The CyberWire Daily Briefing 09.01.16

Summary

By The CyberWire Staff

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, the financial sector's international funds transfer network, has again warned its members of more fraudulent money transfers. The scope of the latest attacks is unknown, but SWIFT has given its members an ultimatum: update to the latest version of SWIFT software by November 19 or be reported to regulatory authorities and banking partners. Reuters reports that weak local security was exploited to compromise local networks and then send bogus messages requesting money transfers. Some of those requests were apparently filled.

Fund transfer fraud is also committed by the familiar business email compromise. In mid-August German wire manufacturer Leoni AG lost €40 million ($44.6 million) when personnel followed instructions in a spoofed email to transfer money to accounts in the Czech Republic.

US states continue to worry about and possibly improve voting security. Vermont thinks it's covered, North Carolina wants Federal help, and many worry about the implications of Federalizing elections. Russia continues to play an information operations long game with respect to US and other Western elections. The New York Times observes that, independent as WikiLeaks may be, objectively (as the old Pravda might have put it) Assange's operation is nicely aligned with Russian interests.

Microsoft warns attackers are exploiting Word vulnerabilities. Weaponized documents are now spreading Cerber ransomware and password-stealing Trojans through Betabot.

Several interesting proof-of-concept attacks indicate a shift toward physical exploitation of hardware.

PoodleCorp skids continue their ars-gratia-artis DDoS against online games, including World of Warcraft and Battlefield 1.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bangladesh, China, Czech Republic, European Union, Germany, India, Iran, Romania, Russia, Thailand, United Kingdom, United States, and and Vietnam.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Jonathan Katz from our partners at the University of Maryland will describe a recently discovered iMessage vulnerability. Our guest is Corey Williams from Centrify, who offers insight into the recent Sage data breach. And, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

Report: Smartphone infection rate doubled in first half of 2016 (CSO) Smartphone infection rates nearly doubled during the first half of this year

IoT’s killer app is home security (TechCrunch) I live in San Francisco, and I have a raccoon problem

So much for counter-phishing training: Half of people click anything sent to them (Ars Technica) Even people who claimed to be aware of risks clicked out of curiosity

London economy hit hard by security breaches (Help Net Security) A new report by the Conservative members on the London Assembly, which help scrutinise the work of the Mayor of London, estimates that in 2015 in London 329,515 organizations experienced some form of security breach

Legislation, Policy and Regulation

Definitive EU net neutrality guidelines released (Help Net Security) The Body of European Regulators for Electronic Communications (BEREC) has published the final guidelines aimed at helping EU member states’ National Regulatory Authorities (NRAs) implement EU net neutrality rules

CYBERCOM wants adversary to know it's hacked (C4ISRNET) As Cyber Command is beginning to reach initial operational capability and entering into both defensive and offensive operations around the globe, America’s cyber warriors need cyber tools to conduct their missions. However, unlike the tools used by members of the intelligence community, which seek to operate without being detected, the Defense Department is interested in “louder” tools

Developing "Loud" Cyber Weapons (Lawfare) ...Taking this requirement at face value raises a number of interesting questions

US Senators Urge Obama to Address Financial Cyber-risk at G20 (Infosecurity Magazine) US senators are urging President Obama to address the topic of cybersecurity at the upcoming Group of 20 Summit in China

Products, Services, and Solutions

Trustwave to Open New Security Operations Center in Japan to Help Fight Cybercrime (MarketWired) Through state-of-the-art center, Trustwave will deliver managed security services to Japanese businesses and government agencies

Flashpoint Delivers Business Risk Intelligence Globally with IBM i2 Enterprise Insight Analysis (PRNewswire) Flashpoint, the global leader in Business Risk Intelligence (BRI), today announced the integration of Flashpoint Business Risk Intelligence with IBM® i2® Enterprise Insight Analysis (EIA), the gold standard for analyzing and visualizing large data sets. Users of i2 will now be able to leverage Flashpoint's data, tools, and expertise for an unprecedented and safe view of the dangers and business risks emanating from the Deep and Dark Web

