standards

The Insider Threat Intelligence You Likely Aren’t Using, But Are Already Paying For (Infosecurity Magazine) In July, a Texas court sentenced a former Citibank technology executive to 21 months in prison for uploading malicious commands to the bank’s Global Control Center routers

For feds, DevOps raises cyber questions (FedScoop) DevOps breaks down traditional management silos, but cross-departmental teaming, in government, raises important questions about lines of authority, two officials said

Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing (Dark Reading) By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency

Marketplace

How cyber security pros transition to board level decision makers (CSO) Tips for getting on a board of directors as the cybersecurity expert

LogRhythm’s user-friendly approach to cybersecurity attracts $50 million (Denver Post) Boulder security firm holds its ground as it competes with IBM, HPE and Intel

Herjavec Group gearing up for next acquisition (CRN) CEO Robert Herjavec tells CRN he expects takeover of an identity-based security firm to be completed in the 'the next couple of weeks'

Accenture moves to take on cyber security (Financial Review) Professional services firm Accenture is positioning to become a market leader in cyber security in the Asia-Pacific, to help companies face the constant and evolving landscape of data protection

Cisco Systems' 3 Biggest Growth Opportunities (Motley Fool) As the company transitions its business model, there are a few growth opportunities investors need to know about

Palo Alto Networks' Shares Fall 3% On Weaker-Than-Expected Forecast (Fortune) Cyber security firm Palo Alto Networks forecast current-quarter revenue and profit below analysts’ estimates, sending its shares PANW -1.05% down 3% in extended trading on Tuesday

Palo Alto Networks, CyberArk And Next Gen Computer Security Providers Compared (Seeking Alpha) Cloud Computing Requires New Security Solutions. Internet of Things Requires New Security Solutions. Several Recent IPOs Rise To The Challenge

SonicWall partner 'conflict' to lessen post-split (Channelnomics) VP says partners no longer will be 'held back'

Here's Why Symantec Corporation (SYMC) Could Rise Over 25% (Country Caller) More upside is probably in store, as the company accelerates cost-cutting and sells Blue Coat’s Web and cloud protection software to new clients

Die Hacker aus dem Hause Siemens (Oberbayerishes Volksblatt) Siemens wehrt sich gegen Cyberkriminelle mit einer eigenen Hacker-Truppe. Sie greift das eigene Netzwerk regelmäßig an, um Sicherheitslücken aufzuspüren. Ein Besuch im Hacker-Labor

Tech Innovator of the Week: Julian Waits, President and CEO, PivotPoint Risk Analytics (Black Enterprise) Our Tech Innovator of the Week highlights an African American tech startup or innovator as part of Black Enterprise's lead-up coverage to the TechConneXt Technology Summit in Silicon Valley this October. This week's innovator: Julian Waits, President and CEO, PivotPoint Risk Analytics

KnowBe4 Expands Team to Include Security Awareness Advocate (Benzinga) KnowBe4 hires Security Awareness Advocate in answer to growing demand and explosive growth

InfoGPS Adds Telecom, IT Industry Veteran Greg McCray to Board of Directors (BusinessWire) Leader and consultant brings more than 30 years of industry expertise

Google-Backed Phone Start Up Announces GC (Updated) (Bloomberg Law) Pindrop Security, the start up that blocks phone fraud and has raised more than $100 million, announced Monday it hired Clarissa Cerda as its general counsel

Security Patches, Mitigations, and Software Updates

Turn on two-step verification for your PSN account now! (Naked Security) We knew back in April that two-step verification was coming for PlayStation Network (PSN) accounts, but we didn’t know when. We’re happy to say that “when” is “now”

Cyber Attacks, Threats, and Vulnerabilities

Computer-Security Firm Says Hackers Targeting Russian-Focused Think Tanks (Wall Street Journal) Company says Russian hacking group also linked to computer intrusions at the Democratic National Convention

Kremlin-backed hackers target Russia-focused think tanks (Federal Times) Multiple think tanks in Washington, D.C, were recently breached by the Russia-backed hacker group Cozy Bear (also referred to as APT29), sources have revealed to Patrick Tucker, Defense One’s technology editor

Did Russia Really Hack U.S. Election Systems? (Foreign Policy) American e-voting is vulnerable to hacking, but that doesn’t mean Moscow’s agents hacked Illinois and Arizona voter databases — this time

Russian state media: Evidence of Kremlin-sponsored hacking 'non-existent' (International Business Times) Multiple cybersecurity firms claim evidence suggests Russian hackers involved

Hacking the Election Would be Pretty Damn Easy (Inverse) It could be done for less than $100

Could hackers tip a U.S. election? You bet. (Washington Post) Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised

