The CyberWire Daily Briefing 09.12.16

Summary

By The CyberWire Staff

Law enforcement and intelligence agencies find ISIS an increasingly elusive opponent. This is in part due to its use of encrypted chat, but to a great extent, the Wall Street Journal reports, to the Caliphate's reversion to the traditional terrorist cellular tradecraft: "face-to-face meetings, written notes and misdirection."

Australian authorities and observers see a rising threat of foreign cyber attacks aimed at eroding that country's government's legitimacy, and the credibility of its political leaders. Such concerns mirror ongoing worries in the US over Russian involvement with upcoming elections. Director of Central Intelligence Brennan declined over the weekend to say that Russia was hacking the elections, but he did counsel wariness over Russia's cyber capabilities, which he assessed as high. Observers are arriving at a consensus that manipulating US election results globally would be difficult (although local mischief remains a real concern) but that this is unlikely to be Russia's goal. As the Hill notes, the goal is not to change the results, but to call them into question, thereby undermining "confidence in American democracy."

Researcher Dawid Golunski reports multiple problems with MySQL. Zero-days enable remote root code execution and privilege escalation exploits.

Another big credential breach, this time hitting Russian instant messaging service QIP.ru, affects thirty-three million users.

In industry news, GM is recalling four million vehicles to fix a bug in airbag sensing and diagnostic module software, and a VW engineer pleads guilty to manipulating diesel control software to game emissions testing.

The ACLU campaigns for a Snowden pardon.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Austria, China, Cyprus, Czech Republic, Denmark, France, NATO/OTAN, Panama, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, and United States.

A note to our readers: Tomorrow we'll be down in Washington again, covering the Seventh Annual Billington Cybersecurity Summit. Watch for live tweets and a full report after the conference wraps up.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at the Ben Gurion University of the Negev, whose Yisroel Mirsky will discuss air gaps and security. And as always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

New York Cyber Security Summit (New York, NY, USA, September 21, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Meet & Learn from the Former Director of the CIA as well as experts from the FBI, Arbor Networks, IBM and more. <a href="http://cybersummitusa.com/new-york-2016/" target="_blank" style="color: #f8941e;">Register with promo code cyberwire50 for half off your admission (regular price $250).</a>

Tech Expo Job Fair (Arlington, VA, USA, September 28 - 29, 2016) Software Engineering Institute at Carnegie Mellon University Invitational Hiring Event. This is an invitation-only event. Submit your resume for review by September 27. SEI staff will be interviewing at their offices in Arlington, VA to fill local positions immediately.

CyberMaryland 2016 (Baltimore, MD, USA, October 20 - 21, 2016) This year's theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

NICE Conference and Expo 2016 (Kansas City, MO, USA, November 1 - 2, 2016) The NICE 2016 Conference and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for two days of focused discussions.

Selected Reading

Cyber Trends

Tech expert: Cyber war is real and it's here (Northwest Indiana Times) “Cyber security is a moving target, and there is no silver bullet”

Consumers harassed by 30 million spam calls every day (Help Net Security) Consumers are giving up twice as much sensitive data over the previous year, according to First Orion

End-to-end network segmentation essential for security, yet few deploy (Help Net Security) As point-of-sale breaches, ransomware attacks and various other customer data breaches continue to make local and national headlines, IT professionals agree that network segmentation – the ability to create secure, network-wide “swim lanes” for applications or services – is an essential measure to mitigate security risks

Cloud security processes need to mature, says panel (ComputerWeekly) Many organisations still need to adapt their business practices to ensure security in the cloud, according to a panel of IT leaders

How the super-rich are making their homes ‘invisible’ (Financial Times) Privacy is perhaps the greatest luxury anyone can buy, hence the trend for properties hidden from prying eyes and online searches