USmax Awarded GSA Schedule 84 Contract (PRNewswire) USmax Corporation ("USmax"), a leading provider of Cyber Security, Technical and Physical Security, Information Technology (IT) Infrastructure Management, and Enterprise Applications services, announced today that it has been awarded the General Service Administration's (GSA) Schedule 84 (Contract Number GS-07F-167DA). USmax will provide services in the following special item numbers (SINs): 246 60 1 Security Systems Integration and Design Services and 426 6 Law Enforcement/Security Training

G-Cloud Selects Anomali as Sole Threat Intelligence Provider (Yahoo! Finance) Government-approved supplier list for 2016/2017 includes a threat intelligence supplier for the first time

LOT Network waives patent troll protection membership fees for startups (TechCrunch) License on Transfer (LOT) Network is looking to make it even easier for smaller startups to sign up for its cross-licensing patent “immunization” organization, which includes members like Google, Netflix and Uber. Between now and March 1, 2017, any new members that join LOT Network that have annual revenues below $5 million won’t have to pay the standard annual membership fees the group normally charges

Technologies, Techniques, and Standards

Once More Into the Breach Response (Digital Guardian) Reasonable people can, and often do, disagree about what constitutes a proper public response to a data breach. Some people want immediate and full disclosure of all of the details of the event, while others tend to favor a more measured approach, releasing some information at the beginning and more data as things shake out

How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros (Dark Reading) At the most basic level, organizations must understand their data, the entry points, and who has access. But don't forget to keep your backup systems up to date

Detection and response, where to begin (CSO) Industry leaders join together at the MASSTLC conference to talk about detection, incident response, and making security a collaborative exercise

3 tips for better security and privacy on Snapchat (Naked Security) In the past few years, Snapchat has become the social media app of choice for the younger set, largely due to its ephemeral content. Users send images and videos (called Snaps) that are meant to be quickly viewed – as they expire soon after being seen – though the app also supports plain-ol’ text chats too

Marketplace

The CIA’s Venture-Capital Firm, Like Its Sponsor, Operates in the Shadows (Wall Street Journal) In-Q-Tel provides only limited information about its investments, and some of its trustees have ties to funded companies

Army sets up office to speed up electronic warfare, cyber buys (Federal News Radio) The Army is officially setting up a new vehicle to circumvent the bulky military acquisition process for areas serving immediate needs like electronic warfare and cyber

Dell's acquisition of EMC to close in less than a week (CRN) Dell has announced that plans to close its acquisition of EMC on 7 September, following anti-trust approval from the Chinese government authorities

Jim Cramer on Palo Alto: Cyber Securtity Stocks Are Challenging (The Street) Jim Cramer says cyber security stocks are in a rough patch

Palo Alto Networks, Inc. Goes 9-for-9 (Motley Fool) But shares are still falling given the network security specialist's light guidance

FireEye Inc's Biggest Win in 2016 So Far (Motley Fool) Sales growth is way down, but this metric hit a four-year high last quarter

Cisco Gets Into Containers With ContainerX Acquisition (eWeek) The tech vendor buys the early-stage startup, whose technology makes it easier for enterprises to manage containers across cloud and data centers

Better Buy: Cisco Systems, Inc. vs. IBM (Motley Fool) The two tech giants are well on their way to transforming their legacy businesses, but which offers investors the most upside?