Kaine asks: Would Trump stand up to a Russian cyberattack on U.S. elections? (Washington Post) Democratic vice-presidential candidate Tim Kaine on Tuesday questioned whether a President Donald Trump would stand up to a Russian cyberattack aimed at destabilizing U.S. elections

Hackers Stole Account Details for Over 60 Million Dropbox Users (Motherboard) Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light

Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts (Ars Technica) "Scope of password reset completed last week protected all impacted users," says Dropbox

OneLogin breached, customers’ Secure Notes compromised (Help Net Security) San Francisco-based OneLogin, which offers single sign-on and identity management for cloud-based applications and claims 1400+ enterprise customers in 44 countries, has suffered a data breach

OSX/Keydnap spreads via signed Transmission application (We Live Security) Last month ESET researchers wrote an article about a new OS X malware called OSX/Keydnap, built to steal the content of OS X’s keychain and maintain a permanent backdoor. At that time of the analysis, it was unclear how victims were exposed to OSX/Keydnap. To quote the original article: “It could be through attachments in spam messages, downloads from untrusted websites or something else”

Google Chrome impersonator Trojan doing rounds (Help Net Security) If you’re a Google Chrome user, and suddenly your browser looks a bit off and shows you pages that you would never visit ordinarily, you’ve probably been hit with the Mutabaha Trojan

New 'Fantom' Ransomware Poses As Windows Update (Dark Reading) Fantom malware comes disguised as a legitimate Microsoft Windows update to trick consumers and business users into downloading it

Today's Locky Variant Arrives as a Windows Script File (SANS Internet Storm Center) Pretty much all the Locky variants I have looked at the last couple days arrived as zipped JavaScript files. Today, I got something slightly different

New ransomware threat deletes files from Linux web servers (CSO) Attackers claim the files are first encrypted and uploaded to a server under their control

Ransomware Attacks in the U.K., Netherlands and Belgium (Duo Security) Last week it was reported that over half (56%) of the U.K.’s universities have been targeted in ransomware attacks in the past year, according to SentinelOne. They also found that two out of three targets were hit multiple times. Bournemouth University reported they suffered a total of 21 different attacks throughout the year

UK hospitals targeted by ransomware but NHS did not pay up (International Business Times) Hospitals across the globe are being increasingly targeted by ransomware attacks

Ransomware: experts divided on whether to pay up (CRN) In yet another sign that business is booming in the underworld of ransomware, Trend Micro has reported that the number of new ransomware families it observed in the first half of 2016 has already surpassed the total number observed in 2015 by 172 percent

Orgs' Security Hygiene Plummets Amid Ransomware Spikes (Infosecurity Magazine) Despite the rise of social engineering-based scourges like ransomware, just 39% of workers believe they take all appropriate steps to protect company data accessed and used in the course of their jobs

Crooks are selling a skimmer that works on all chip card readers (CSO) Think that your new EMV-compliant chip-reading point of sale terminal will keep crooks from stealing your customer credit card info?

Another IoT-Dominated Botnet Rises With Almost 1M Infected Devices (Dark Reading) BASHLITE malware fuels another DDoS botnet made up primarily of flaw-ridden internet of things devices

Nearly Half of Enterprise Networks Show Evidence of DNS Tunneling, According to Infoblox Security Assessments (Econo Times) Infoblox Inc. (NYSE:BLOX), the network control company, today announced results of the Infoblox Security Assessment Report for the second quarter of 2016, which finds that 40 percent—nearly half—of files tested by Infoblox show evidence of DNS tunneling, a significant security threat that can indicate active malware or ongoing data exfiltration within an organization’s network

Ubiquity and danger: The web scraping economy (Help Net Security) Web scraping is a technique of extracting information from web sites, and often includes transforming unstructured web site data into a database for analysis or repurposing content into the web scraper’s own website and business operations. In most cases, bots, which make up 46 percent of web traffic, are implemented by individuals to perform web scraping at a much faster rate than humans alone

Encryption hiding malware in half of cyber attacks (ComputerWeekly) Cyber attackers are using encryption to hide malicious activity, making it increasingly difficult to find as more organisations turn to encryption to protect data, a study has revealed

Is Facebook’s People You May Know putting users at risk? (Naked Security) What is a friend, exactly? It’s a tricky question

Con artists use pop-ups to scam Microsoft users (KMOV) Hackers do not always have to break into your computer to rip you off, sometimes you let them in

Email Still a Magnet for Cyber Criminal Activity, Costing Victims $3 Billion (Tech Vibes) Business email compromises—when legitimate business email accounts are taken over by scammers in an effort to get their targets to send them money—have risen by 1,300 per cent since January 2015, resulting in over $3 billion in losses, according the Federal Bureau of Investigation