Legislation, Policy and Regulation

NATO Cyber Conference Outlines Future Challenges (Defense Daily) The NATO Information Assurance and Cyber Defense Symposium (NIAS) 2016 emphasized the importance of increased partnerships to address cybersecurity risks and outlined future challenges on Sept. 7-8 in Mons, Belgium.“In cyber, hubris is our worst enemy"

NIAS 2016: Sharing knowledge benefits all (SC Magazine) Industrial partnerships were at the centre of the second day of NATO'S cyber-security symposium, NIAS, and many declared that alliances between organisations like NATO and the private industry really are the way forward in the fight against cyber-crime

Top Officials Want to Split Cyber Command From NSA (NBC News) The Obama administration's top defense and intelligence officials are proposing a plan to separate the spying and war fighting arms of America's vast hacking apparatus, an idea that was recommended but rejected after the Edward Snowden revelations of 2013

911: Do We Need A Director of National Intelligence? (Breaking Defense) One of the major shifts in American intelligence after the terror attacks of 911 was the creation of the Director of National Intelligence

Feinstein-Burr 2.0: The Crypto Backdoor Bill Lives On (Just Security) When it was first released back in April, a “discussion draft” of the Compliance With Court Orders Act sponsored by Sens. Dianne Feinstein (D-CA) and Richard Burr (R-NC) met with near universal derision from privacy advocates and security experts

U.S. Cyber Command's weapons will be created by contractors, senior official says (FedScoop) “Contracted specialists are supporting U.S. Cyber Command in a number of key roles," the official said

Homeland Security eyes expanding biometric collections at US borders (Christian Science Monitor) The initiative aims to collect a combination of fingerprints, facial images, and iris scans of foreign visitors, leading privacy advocates to worry that travelers would be put at greater risk of digital fraud and unwarranted surveillance

Dateline

Summing up the Intelligence and National Security Summit (The CyberWire) We close our coverage with a quick look back at the annual meeting of intelligence specialists. This year's summit had a strong focus on cybersecurity

Intelligence Community Faces a Future of Increasing Complexity (PRNewswire) Agency heads agree threats are both growing and changing

National Security Experts Examine Intelligence Challenges at Summit (DoD News) As the 15th anniversary of 9/11 approaches, a panel of federal agency and military leaders shared their perspectives of enduring and emerging issues in the cyber and intelligence communities at the third annual Intelligence and National Security Summit here Sept. 8

National Security Experts Examine Intelligence Challenges at Summit (EIN News) As the 15th anniversary of 9/11 approaches, a panel of federal agency and military leaders shared their perspectives of enduring and emerging issues in the cyber and intelligence communities at the third annual Intelligence and National Security Summit here Sept. 8

Why the Justice Department Is Taking a Closer Look at Connected Devices (Fortune) The Internet-of-things is getting a safety check

Products, Services, and Solutions

Tanium Adds Compliance Module to Endpoint Security Platform (eWeek) The endpoint security vendor takes the next logical step with its modular piece of technology and adds a compliance module

Deloitte backs Bitcoin education with BTM (IBS Intelligence) Big Four accounting firm Deloitte has installed a Bitcoin ATM (aka BTM) in the downtown Toronto offices of its Rubix blockchain division. This was manufactured by Ottawa-based Bitaccess and enables users to buy and sell Bitcoins using Canada dollars

Is Dashlane the #1 Android productivity app this year? (Updato) Smartphones can be a great way to socialize and kill time, but they can also help boost your productivity. With the essential Dashlane, your life could become a lot easier

Technologies, Techniques, and Standards

NIST Seeks Input on Cybersecurity in a Digital Economy (MeriTalk) Comments close Friday at 5 p.m. on the NIST Commission on Enhancing National Cybersecurity’s request for information (RFI) on how best to address the “current and future states of cybersecurity in a digital economy"

PCI Council wants more robust security controls for payment devices (Help Net Security) The PCI Council has updated its payment device standard to enable stronger protections for cardholder data, which includes the PIN and the cardholder data (on magnetic stripe or the chip of an EMV card) stored on the card or on a mobile device