Microsoft plans cybersecurity centre in Connaught Place (Economic Times) American technology giant Microsoft is setting up a cybersecurity centre in the heart of New Delhi to arm governments and private agencies with all-round intelligence on cyber attacks within the country

AT&T trash talks Google over Fiber fiasco: Leave ISP stuff to the experts (Register) Telco takes a victory lap as ad giant's broadband plans collapse

Noblis’ Roger Mason: Career Path Understanding Key to Cyber Workforce Training, Retention Efforts (ExecutiveBiz) There has been no shortage of research materials over the past year that point to a fear among government and private industry leaders that the U.S. does not have the needed numbers or proper skillsets in its cybersecurity workforce and could feel some consequences as a result

It pays to be a penetration tester, the market is booming! (Help Net Security) The penetration testing market is estimated to grow from $594.7 million in 2016 to $1,724.3 million by 2021, at a Compound Annual Growth Rate (CAGR) of 23.7%, according to MarketsandMarkets

Andrew Wild Joins QTS as CISO (Yahoo! Finance) QTS Realty Trust (QTS), an international provider of data center, managed hosting and cloud services, announced today that Andrew Wild, formerly with Lancope, now a part of Cisco has joined the company as Chief Information Security Officer

Venable chair James Shea stepping down (Baltimore Business Journal) Venable LLP, the largest law firm in the Baltimore area, said on Wednesday that James L. Shea is stepping down next year as chairman

Webroot CEO Dick Williams Recognized as CRN Top 100 Executive (Yahoo! Finance) Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced that CRN®, a brand of The Channel Company, named Webroot CEO, Dick Williams, on its 2016 list of Top 100 Executives. This annual list recognizes technology industry leaders who have helped shape today's IT channel

Security Patches, Mitigations, and Software Updates

Adobe patches critical vulnerability in ColdFusion application server (CSO) The flaw can be exploited to expose sensitive information

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: SWIFT discloses more cyber thefts, pressures banks on security (Reuters) SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank

SWIFT Warns Banks Of More Cyberattacks (Threatpost) Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions

One of Europe's Biggest Companies Loses €40 Million in Online Scam (Softpedia) German electrical cable maker Leoni falls victim to BEC scam

The Ordinary and Unique in Russia's Electoral Information Warfare Game (War on the Rocks) Vladimir Putin has been busy this summer and the name of the game is information warfare. One of the most recent episodes is a Russian-sponsored disinformation campaign targeting Sweden. The operation involved the dissemination of false stories regarding the consequences for Sweden of entering into a military partnership of some sort with NATO. The fabrications included NATO’s intention of stockpiling nuclear weapons on Swedish soil, exemptions that would allow U.S. soldiers to commit heinous crimes free from prosecution, and more. The obvious objective is to sow mistrust between Sweden and NATO in an effort to weaken and limit the reach of the alliance

How Russia Often Benefits When Julian Assange Reveals the West’s Secrets (New York Times) American officials say Mr. Assange and WikiLeaks probably have no direct ties to Russian intelligence services. But the agendas of WikiLeaks and the Kremlin have often dovetailed

Concerns Mount Over Foreign Cyberattacks on US Election Day (Voice of America) As Democrats in the U.S. Congress call for the Federal Bureau of Investigation to investigate concerns that Russia may be trying to manipulate the November general election with cyberattacks, government officials are wrestling with new challenges to ensure accurate results

Why Russian Hackers Probably Can’t Mess with the U.S. Election (Technology Review) The risk of psychological damage is far greater than any technological threat

NC says ‘yes’ to federal help with cybersecurity for fall election (Charlotte Observer) Michael Dickerson was breathing a little easier in his elections office Wednesday afternoon in Charlotte, North Carolina

Is Vt. Safe From a Election Database Cyber Attack? (My Champlain Valley) With stories about cyber attacks on election databases circling around the nation, Vermont Secretary of State Jim Condos says his office has taken steps to protect the state of Vermont

DressCode Android Malware Found in over 40 Google Play Store Apps (Softpedia) Malware turns infected devices into proxy servers

Microsoft warning over malware that exploits security holes in Word (Computing) Remember Word macro viruses? This is even worse

Password-Stealing Trojan Now Also Attacks With Cerber Ransomware (Dark Reading) Weaponized Microsoft Word Documents spread one-two punch via the infamous Betabot

Fairware Attacks Targeting Linux Servers (Threatpost) Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely

Bleeping Computer has egg on its face after bogus claims (ITWire) Fake ransomware known as FairWare, which was mistakenly said to be targeting Linux web servers, has been found to be targeting Redis, an open-source in-memory data structure store

Why these victims decided not to pay the ransom (CSO) When ransomware locks down a computer or an entire system at your organization, what do you do? If you get an email from a hacker threatening a DDoS attack that will level your website, how do you respond?