Sri Lankan Teenager Hacks President’s Website Twice to Demand New Date For College Exams (Foreign Policy) When high school students want to weasel their way out of an unwanted exam or homework assignment, they typically rely on time-tested excuses like faking illnesses or conjuring up paper-hungry dogs

St Neots Town Council website hit by cyber-attack (Cambridge News) St Neots town council has been forced to take down is website after it was hacked by what is claimed to be a pro-Muslim organisation

Alex Jones’ Infowars Hacked; Thousands of Accounts Sold Online (HackRead) Someone hacked Infowars website and stole thousands of accounts belonging to its registered users — the accounts were found on an underground hacking forum

Kuwait Automotive Imports Company Hacked; 10k Accounts Leaked (HackRead) Some hack for a reason, some hack for no reason and some hack to teach others a lesson — this hack is to teach bad admins a lesson

Pokemon Go Fears with Attacks on the Rise (Infosecurity Magazine) Police in England and Wales have been inundated over the summer with incidents involving cult mobile AR game Pokemon Go, with 290 reported in July alone, a new Freedom of Information (FoI) request has revealed

Academia

AFA's CyberPatriot Elementary School Cyber Education Initiative (ESCEI) Now Mac/OS X Compatible (Yahoo! Tech) The Air Force Association's (AFA) CyberPatriot Program Office announced today launch of an updated version of its Elementary School Cyber Education Initiative (ESCEI)

Litigation, Investigation, and Enforcement

FBI recovered 30 potentially new Clinton emails related to 2012 Benghazi attacks (Washington Post) Democratic presidential nominee Hillary Clinton may have sent or received as many as 30 previously undisclosed emails while secretary of state about the 2012 Benghazi attack, government lawyers said Tuesday in asking a federal judge for a month to turn over potentially public records to a conservative legal group

NYT reporter: Fear of prosecution may have driven Hillary to blame Powell on emails (Washington Examiner) A New York Times reporter who has covered Hillary Rodham Clinton said he is "baffled" why she initially set up a secret email server, and blamed the fear of prosecution on her wrong-headed bid to blame former Secretary of State Colin Powell for suggesting a second system

Rep. Elijah Cummings calls on FBI to investigate Trump, cyber attacks (Baltimore Sun) Rep. Elijah E. Cummings and other House Democrats called Tuesday for the FBI to investigate whether Donald Trump's presidential campaign has any connection with cyber attacks on political entities in the United States

The most absurd Internet privacy class-action settlement ever (Ars Technica) Lawyers get millions. Consumers get nothing. E-mail snooping continues unabated

Case study: Lurk group’s Angler exploit (IT Security Guru) At the beginning of the summer, Kaspersky Lab assisted in the arrest of suspects that were part of the Lurk gang, which allegedly stole more than 45 million dollars from a number of companies and banks in Russia

Inside the Demise of the Angler Exploit Kit (Threatpost) The June arrest of a Russian cybercrime gang responsible for the Lurk Trojan also put to rest the infamous Angler Exploit Kit

Pakistani man to be expelled from Romania over terrorism (AP) A court has ruled that a Pakistani citizen should be expelled from Romania on charges of promoting "extremist Islamism" online, causing a threat to national security

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

HTCIA International Conference and Training Expo (Summerlin, Nevada, USA, August 28 - 31, 2016) The High Technology Crime Investigation Association (HTCIA) sponsors this conference for professionals in law enforcement cyber security and cyber forensic investigations. College and university faculty working in these areas are also welcome, as are their students. Learn how to protect your agency, organization, or company against cyber threats in the more than 125 lectures and labs offered at the event. Hear distinguished keynote speakers, and network with colleagues. Industry vendors will also be available to discuss their newest products and services.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

2016 Government Cyber Security SBIR Workshop (Washington, DC, USA, August 30 - September 1, 2016) The 2016 Government Cyber Security SBIR Workshop affords Small Business Innovation Research (SBIR) awardees in the completed Phase II or Phase III processes the opportunity to collaborate and present their research and technologies to researchers and cybersecurity leadership from the government, private sector and academia. This workshop facilitates knowledge-sharing, improvement of existing deployed technologies and transition to the marketplace by innovative research that safeguards cyberspace.

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

Innoexcell Annual Symposium 2016 (Singapore, September 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Cozy Bear finds DC think tanks just right. Election hacking seen as a clear and present danger. New ransomware in the wild. Breaches at Dropbox, OneLogin. OSX/Keydnap, Mutabaha Trojan masquerade as legitimate apps.