How to help prevent DDos Attacks (Kodification) It used to be technically difficult to launch a DDoS attack, but now it’s possible to rent a botnet of tens or even hundreds of thousands of infected or “zombie” machines relatively cheaply and use these zombies to launch an attack

Paranoid or Cautious? Protect Your Data Like Everyone’s Watching (Cause They Might Be) (Heimdal Security) Most of my friends think I’m paranoid because of my security measures

A day in the life of a Bug Bounty hunter – demo of productive hacking session against Yelp (Geekslop) Big companies finally wised up and began working with hackers rather than against them

Take it from a parent, ask your kids before you post to Facebook (Christian Science Monitor Passcode) Talking to kids about digital security and privacy is critical. But parents need to set examples, too, and that may mean considering their own kids' privacy before posting every moment of their lives online

Marketplace

Is there a shift in the IT security market? (MIS Asia) According to analyst firm IDC, the expected growth of the specialised threat analysis market will mark a new era in the IT security sector

7 Cyber Security Stocks Cashing In On The Hacking Epidemic (Seeking Alpha) The threat of being hacked will have companies and governments has sent cyber security spending soaring in the last five years. This tidal wave of spending is creating a great investment opportunity: it has never been a better time to be a cyber security company. Investors can profit from buying shares in a cyber security ETF or individual industry leaders with strong financial positions and high growth prospects

Top 10 Cyber Security Companies to Invest In (Nanalyze) It seem like every time you read the news there has been another cyber security breach resulting in people’s names and passwords being strewn all over the internet for everyone to see

Incoming McAfee CEO Chris Young on his company’s post-Intel future (TechCrunch) With Intel set to spin off its security unit into a reincarnation of McAfee, attention is quickly turning to Chris Young, the guy tasked with steering the security ship through tumultuous waters and back toward relative independence

Intel Sheds McAfee Majority Stake Amid Failed 'Synergies' (Dark Reading) Chipmaker's $7.7 billion investment in security firm did not deliver as expected, analysts say

Post-acquisition, RSA president teases synergy opportunities with Dell SecureWorks (SC Magazine) One day after Dell Technologies finalized its acquisition of EMC Corporation and its RSA cybersecurity division, RSA President Amit Yoran maintained his business-as-usual stance in a Thursday conference call with press and analysts. But he also acknowledged that the merger could have certain synergistic implications, including go-to-market opportunities in cooperation with Dell's SecureWorks subsidiary

Czech govt rejects Huawei technology on security grounds (Telecompaper) The government of the Czech Republic has rejected technology from Huawei after a security warning from the secret service about China, reported Czech weekly Respekt. Using electronics from the Chinese manufacturer would be too risky, according to Czech intelligence

Hewlett Packard Enterprise: You Must Remember This (Seeking Alpha) HPE announced what it calls a spin-merger to dispose of most of its software properties in a deal with Micro Focus

Is HP Enterprise's New Spinoff Yet Another Value Opportunity For Shareholders? (Benzinga) This week, Hewlett Packard Enterprise Co. announced it will once again be spinning off parts of its business. This time, the company is shedding its application delivery management, big data and enterprise security units

FireEye: Now That Ashar Aziz Is Gone, What Should We Expect? (Seeking Alpha) Founder Ashar Aziz resigns from the board of directors. This increases the prospects of a sale of FireEye. A restructuring might not be enough to unlock value for shareholders. A spin-off or merger with another security company might be in the works and would be in the best interest of investors

Why FireEye Stock Dropped 17% in August (Motley Fool) Growth is slowing down for the cybersecurity company. Investors didn't take the news well

Hacks from Bangladesh to the DNC feed Boston’s cybersecurity bonfire (Boston Globe) Leo Taddeo studied physics at a good engineering school, but he is not your typical nerd