How one man could have owned GitHub, and what happened next… (Naked Security) A spot of cryptographic bother is unfolding in Mozilla’s security policy discussion forum at the moment

Angler EK Traced Back to 'Lurk' Gang (Infosecurity Magazine) The notorious Angler Exploit Kit (EK), responsible for the delivery of malware in countless campaigns, was the work of the Lurk cybercrime group which was finally brought to justice in June, Kaspersky Lab has confirmed

Cybercriminals rent out exploit kits (IT Online) At the beginning of the European summer, Kaspersky Lab assisted in the arrest of suspects that were part of the Lurk gang, which allegedly stole more than $45-million from a number of companies and banks in Russia. It was the largest financial cybercrime group to be caught in recent years

Angler Exploit Kits Reported (SANS Internet Storm Center) We have had a report from one of our readers (thanks Andrew) indicating that they are seeing Angler Exploit Kit attempts in the past 2 days appearing to be tied to Heart Internet. I am not seeing any activity in my logs. Is anyone else seeing this type of activity in your weblogs?

Maxmind.com (Ab)used As Anti-Analysis Technique (SANS Internet Storm Center) A long time ago I wrote a diary[1] about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it just stops. This has been seen in Russian malware's which did not infect people located in the same area

AgentTesla campaign engages in cybersquatting to host and deliver spyware (SC Magazine) Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies

Patched ColdFusion Flaw Exposes Applications to Attack (Threatpost) An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues

New cloud attack takes full control of virtual machines with little effort (Ars Technica) Existing crypto software "wholly unequipped" to counter Rowhammer attacks

Googlers’ Epic Hack Exploits How Memory Leaks Electricity (Wired) As Moore's Law has packed more and more transistors onto a single memory chip, scientists have fretted for years that electric charges that “leak” out from those tiny components might cause unpredictable errors in neighboring semiconductors. But now a team of Google researchers has demonstrated a more unexpected problem with that electromagnetic leakage: hackers can use it to purposefully corrupt portions of some laptops’ memory, and even to bypass the security protections of those computers

Forget Software—Now Hackers Are Exploiting Physics (Wired) Practically every word we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break

How Your Smartphone Light Sensor Could Help Websites Track You (Motherboard) If you have a smartphone, chances are it’s able to tell how dark or bright its surroundings are

This Is How Easy It Is to Hack a Passport or a Credit Card (Motherboard) Anything with a chip in it is vulnerable to attack. Your contactless credit card, your office key card, your passport—as more of our most valuable possessions get an electronic component, more opportunities open up to hackers

St. Jude Says Muddy Waters, MedSec Video Shows Security Feature, Not Flaw (Dark Reading) Feud between St. Jude Medical and Muddy Waters and MedSec continues with the former reiterating safety feature of its implantable devices

Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short (Threatpost) Security researchers warn mixing vulnerability disclosures with stock market bets sets a troubling precedent that erodes confidence in the relationship between businesses and white hat hackers who help uncover threats

Vulnerabilities found in cars connected to smartphones (Help Net Security) Many of today’s automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers

FTC Warns Travelers About Cybersecurity Risks Of Rental Cars (Dark Reading) The Federal Trade Commission has recommendations for consumers to protect their personal data when driving rental vehicles