DDoS-busting startup Zenedge raises $6.2 million (Data Center Dynamics) The money will fund global expansion

U.S.-Gulf cyber working group formed at Dubai forum (Federal Times) A U.S.-Gulf Cooperation Council (GCC) Cyber Working Group launched Sept. 7 as part of a U.S. Chamber of Commerce Cybersecurity Forum held in Dubai, United Arab Emirates

East Hartford Firm Offers Hands-On Approach To Cybersecurity Clients (Hatford Courant) In an industry where service levels differentiate information technology products, 35-year-old Kelser Corp. is launching a suite of new offerings anchored on its prime competitive edge — strong relationships with local companies

Ethical hacker wishes to make Pakistani cyberspace secure (Dunya News) Abdul Rafay Baloch, an ethical hacker who exposed bugs in Google Chrome and Firefox Internet browsers, desires to establish a cyber security unit in Pakistan setting aside job offers from international organisations

Report: Five local contractors employ 80 percent of private intelligence workforce (Washington Business Journal) A recent investigation by The Nation’s Tim Shorrock revealed that just five companies employ about 80 percent of the intelligence community’s private contractors — all of which are based in Greater Washington

Iron Bow Technologies opening customer service center in Tampa and hiring 170 people (Tampa Bay Times) Iron Bow Technologies, a Virginia company that provides tech and customer service support, is opening a new customer service center that will bring 170 new jobs to Tampa

Cylance & Inspire Sports to Sponsor “Project Speed” (BusinessWire) Cylance Inc., the company that is revolutionizing cybersecurity with products and services that use artificial intelligence to proactively prevent, rather than just reactively detect advanced persistent threats and malware, and Inspire Sports, LLC. today announced that they have established a sponsorship with Project Speed to be known as Project Speed Powered by Cylance

Security Patches, Mitigations, and Software Updates

GM Recalls Millions of Cars After Critical Bug Found (Infosecurity Magazine) General Motors has been forced to recall over four million cars following a software defect linked to at least one death

Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware (Citrix Support Knowledge Center) A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances

Getting Ready for macOS Sierra: Upgrade Securely (SANS Internet Storm Center) Apple is expected to release the next version of its operating system on or around September 20th, 2016

Verizon rolling out security patch to Nexus 6 on September 12 (Phone Arena) It looks like Verizon plans to roll out a new software update for Nexus 6 tomorrow

Cyber Attacks, Threats, and Vulnerabilities

New Tricks Make ISIS, Once Easily Tracked, a Sophisticated Opponent (Wall Street Journal) A mix of encrypted chat apps, face-to-face meetings, written notes and misdirection leaves few electronic clues for Western intelligence agencies

Politically motivated cyber-attacks the new threat for Australia (Australian) Australia faces a new threat of politically motivated cyber attacks by foreign powers aimed at undermining the government and embarrassing senior politicians and decision-makers

New report unearths the expertise in Russian hackers' code (FedScoop) The hackers — known as Cozy Bear — were able to field malware that took advantage of a bug in a popular security program within two days

CIA Director John Brennan warns of Russian hacking (McClatchy DC) CIA Director John Brennan warned on Sunday that Russia has "exceptionally capable and sophisticated" computer capabilities and that the U.S. must be on guard

It matters who counts the votes (Washington Times) Fears of Russian cyberattacks are real and legitimate

Hacking the election is nearly impossible. But that's not Russia's goal. (The Hill) Elections authorities and cyber security experts say a concerted effort to alter the outcome of November’s elections through a cyber attack is nearly impossible, even after hackers gained access to voter registration databases in at least two states

The source of the NSA breach? Look no further than your own network (Federal News Radio) The public release of what appears to be top-secret computer code used by the National Security Agency (NSA) to break into the networks of foreign governments has caused deep concern in the cyber-security industry. The finger of blame for the breach was first pointed at China, and now Russia, but a legendary cyber analyst told Federal News Radio the source is more likely something that lies undiscovered inside most computer networks

When the Little Green Men Invade Arizona (Popular Mechanics) Could Russian-style "hybrid warfare" happen on American soil?

The government is unprepared for a cyber attack (CNBC) On September 11, 2001, our country suffered the most devastating day in the living memory of most Americans. Nearly 3,000 innocent people died in a few surreal, nightmarish hours

Data Manipulation: An Imminent Threat (Dark Reading) Critical industries are largely unprepared for a potential wave of destructive attacks

MySQL 0-day could lead to total system compromise (Help Net Security) Researcher Dawid Golunski has discovered multiple severe vulnerabilities affecting the popular open source database MySQL and its forks (e.g. MariaDB, Percona)

VBA Macro Malware Jumping on the Ransomware Bandwagon (IBM Security Intelligence) Macro malware made a comeback late last year. Then, in February of this year, researchers discovered a Neutrino bot dropper that uses Visual Basic for Applications (VBA) macros to deliver its malicious payload

Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files (TrendLabs Security and Intelligence Blog) Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets

The New Scourge of Ransomware 6: CryptoLocker Takedown (Privacy PC) Finally, John Bambenek and Lance James touch upon Operation Tovar that ended CryptoLocker campaign, and dwell on the lessons learned from this whole incident

US Emergency Phone System ‘911’ Can Be Hacked Through TDoS Attack (HackRead) 911, the emergency telephone number for the North American Numbering Plan (NANP) can be hacked through a simple telephone denial of service or TDOS attack — did you see that coming?

Cyber attacks raise questions about blockchain security (Financial Times) A series of cyber attacks against digital currencies has left the financial services industry wondering whether new blockchain technology can be made secure enough from criminals

BDSwiss Trading Hacked; Sensitive Data, Passports, Credit Cards Leaked (HackRead) On September 5th, 2016 hackers calling themselves The Control (l) Group hacked into the official website of BDSwiss, a Cyprus-based Trading company with offices throughout Europe and stole a trove of highly sensitive data. A sample set was leaked publicly on a file sharing site

Studio Movie-Screening Site’s Security Flaw Exposed User Info, Researcher Says (Variety) Awards-Screeners.com, a website used by major Hollywood studios to provide streaming access to movies for voters of the Oscars and other awards, was operating a user database that was publicly exposed on the internet until recently, according to a security researcher, who published his findings Friday

Russian IM Biz QIP Spills 33 Million User Accounts (Infosecurity Magazine) Russian instant messaging site QIP.ru has been breached and the details of over 33 million users released, with passwords apparently stored in plaintext

Channeling Security: NSFocus' Gates Calls For More Multifactor Action (Channel Partners) Stephen Gates, chief research intelligence analyst for NSFocus, says that while drive-by ransomware attacks are a real and growing problem, extortion happens in other ways, and partners need to keep their eyes on the full panoply of extortion methods — including attackers threatening companies with DDoS attacks unless they pay up and demanding payment for not dumping data online

Sidestepping your lockscreen with an innocent-looking USB stick (Naked Security) Here’s something that’s supposed to happen, and it’s jolly convenient, too

Shocking! USB Killer Uses Electrical Charge to Fry Vulnerable Devices (Bleeping Computer) A commercial device known as USB Killer 2.0 allegedly has the ability to fry a number of electrical devices by sending an electrical charge to a public-facing USB port

Why backdoors are welcome mats for hackers (Geektime) This past March, a shocking public hazard was released into the world, one that threatened the security of millions of people. The worst part? It could have been easily avoided

Security Fears as NHS Approves Health Apps (Infosecurity Magazine) Security experts have raised concerns after the NHS revealed it is set to move into the apps and wearables space, allowing approved software to tap medical data