Electronic Arts, EA Servers Down? PoodleCorp claims it DDoSed Gaming Giant (HackRead) EA sports servers are down and gamers are furious on Twitter — about 11 hours ago, PoodleCorp did claim responsibility of DDoSing EA servers

WoW: Legion, Battlefield 1 beta suffer launch-day outages (Ars Technica) Blizzard confirms DDoS attack; hacker collective claims it DDoSed EA

Kimpton Hotels Acknowledges Data Breach (KrebsOnSecurity) Kimpton Hotels on Wednesday formally acknowledged that malware found on payment terminals in many of its hotels and restaurants may have compromised credit/debit cards of guests who patronized the properties in the first half of this year. The disclosure comes more than a month after KrebsOnSecurity first contacted to the company about a possible credit card breach across most of its locations

Appalachian delivery system struggles with cyber attack (HealthData Management) Appalachian Regional Healthcare, serving eastern Kentucky and southern West Virginia, is still in the process of mitigating a cyber attack that was discovered on Saturday morning

How to keep viral memes from spreading malware in your enterprise (CSO) STOP! Infected Pokemon Go, games and memes are spreading malware

Litigation, Investigation, and Enforcement

Clinton emailed classified info after leaving State: report (The Hill) Hillary Clinton emailed classified information after leaving the State Department, The New York Post reported Wednesday

Report: American detained in Iran faces security allegations (Colorado Springs Gazette) Iran has accused a detained American-Iranian dual citizen of "acting against national security," the semi-official Tasnim news agency reported Wednesday

Cook on EU Apple tax case: “Total political crap” (Ars Technica) EC antitrust chief says disputed figures in ruling came from Apple

Thailand seeks Russian over US$350,000 ATM cyber heists (ChannelNews Asia) Thai police investigators on Wednesday said they are seeking a Russian man suspected of using malware to withdraw US$350,000 from dozens of cash machines across the country

Runaway teen hops on Facebook to ask police to use nicer mugshot (Naked Security) A young woman in Sydney has become a social media darling after she politely wrote in to police via a news station’s Facebook page, asking that they please use a prettier picture on their “Wanted” notice

Florida Man Pleads Guilty To Cell Phone Fraud Involving $1 Million (Dark Reading) Edwin Fana compromised identifying data of victims and used them to conduct thousands of international calls

Design and Innovation

Linux Foundation Restructuring CII Security Effort for Scale (eSecurity Planet) The CTO of the Linux Foundation discusses how the governance structure for the Core Infrastructure Initiative is changing to promote better security

Veracode's Chris Wysopal talks about the impact of '90s hacker think tank (FedScoop) “At the time I had no idea what kind of impact we would have," he said on FedScoop’s "Cybersecurity Insights & Perspectives” podcast

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2016 Government Cyber Security SBIR Workshop (Washington, DC, USA, August 30 - September 1, 2016) The 2016 Government Cyber Security SBIR Workshop affords Small Business Innovation Research (SBIR) awardees in the completed Phase II or Phase III processes the opportunity to collaborate and present their research and technologies to researchers and cybersecurity leadership from the government, private sector and academia. This workshop facilitates knowledge-sharing, improvement of existing deployed technologies and transition to the marketplace by innovative research that safeguards cyberspace.

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include leaders from multiple industry sectors, government and academia. The meeting will feature topics including: an in-depth public discussion of ISAO 100-1: Guidelines for Establishing an ISAO and ISAO 600-1: Government Relations, Programs, and Services; the State of the Ecosystem from the ISAO SO: “Where We Are and Where We’re Going” and “How We’ll Get There”; a special meeting of emerging ISAOs, and panel discussions from industry experts and thought leaders on ISAO Services and Capabilities, and Building an ISAO.

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

Innoexcell Annual Symposium 2016 (Singapore, September 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

New SWIFT fraud. BEC hits German manufacturer for €40 million. Russian information ops, WikiLeaks, and US elections. Proofs-of-concept forsake metaphors for physics. Skids DDoS online games.