ICIT report outlines ways breaches can ruin patients' lives (Fierce Health Care) Healthcare executives’ “lackadaisical approach” to cybersecurity endangers the lives and futures of breach victims, who have little help or recourse for dealing with identity theft, according to a new report from the Institute for Critical Infrastructure Technology

Malware writer renames Ransomware after a security researcher (WIndows Club) In an attempt to ruin the reputation of Fabian Wosar – the man who bears the reputation as a Ransomware decrypter, Apocalypse malware writers have renamed their ransomware after this Emsisoft security researcher as Fabiansomware

Academia

Cyber Security Challenge UK to Admit Fast Track Entrants (Infosecurity Magazine) Organizers are promising the most “immersive” Cyber Security Challenge UK Masterclass final ever after announcing this year’s competition would feature two “golden ticket” winners fast-tracked straight to the last round

Litigation, Investigation, and Enforcement

Cyberdisaster: How the Government Compromised Our Security (National Review) A new report details how serious the OPM hack really was. Last year, John McCain told National Review that “the most disturbing briefing that I have ever received” had to do with cyberwar, adding: “We better start doing a helluva lot better job” addressing cybersecurity threats

Federal Judge: Hacking Someone's Computer Is Definitely a 'Search' (Motherboard) Courts across the country can't seem to agree on whether the FBI's recent hacking activities ran afoul of the law—and the confusion has led to some fairly alarming theories about law enforcement's ability to remotely compromise computers

The ACLU Is About to Launch a Campaign Asking Obama to Pardon Edward Snowden (Motherboard) On Wednesday, the American Civil Liberties Union, Human Rights Watch, Amnesty International, and other prominent human rights organizations will launch a formal campaign asking President Obama to pardon Edward Snowden for revealing the National Security Agency's mass surveillance programs

On 9-11 anniversary, Homeland's Johnson says advanced plots unknown to public foiled 'all the time' (Fox News) As the United States on Sunday prepares to mark the 15th anniversary of the 9-11 terror attacks, Homeland Security Secretary Jeh Johnson says terror plots, unbeknownst to the public, have been disrupted “all of the time” since he started running the agency

FBI Arrests Kentucky Woman for Allegedly Promoting ISIS-Inspired Attacks (ABC 7 News) Just days before the fifteenth anniversary of the Sept. 11, 2001 attacks, federal authorities have arrested a Kentucky woman who allegedly advocated online for terrorist attacks in the U.S. and promoted ISIS propaganda through her social media accounts, according to sources familiar with the matter

France's premier warns of new attacks, 15,000 people on police radar (Reuters) French Prime Minister Manuel Valls said on Sunday there would be new attacks in France but proposals by former president Nicolas Sarkozy to boost security was not the right way to deal with threats

Panama Papers: Denmark to pay $1.3M-plus for leaked data to probe tax evasion (Ars Technica) Danish move may help make public interest whistleblowing more acceptable

Virginia Tech email threat came from outside U.S., officials say (Washington Post) Threatening emails that caused concern last month on the Virginia Tech campus originated in South America, authorities said

U.S. Decides Not to Investigate Cisco on Bribery Charges (CSCO) (Investopedia) Cisco Systems Inc. (CSCO) announced on Thursday, in its annual earnings report, that U.S. authorities have declined to investigate charges against the tech giant regarding its operations in Russia. Authorities had accused the San Jose, Calif.-based networking leader of violating anti-bribery laws in Russia and surrounding countries

Volkswagen engineer pleads guilty in emissions scandal [Updated] (Ars Technica) James Liang met with the EPA but did not mention any defeat devices

Scammers sent to the slammer for romance and secret shopping fraud (Naked Security) Seven online fraudsters who duped victims out of their money through fake checks, online dating and mystery shopper scams have been sentenced

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

upcoming Events

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

ISIS grows more elusive. Australian, US analysts fear foreign attempts to undermine political systems. MySQL zero-days. Industry notes. ACLU wants a pardon for Snowden.